@lightdash/common 0.2104.6 → 0.2104.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -0
- package/dist/cjs/authorization/index.d.ts +1 -4
- package/dist/cjs/authorization/index.d.ts.map +1 -1
- package/dist/cjs/authorization/index.js +0 -4
- package/dist/cjs/authorization/index.js.map +1 -1
- package/dist/cjs/ee/AiAgent/chartConfig/web/getWebAiChartConfig.d.ts +8 -8
- package/dist/cjs/ee/AiAgent/index.d.ts +2 -2
- package/dist/cjs/ee/AiAgent/schemas/parser.d.ts +24 -24
- package/dist/cjs/ee/AiAgent/schemas/tools/toolDashboardV2Args.d.ts +96 -96
- package/dist/cjs/ee/AiAgent/schemas/tools/toolRunQueryArgs.d.ts +48 -48
- package/dist/cjs/ee/AiAgent/utils.d.ts +8 -8
- package/dist/cjs/index.d.ts +23 -449
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +21 -55
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/pivot/index.d.ts +1 -0
- package/dist/cjs/pivot/index.d.ts.map +1 -1
- package/dist/cjs/pivot/index.js +1 -0
- package/dist/cjs/pivot/index.js.map +1 -1
- package/dist/cjs/pivot/pivotConfig.d.ts +7 -0
- package/dist/cjs/pivot/pivotConfig.d.ts.map +1 -0
- package/dist/cjs/pivot/pivotConfig.js +32 -0
- package/dist/cjs/pivot/pivotConfig.js.map +1 -0
- package/dist/cjs/types/api.d.ts +447 -0
- package/dist/cjs/types/api.d.ts.map +1 -1
- package/dist/cjs/types/api.js +50 -1
- package/dist/cjs/types/api.js.map +1 -1
- package/dist/cjs/types/auth.d.ts +2 -1
- package/dist/cjs/types/auth.d.ts.map +1 -1
- package/dist/cjs/types/auth.js +4 -4
- package/dist/cjs/types/auth.js.map +1 -1
- package/dist/cjs/types/changeset.d.ts +10 -10
- package/dist/cjs/types/pivot.d.ts +0 -2
- package/dist/cjs/types/pivot.d.ts.map +1 -1
- package/dist/cjs/types/pivot.js +0 -29
- package/dist/cjs/types/pivot.js.map +1 -1
- package/dist/cjs/types/resourceViewItem.d.ts +1 -1
- package/dist/esm/.tsbuildinfo +1 -0
- package/dist/esm/authorization/index.d.ts +1 -4
- package/dist/esm/authorization/index.d.ts.map +1 -1
- package/dist/esm/authorization/index.js +0 -4
- package/dist/esm/authorization/index.js.map +1 -1
- package/dist/esm/ee/AiAgent/chartConfig/web/getWebAiChartConfig.d.ts +8 -8
- package/dist/esm/ee/AiAgent/index.d.ts +2 -2
- package/dist/esm/ee/AiAgent/schemas/parser.d.ts +24 -24
- package/dist/esm/ee/AiAgent/schemas/tools/toolDashboardV2Args.d.ts +96 -96
- package/dist/esm/ee/AiAgent/schemas/tools/toolRunQueryArgs.d.ts +48 -48
- package/dist/esm/ee/AiAgent/utils.d.ts +8 -8
- package/dist/esm/index.d.ts +23 -449
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +16 -50
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/pivot/index.d.ts +1 -0
- package/dist/esm/pivot/index.d.ts.map +1 -1
- package/dist/esm/pivot/index.js +1 -0
- package/dist/esm/pivot/index.js.map +1 -1
- package/dist/esm/pivot/pivotConfig.d.ts +7 -0
- package/dist/esm/pivot/pivotConfig.d.ts.map +1 -0
- package/dist/esm/pivot/pivotConfig.js +28 -0
- package/dist/esm/pivot/pivotConfig.js.map +1 -0
- package/dist/esm/types/api.d.ts +447 -0
- package/dist/esm/types/api.d.ts.map +1 -1
- package/dist/esm/types/api.js +46 -0
- package/dist/esm/types/api.js.map +1 -1
- package/dist/esm/types/auth.d.ts +2 -1
- package/dist/esm/types/auth.d.ts.map +1 -1
- package/dist/esm/types/auth.js +2 -2
- package/dist/esm/types/auth.js.map +1 -1
- package/dist/esm/types/changeset.d.ts +10 -10
- package/dist/esm/types/pivot.d.ts +0 -2
- package/dist/esm/types/pivot.d.ts.map +1 -1
- package/dist/esm/types/pivot.js +1 -27
- package/dist/esm/types/pivot.js.map +1 -1
- package/dist/esm/types/resourceViewItem.d.ts +1 -1
- package/dist/types/.tsbuildinfo +1 -0
- package/dist/types/authorization/buildAccountHelpers.js +11 -0
- package/dist/types/authorization/buildAccountHelpers.js.map +1 -0
- package/dist/types/authorization/index.d.ts +1 -4
- package/dist/types/authorization/index.d.ts.map +1 -1
- package/dist/types/authorization/index.js +62 -0
- package/dist/types/authorization/index.js.map +1 -0
- package/dist/types/authorization/index.mock.js +42 -0
- package/dist/types/authorization/index.mock.js.map +1 -0
- package/dist/types/authorization/index.test.js +220 -0
- package/dist/types/authorization/index.test.js.map +1 -0
- package/dist/types/authorization/jwtAbility.js +77 -0
- package/dist/types/authorization/jwtAbility.js.map +1 -0
- package/dist/types/authorization/jwtAbility.test.js +416 -0
- package/dist/types/authorization/jwtAbility.test.js.map +1 -0
- package/dist/types/authorization/organizationMemberAbility.js +318 -0
- package/dist/types/authorization/organizationMemberAbility.js.map +1 -0
- package/dist/types/authorization/organizationMemberAbility.mock.js +34 -0
- package/dist/types/authorization/organizationMemberAbility.mock.js.map +1 -0
- package/dist/types/authorization/organizationMemberAbility.test.js +1265 -0
- package/dist/types/authorization/organizationMemberAbility.test.js.map +1 -0
- package/dist/types/authorization/parseAccount.js +28 -0
- package/dist/types/authorization/parseAccount.js.map +1 -0
- package/dist/types/authorization/parseScopes.js +31 -0
- package/dist/types/authorization/parseScopes.js.map +1 -0
- package/dist/types/authorization/parseScopes.test.js +102 -0
- package/dist/types/authorization/parseScopes.test.js.map +1 -0
- package/dist/types/authorization/projectMemberAbility.js +239 -0
- package/dist/types/authorization/projectMemberAbility.js.map +1 -0
- package/dist/types/authorization/projectMemberAbility.mock.js +27 -0
- package/dist/types/authorization/projectMemberAbility.mock.js.map +1 -0
- package/dist/types/authorization/projectMemberAbility.test.js +1031 -0
- package/dist/types/authorization/projectMemberAbility.test.js.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.js +150 -0
- package/dist/types/authorization/roleToScopeMapping.js.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.test.js +561 -0
- package/dist/types/authorization/roleToScopeMapping.test.js.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.js +319 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.js.map +1 -0
- package/dist/types/authorization/roleToScopeParity.test.js +194 -0
- package/dist/types/authorization/roleToScopeParity.test.js.map +1 -0
- package/dist/types/authorization/scopeAbilityBuilder.js +57 -0
- package/dist/types/authorization/scopeAbilityBuilder.js.map +1 -0
- package/dist/types/authorization/scopeAbilityBuilder.test.js +1348 -0
- package/dist/types/authorization/scopeAbilityBuilder.test.js.map +1 -0
- package/dist/types/authorization/scopes.js +613 -0
- package/dist/types/authorization/scopes.js.map +1 -0
- package/dist/types/authorization/serviceAccountAbility.js +303 -0
- package/dist/types/authorization/serviceAccountAbility.js.map +1 -0
- package/dist/types/authorization/types.js +2 -0
- package/dist/types/authorization/types.js.map +1 -0
- package/dist/types/compiler/exploreCompiler.js +462 -0
- package/dist/types/compiler/exploreCompiler.js.map +1 -0
- package/dist/types/compiler/exploreCompiler.mock.js +2016 -0
- package/dist/types/compiler/exploreCompiler.mock.js.map +1 -0
- package/dist/types/compiler/exploreCompiler.test.js +679 -0
- package/dist/types/compiler/exploreCompiler.test.js.map +1 -0
- package/dist/types/compiler/fieldSetExpander.js +119 -0
- package/dist/types/compiler/fieldSetExpander.js.map +1 -0
- package/dist/types/compiler/fieldSetExpander.test.js +184 -0
- package/dist/types/compiler/fieldSetExpander.test.js.map +1 -0
- package/dist/types/compiler/filtersCompiler.js +337 -0
- package/dist/types/compiler/filtersCompiler.js.map +1 -0
- package/dist/types/compiler/filtersCompiler.mock.js +496 -0
- package/dist/types/compiler/filtersCompiler.mock.js.map +1 -0
- package/dist/types/compiler/filtersCompiler.test.js +570 -0
- package/dist/types/compiler/filtersCompiler.test.js.map +1 -0
- package/dist/types/compiler/lightdashProjectConfig.js +37 -0
- package/dist/types/compiler/lightdashProjectConfig.js.map +1 -0
- package/dist/types/compiler/parameters.js +75 -0
- package/dist/types/compiler/parameters.js.map +1 -0
- package/dist/types/compiler/parameters.test.js +216 -0
- package/dist/types/compiler/parameters.test.js.map +1 -0
- package/dist/types/compiler/translator.js +707 -0
- package/dist/types/compiler/translator.js.map +1 -0
- package/dist/types/compiler/translator.mock.js +1901 -0
- package/dist/types/compiler/translator.mock.js.map +1 -0
- package/dist/types/compiler/translator.test.js +323 -0
- package/dist/types/compiler/translator.test.js.map +1 -0
- package/dist/types/constants/pivot.js +7 -0
- package/dist/types/constants/pivot.js.map +1 -0
- package/dist/types/constants/sessionStorageKeys.js +6 -0
- package/dist/types/constants/sessionStorageKeys.js.map +1 -0
- package/dist/types/constants/sqlRunner.js +3 -0
- package/dist/types/constants/sqlRunner.js.map +1 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.js +285 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.js.map +1 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.mock.js +224 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.mock.js.map +1 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.test.js +129 -0
- package/dist/types/dbt/DbtSchemaEditor/DbtSchemaEditor.test.js.map +1 -0
- package/dist/types/dbt/schemas/lightdashMetadata.json +385 -0
- package/dist/types/dbt/schemas/lightdashV10.json +72 -0
- package/dist/types/dbt/schemas/lightdashV11.json +72 -0
- package/dist/types/dbt/schemas/lightdashV12.json +63 -0
- package/dist/types/dbt/schemas/lightdashV7.json +72 -0
- package/dist/types/dbt/schemas/lightdashV8.json +76 -0
- package/dist/types/dbt/schemas/lightdashV9.json +72 -0
- package/dist/types/dbt/schemas/manifestV10.json +5545 -0
- package/dist/types/dbt/schemas/manifestV11.json +6041 -0
- package/dist/types/dbt/schemas/manifestV12.json +22567 -0
- package/dist/types/dbt/schemas/manifestV7.json +6481 -0
- package/dist/types/dbt/schemas/manifestV8.json +4358 -0
- package/dist/types/dbt/schemas/manifestV9.json +4879 -0
- package/dist/types/dbt/validation.js +67 -0
- package/dist/types/dbt/validation.js.map +1 -0
- package/dist/types/ee/AiAgent/adminTypes.js +2 -0
- package/dist/types/ee/AiAgent/adminTypes.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/shared/formatFieldLabel.js +10 -0
- package/dist/types/ee/AiAgent/chartConfig/shared/formatFieldLabel.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/generateBarVizConfigTool/getVerticalBarChartEchartsConfig.js +60 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/generateBarVizConfigTool/getVerticalBarChartEchartsConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/generateTimeSeriesVizConfigTool/getTimeSeriesChartEchartsConfig.js +60 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/generateTimeSeriesVizConfigTool/getTimeSeriesChartEchartsConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/getSlackAiEchartsConfig.js +33 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/getSlackAiEchartsConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/index.js +2 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/index.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/getRunQueryEchartsConfig.js +43 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/getRunQueryEchartsConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/bar.js +98 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/bar.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/funnel.js +38 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/funnel.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/horizontalBar.js +65 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/horizontalBar.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/line.js +105 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/line.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/pie.js +34 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/pie.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/scatter.js +66 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/runQueryTool/viz/scatter.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/shared/getCommonEChartsConfig.js +104 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/shared/getCommonEChartsConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/types.js +2 -0
- package/dist/types/ee/AiAgent/chartConfig/slack/types.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateBarVizConfigTool/getVerticalBarChartConfig.js +65 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateBarVizConfigTool/getVerticalBarChartConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateTableVizConfigTool/getTableChartConfig.js +5 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateTableVizConfigTool/getTableChartConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateTimeSeriesVizConfigTool/getTimeSeriesChartConfig.js +63 -0
- package/dist/types/ee/AiAgent/chartConfig/web/generateTimeSeriesVizConfigTool/getTimeSeriesChartConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/getWebAiChartConfig.d.ts +8 -8
- package/dist/types/ee/AiAgent/chartConfig/web/getWebAiChartConfig.js +51 -0
- package/dist/types/ee/AiAgent/chartConfig/web/getWebAiChartConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/index.js +6 -0
- package/dist/types/ee/AiAgent/chartConfig/web/index.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/getRunQueryChartConfig.js +73 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/getRunQueryChartConfig.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/bar.js +91 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/bar.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/funnel.js +17 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/funnel.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/horizontalBar.js +52 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/horizontalBar.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/line.js +96 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/line.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/pie.js +15 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/pie.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/scatter.js +66 -0
- package/dist/types/ee/AiAgent/chartConfig/web/runQueryTool/viz/scatter.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/canRenderAsChart.js +24 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/canRenderAsChart.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/formatPivotValueLabel.js +15 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/formatPivotValueLabel.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/getAvailableChartTypes.js +11 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/getAvailableChartTypes.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/getGroupByDimensions.js +15 -0
- package/dist/types/ee/AiAgent/chartConfig/web/shared/getGroupByDimensions.js.map +1 -0
- package/dist/types/ee/AiAgent/chartConfig/web/types.js +2 -0
- package/dist/types/ee/AiAgent/chartConfig/web/types.js.map +1 -0
- package/dist/types/ee/AiAgent/constants.js +2 -0
- package/dist/types/ee/AiAgent/constants.js.map +1 -0
- package/dist/types/ee/AiAgent/filterExploreByTags.js +94 -0
- package/dist/types/ee/AiAgent/filterExploreByTags.js.map +1 -0
- package/dist/types/ee/AiAgent/filterExploreByTags.test.js +634 -0
- package/dist/types/ee/AiAgent/filterExploreByTags.test.js.map +1 -0
- package/dist/types/ee/AiAgent/followUpTools.js +33 -0
- package/dist/types/ee/AiAgent/followUpTools.js.map +1 -0
- package/dist/types/ee/AiAgent/index.d.ts +2 -2
- package/dist/types/ee/AiAgent/index.js +43 -0
- package/dist/types/ee/AiAgent/index.js.map +1 -0
- package/dist/types/ee/AiAgent/requestTypes.js +2 -0
- package/dist/types/ee/AiAgent/requestTypes.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/customMetrics.js +50 -0
- package/dist/types/ee/AiAgent/schemas/customMetrics.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/fieldId.js +11 -0
- package/dist/types/ee/AiAgent/schemas/fieldId.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/filters/booleanFilters.js +29 -0
- package/dist/types/ee/AiAgent/schemas/filters/booleanFilters.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/filters/dateFilters.js +84 -0
- package/dist/types/ee/AiAgent/schemas/filters/dateFilters.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/filters/index.js +98 -0
- package/dist/types/ee/AiAgent/schemas/filters/index.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/filters/numberFilters.js +53 -0
- package/dist/types/ee/AiAgent/schemas/filters/numberFilters.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/filters/stringFilters.js +33 -0
- package/dist/types/ee/AiAgent/schemas/filters/stringFilters.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/index.js +9 -0
- package/dist/types/ee/AiAgent/schemas/index.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/outputMetadata.js +5 -0
- package/dist/types/ee/AiAgent/schemas/outputMetadata.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/parser.d.ts +24 -24
- package/dist/types/ee/AiAgent/schemas/parser.js +43 -0
- package/dist/types/ee/AiAgent/schemas/parser.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/sortField.js +14 -0
- package/dist/types/ee/AiAgent/schemas/sortField.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcBaseSchemas.js +28 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcBaseSchemas.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentChangeFromPrevious.js +14 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentChangeFromPrevious.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentOfColumnTotal.js +14 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentOfColumnTotal.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentOfPreviousValue.js +14 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcPercentOfPreviousValue.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcRankInColumn.js +10 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcRankInColumn.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcRunningTotal.js +10 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcRunningTotal.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcWindowFunction.js +105 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcWindowFunction.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcs.js +168 -0
- package/dist/types/ee/AiAgent/schemas/tableCalcs/tableCalcs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/toolSchemaBuilder.js +37 -0
- package/dist/types/ee/AiAgent/schemas/toolSchemaBuilder.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/index.js +16 -0
- package/dist/types/ee/AiAgent/schemas/tools/index.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolDashboardArgs.js +103 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolDashboardArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolDashboardV2Args.d.ts +96 -96
- package/dist/types/ee/AiAgent/schemas/tools/toolDashboardV2Args.js +50 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolDashboardV2Args.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindChartsArgs.js +34 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindChartsArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindContentArgs.js +33 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindContentArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindDashboardsArgs.js +36 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindDashboardsArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindExploresArgs.js +45 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindExploresArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindFieldsArgs.js +34 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolFindFieldsArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolImproveContextArgs.js +60 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolImproveContextArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolProposeChangeArgs.js +157 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolProposeChangeArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolRunMetricQueryArgs.js +41 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolRunMetricQueryArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolRunQueryArgs.d.ts +48 -48
- package/dist/types/ee/AiAgent/schemas/tools/toolRunQueryArgs.js +151 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolRunQueryArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +46 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolTableVizArgs.js +53 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolTableVizArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolTimeSeriesArgs.js +58 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolTimeSeriesArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolVerticalBarArgs.js +53 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolVerticalBarArgs.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/visualizationMetadata.js +9 -0
- package/dist/types/ee/AiAgent/schemas/visualizationMetadata.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/index.js +58 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/index.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/tableViz.js +38 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/tableViz.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/timeSeriesViz.js +63 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/timeSeriesViz.js.map +1 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/verticalBarViz.js +68 -0
- package/dist/types/ee/AiAgent/schemas/visualizations/verticalBarViz.js.map +1 -0
- package/dist/types/ee/AiAgent/types.js +12 -0
- package/dist/types/ee/AiAgent/types.js.map +1 -0
- package/dist/types/ee/AiAgent/utils.d.ts +8 -8
- package/dist/types/ee/AiAgent/utils.js +82 -0
- package/dist/types/ee/AiAgent/utils.js.map +1 -0
- package/dist/types/ee/AiAgent/validators.js +10 -0
- package/dist/types/ee/AiAgent/validators.js.map +1 -0
- package/dist/types/ee/commercialFeatureFlags.js +10 -0
- package/dist/types/ee/commercialFeatureFlags.js.map +1 -0
- package/dist/types/ee/embed/index.js +90 -0
- package/dist/types/ee/embed/index.js.map +1 -0
- package/dist/types/ee/index.js +19 -0
- package/dist/types/ee/index.js.map +1 -0
- package/dist/types/ee/scim/errors.js +22 -0
- package/dist/types/ee/scim/errors.js.map +1 -0
- package/dist/types/ee/scim/types.js +2 -0
- package/dist/types/ee/scim/types.js.map +1 -0
- package/dist/types/ee/serviceAccounts/types.js +8 -0
- package/dist/types/ee/serviceAccounts/types.js.map +1 -0
- package/dist/types/index.d.ts +23 -449
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +652 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/index.mock.js +44 -0
- package/dist/types/index.mock.js.map +1 -0
- package/dist/types/index.test.js +123 -0
- package/dist/types/index.test.js.map +1 -0
- package/dist/types/pivot/derivePivotConfigFromChart.js +206 -0
- package/dist/types/pivot/derivePivotConfigFromChart.js.map +1 -0
- package/dist/types/pivot/derivePivotConfigFromChart.mock.js +112 -0
- package/dist/types/pivot/derivePivotConfigFromChart.mock.js.map +1 -0
- package/dist/types/pivot/derivePivotConfigFromChart.test.js +418 -0
- package/dist/types/pivot/derivePivotConfigFromChart.test.js.map +1 -0
- package/dist/types/pivot/index.d.ts +1 -0
- package/dist/types/pivot/index.d.ts.map +1 -1
- package/dist/types/pivot/index.js +5 -0
- package/dist/types/pivot/index.js.map +1 -0
- package/dist/types/pivot/pivotConfig.d.ts +7 -0
- package/dist/types/pivot/pivotConfig.d.ts.map +1 -0
- package/dist/types/pivot/pivotConfig.js +28 -0
- package/dist/types/pivot/pivotConfig.js.map +1 -0
- package/dist/types/pivot/pivotQueryResults.js +1034 -0
- package/dist/types/pivot/pivotQueryResults.js.map +1 -0
- package/dist/types/pivot/pivotQueryResults.mock.js +2412 -0
- package/dist/types/pivot/pivotQueryResults.mock.js.map +1 -0
- package/dist/types/pivot/pivotQueryResults.test.js +1222 -0
- package/dist/types/pivot/pivotQueryResults.test.js.map +1 -0
- package/dist/types/pivot/utils.js +14 -0
- package/dist/types/pivot/utils.js.map +1 -0
- package/dist/types/schemas/json/chart-as-code-1.0.json +436 -0
- package/dist/types/schemas/json/dashboard-as-code-1.0.json +349 -0
- package/dist/types/schemas/json/lightdash-dbt-2.0.json +1417 -0
- package/dist/types/schemas/json/lightdash-project-config-1.0.json +138 -0
- package/dist/types/templating/template.js +30 -0
- package/dist/types/templating/template.js.map +1 -0
- package/dist/types/templating/template.mock.js +45 -0
- package/dist/types/templating/template.mock.js.map +1 -0
- package/dist/types/templating/template.test.js +21 -0
- package/dist/types/templating/template.test.js.map +1 -0
- package/dist/types/types/SshKeyPair.js +2 -0
- package/dist/types/types/SshKeyPair.js.map +1 -0
- package/dist/types/types/account.js +2 -0
- package/dist/types/types/account.js.map +1 -0
- package/dist/types/types/analytics.js +29 -0
- package/dist/types/types/analytics.js.map +1 -0
- package/dist/types/types/any.js +2 -0
- package/dist/types/types/any.js.map +1 -0
- package/dist/types/types/api/comments.js +2 -0
- package/dist/types/types/api/comments.js.map +1 -0
- package/dist/types/types/api/email.js +2 -0
- package/dist/types/types/api/email.js.map +1 -0
- package/dist/types/types/api/errors.js +2 -0
- package/dist/types/types/api/errors.js.map +1 -0
- package/dist/types/types/api/notifications.js +5 -0
- package/dist/types/types/api/notifications.js.map +1 -0
- package/dist/types/types/api/paginatedQuery.js +3 -0
- package/dist/types/types/api/paginatedQuery.js.map +1 -0
- package/dist/types/types/api/parameters.js +2 -0
- package/dist/types/types/api/parameters.js.map +1 -0
- package/dist/types/types/api/share.js +2 -0
- package/dist/types/types/api/share.js.map +1 -0
- package/dist/types/types/api/sort.js +2 -0
- package/dist/types/types/api/sort.js.map +1 -0
- package/dist/types/types/api/spotlight.js +2 -0
- package/dist/types/types/api/spotlight.js.map +1 -0
- package/dist/types/types/api/success.js +2 -0
- package/dist/types/types/api/success.js.map +1 -0
- package/dist/types/types/api/uuid.js +2 -0
- package/dist/types/types/api/uuid.js.map +1 -0
- package/dist/types/types/api.d.ts +447 -0
- package/dist/types/types/api.d.ts.map +1 -1
- package/dist/types/types/api.js +57 -0
- package/dist/types/types/api.js.map +1 -0
- package/dist/types/types/applyDimensionOverrides.test.js +338 -0
- package/dist/types/types/applyDimensionOverrides.test.js.map +1 -0
- package/dist/types/types/auth.d.ts +2 -1
- package/dist/types/types/auth.d.ts.map +1 -1
- package/dist/types/types/auth.js +42 -0
- package/dist/types/types/auth.js.map +1 -0
- package/dist/types/types/bigQuerySSO.js +2 -0
- package/dist/types/types/bigQuerySSO.js.map +1 -0
- package/dist/types/types/catalog.js +50 -0
- package/dist/types/types/catalog.js.map +1 -0
- package/dist/types/types/changeset.d.ts +10 -10
- package/dist/types/types/changeset.js +72 -0
- package/dist/types/types/changeset.js.map +1 -0
- package/dist/types/types/coder.js +2 -0
- package/dist/types/types/coder.js.map +1 -0
- package/dist/types/types/comments.js +2 -0
- package/dist/types/types/comments.js.map +1 -0
- package/dist/types/types/conditionalFormatting.js +25 -0
- package/dist/types/types/conditionalFormatting.js.map +1 -0
- package/dist/types/types/content.js +19 -0
- package/dist/types/types/content.js.map +1 -0
- package/dist/types/types/csv.js +2 -0
- package/dist/types/types/csv.js.map +1 -0
- package/dist/types/types/dashboard.js +46 -0
- package/dist/types/types/dashboard.js.map +1 -0
- package/dist/types/types/dbt.js +262 -0
- package/dist/types/types/dbt.js.map +1 -0
- package/dist/types/types/dbtFromSchema.js +2 -0
- package/dist/types/types/dbtFromSchema.js.map +1 -0
- package/dist/types/types/deepPartial.js +7 -0
- package/dist/types/types/deepPartial.js.map +1 -0
- package/dist/types/types/downloadFile.js +9 -0
- package/dist/types/types/downloadFile.js.map +1 -0
- package/dist/types/types/email.js +2 -0
- package/dist/types/types/email.js.map +1 -0
- package/dist/types/types/errors.js +496 -0
- package/dist/types/types/errors.js.map +1 -0
- package/dist/types/types/explore.js +24 -0
- package/dist/types/types/explore.js.map +1 -0
- package/dist/types/types/featureFlags.js +62 -0
- package/dist/types/types/featureFlags.js.map +1 -0
- package/dist/types/types/field.js +473 -0
- package/dist/types/types/field.js.map +1 -0
- package/dist/types/types/field.test.js +90 -0
- package/dist/types/types/field.test.js.map +1 -0
- package/dist/types/types/fieldMatch.js +2 -0
- package/dist/types/types/fieldMatch.js.map +1 -0
- package/dist/types/types/filter.js +287 -0
- package/dist/types/types/filter.js.map +1 -0
- package/dist/types/types/filter.test.js +372 -0
- package/dist/types/types/filter.test.js.map +1 -0
- package/dist/types/types/filterGrammar.js +358 -0
- package/dist/types/types/filterGrammar.js.map +1 -0
- package/dist/types/types/filterGrammar.test.js +549 -0
- package/dist/types/types/filterGrammar.test.js.map +1 -0
- package/dist/types/types/filterGrammarConversion.js +94 -0
- package/dist/types/types/filterGrammarConversion.js.map +1 -0
- package/dist/types/types/filterGrammarConversion.test.js +260 -0
- package/dist/types/types/filterGrammarConversion.test.js.map +1 -0
- package/dist/types/types/gdrive.js +2 -0
- package/dist/types/types/gdrive.js.map +1 -0
- package/dist/types/types/gitIntegration.js +2 -0
- package/dist/types/types/gitIntegration.js.map +1 -0
- package/dist/types/types/groups.js +4 -0
- package/dist/types/types/groups.js.map +1 -0
- package/dist/types/types/job.js +67 -0
- package/dist/types/types/job.js.map +1 -0
- package/dist/types/types/knex-paginate.js +2 -0
- package/dist/types/types/knex-paginate.js.map +1 -0
- package/dist/types/types/lightdashProjectConfig.js +4 -0
- package/dist/types/types/lightdashProjectConfig.js.map +1 -0
- package/dist/types/types/metricQuery.js +20 -0
- package/dist/types/types/metricQuery.js.map +1 -0
- package/dist/types/types/metricsExplorer.js +12 -0
- package/dist/types/types/metricsExplorer.js.map +1 -0
- package/dist/types/types/notifications.js +2 -0
- package/dist/types/types/notifications.js.map +1 -0
- package/dist/types/types/oauth.js +2 -0
- package/dist/types/types/oauth.js.map +1 -0
- package/dist/types/types/openIdIdentity.js +12 -0
- package/dist/types/types/openIdIdentity.js.map +1 -0
- package/dist/types/types/organization.js +20 -0
- package/dist/types/types/organization.js.map +1 -0
- package/dist/types/types/organizationMemberProfile.js +30 -0
- package/dist/types/types/organizationMemberProfile.js.map +1 -0
- package/dist/types/types/organizationWarehouseCredentials.js +2 -0
- package/dist/types/types/organizationWarehouseCredentials.js.map +1 -0
- package/dist/types/types/paginateResults.js +2 -0
- package/dist/types/types/paginateResults.js.map +1 -0
- package/dist/types/types/parameters.js +2 -0
- package/dist/types/types/parameters.js.map +1 -0
- package/dist/types/types/personalAccessToken.js +2 -0
- package/dist/types/types/personalAccessToken.js.map +1 -0
- package/dist/types/types/pinning.js +5 -0
- package/dist/types/types/pinning.js.map +1 -0
- package/dist/types/types/pivot.d.ts +0 -2
- package/dist/types/types/pivot.d.ts.map +1 -1
- package/dist/types/types/pivot.js +2 -0
- package/dist/types/types/pivot.js.map +1 -0
- package/dist/types/types/projectGroupAccess.js +2 -0
- package/dist/types/types/projectGroupAccess.js.map +1 -0
- package/dist/types/types/projectMemberProfile.js +2 -0
- package/dist/types/types/projectMemberProfile.js.map +1 -0
- package/dist/types/types/projectMemberRole.js +30 -0
- package/dist/types/types/projectMemberRole.js.map +1 -0
- package/dist/types/types/projects.js +149 -0
- package/dist/types/types/projects.js.map +1 -0
- package/dist/types/types/promotion.js +8 -0
- package/dist/types/types/promotion.js.map +1 -0
- package/dist/types/types/queryHistory.js +8 -0
- package/dist/types/types/queryHistory.js.map +1 -0
- package/dist/types/types/rename.js +6 -0
- package/dist/types/types/rename.js.map +1 -0
- package/dist/types/types/resourceViewItem.d.ts +1 -1
- package/dist/types/types/resourceViewItem.js +103 -0
- package/dist/types/types/resourceViewItem.js.map +1 -0
- package/dist/types/types/results.js +51 -0
- package/dist/types/types/results.js.map +1 -0
- package/dist/types/types/roles.js +2 -0
- package/dist/types/types/roles.js.map +1 -0
- package/dist/types/types/savedCharts.js +225 -0
- package/dist/types/types/savedCharts.js.map +1 -0
- package/dist/types/types/scheduler.js +87 -0
- package/dist/types/types/scheduler.js.map +1 -0
- package/dist/types/types/schedulerLog.js +2 -0
- package/dist/types/types/schedulerLog.js.map +1 -0
- package/dist/types/types/schedulerTaskList.js +31 -0
- package/dist/types/types/schedulerTaskList.js.map +1 -0
- package/dist/types/types/scopes.js +14 -0
- package/dist/types/types/scopes.js.map +1 -0
- package/dist/types/types/search.js +53 -0
- package/dist/types/types/search.js.map +1 -0
- package/dist/types/types/share.js +2 -0
- package/dist/types/types/share.js.map +1 -0
- package/dist/types/types/slack.js +2 -0
- package/dist/types/types/slack.js.map +1 -0
- package/dist/types/types/slackSettings.js +2 -0
- package/dist/types/types/slackSettings.js.map +1 -0
- package/dist/types/types/space.js +7 -0
- package/dist/types/types/space.js.map +1 -0
- package/dist/types/types/spotlightTableConfig.js +17 -0
- package/dist/types/types/spotlightTableConfig.js.map +1 -0
- package/dist/types/types/sqlRunner.js +41 -0
- package/dist/types/types/sqlRunner.js.map +1 -0
- package/dist/types/types/table.js +6 -0
- package/dist/types/types/table.js.map +1 -0
- package/dist/types/types/tags.js +2 -0
- package/dist/types/types/tags.js.map +1 -0
- package/dist/types/types/timeFrames.js +42 -0
- package/dist/types/types/timeFrames.js.map +1 -0
- package/dist/types/types/timezone.js +33 -0
- package/dist/types/types/timezone.js.map +1 -0
- package/dist/types/types/user.js +23 -0
- package/dist/types/types/user.js.map +1 -0
- package/dist/types/types/userAttributes.js +2 -0
- package/dist/types/types/userAttributes.js.map +1 -0
- package/dist/types/types/userWarehouseCredentials.js +2 -0
- package/dist/types/types/userWarehouseCredentials.js.map +1 -0
- package/dist/types/types/validation.js +29 -0
- package/dist/types/types/validation.js.map +1 -0
- package/dist/types/types/warehouse.js +6 -0
- package/dist/types/types/warehouse.js.map +1 -0
- package/dist/types/types/yamlSchema.js +2 -0
- package/dist/types/types/yamlSchema.js.map +1 -0
- package/dist/types/utils/accessors.js +27 -0
- package/dist/types/utils/accessors.js.map +1 -0
- package/dist/types/utils/accessors.test.js +45 -0
- package/dist/types/utils/accessors.test.js.map +1 -0
- package/dist/types/utils/additionalMetrics.js +54 -0
- package/dist/types/utils/additionalMetrics.js.map +1 -0
- package/dist/types/utils/api.js +5 -0
- package/dist/types/utils/api.js.map +1 -0
- package/dist/types/utils/assertUnreachable.js +10 -0
- package/dist/types/utils/assertUnreachable.js.map +1 -0
- package/dist/types/utils/booleanConverter.js +27 -0
- package/dist/types/utils/booleanConverter.js.map +1 -0
- package/dist/types/utils/booleanConverter.test.js +59 -0
- package/dist/types/utils/booleanConverter.test.js.map +1 -0
- package/dist/types/utils/catalogMetricsTree.js +2 -0
- package/dist/types/utils/catalogMetricsTree.js.map +1 -0
- package/dist/types/utils/changeset.js +132 -0
- package/dist/types/utils/changeset.js.map +1 -0
- package/dist/types/utils/changeset.mock.js +146 -0
- package/dist/types/utils/changeset.mock.js.map +1 -0
- package/dist/types/utils/changeset.test.js +248 -0
- package/dist/types/utils/changeset.test.js.map +1 -0
- package/dist/types/utils/charts.js +74 -0
- package/dist/types/utils/charts.js.map +1 -0
- package/dist/types/utils/colors.js +15 -0
- package/dist/types/utils/colors.js.map +1 -0
- package/dist/types/utils/colors.test.js +85 -0
- package/dist/types/utils/colors.test.js.map +1 -0
- package/dist/types/utils/conditionalFormatting.js +436 -0
- package/dist/types/utils/conditionalFormatting.js.map +1 -0
- package/dist/types/utils/conditionalFormatting.test.js +105 -0
- package/dist/types/utils/conditionalFormatting.test.js.map +1 -0
- package/dist/types/utils/convertCustomDimensionsToYaml.js +115 -0
- package/dist/types/utils/convertCustomDimensionsToYaml.js.map +1 -0
- package/dist/types/utils/convertCustomMetricsToYaml.js +15 -0
- package/dist/types/utils/convertCustomMetricsToYaml.js.map +1 -0
- package/dist/types/utils/customDimensions.js +27 -0
- package/dist/types/utils/customDimensions.js.map +1 -0
- package/dist/types/utils/dashboard.js +35 -0
- package/dist/types/utils/dashboard.js.map +1 -0
- package/dist/types/utils/dashboard.test.js +36 -0
- package/dist/types/utils/dashboard.test.js.map +1 -0
- package/dist/types/utils/dbt.js +4 -0
- package/dist/types/utils/dbt.js.map +1 -0
- package/dist/types/utils/dbt.test.js +39 -0
- package/dist/types/utils/dbt.test.js.map +1 -0
- package/dist/types/utils/dependencyGraph.js +51 -0
- package/dist/types/utils/dependencyGraph.js.map +1 -0
- package/dist/types/utils/dependencyGraph.test.js +113 -0
- package/dist/types/utils/dependencyGraph.test.js.map +1 -0
- package/dist/types/utils/email.js +76 -0
- package/dist/types/utils/email.js.map +1 -0
- package/dist/types/utils/email.test.js +49 -0
- package/dist/types/utils/email.test.js.map +1 -0
- package/dist/types/utils/fields.js +183 -0
- package/dist/types/utils/fields.js.map +1 -0
- package/dist/types/utils/fields.mock.js +150 -0
- package/dist/types/utils/fields.mock.js.map +1 -0
- package/dist/types/utils/fields.test.js +259 -0
- package/dist/types/utils/fields.test.js.map +1 -0
- package/dist/types/utils/filters.js +763 -0
- package/dist/types/utils/filters.js.map +1 -0
- package/dist/types/utils/filters.mock.js +450 -0
- package/dist/types/utils/filters.mock.js.map +1 -0
- package/dist/types/utils/filters.test.js +360 -0
- package/dist/types/utils/filters.test.js.map +1 -0
- package/dist/types/utils/formatting.js +552 -0
- package/dist/types/utils/formatting.js.map +1 -0
- package/dist/types/utils/formatting.mock.js +28 -0
- package/dist/types/utils/formatting.mock.js.map +1 -0
- package/dist/types/utils/formatting.test.js +1047 -0
- package/dist/types/utils/formatting.test.js.map +1 -0
- package/dist/types/utils/github.js +11 -0
- package/dist/types/utils/github.js.map +1 -0
- package/dist/types/utils/i18n/abstract.js +3 -0
- package/dist/types/utils/i18n/abstract.js.map +1 -0
- package/dist/types/utils/i18n/chartAsCode.js +132 -0
- package/dist/types/utils/i18n/chartAsCode.js.map +1 -0
- package/dist/types/utils/i18n/chartAsCode.test.js +350 -0
- package/dist/types/utils/i18n/chartAsCode.test.js.map +1 -0
- package/dist/types/utils/i18n/dashboardAsCode.js +58 -0
- package/dist/types/utils/i18n/dashboardAsCode.js.map +1 -0
- package/dist/types/utils/i18n/index.js +5 -0
- package/dist/types/utils/i18n/index.js.map +1 -0
- package/dist/types/utils/i18n/merge.js +20 -0
- package/dist/types/utils/i18n/merge.js.map +1 -0
- package/dist/types/utils/i18n/types.js +2 -0
- package/dist/types/utils/i18n/types.js.map +1 -0
- package/dist/types/utils/item.js +154 -0
- package/dist/types/utils/item.js.map +1 -0
- package/dist/types/utils/loadLightdashProjectConfig.js +49 -0
- package/dist/types/utils/loadLightdashProjectConfig.js.map +1 -0
- package/dist/types/utils/loadLightdashProjectConfig.mock.js +127 -0
- package/dist/types/utils/loadLightdashProjectConfig.mock.js.map +1 -0
- package/dist/types/utils/loadLightdashProjectConfig.test.js +137 -0
- package/dist/types/utils/loadLightdashProjectConfig.test.js.map +1 -0
- package/dist/types/utils/metricsExplorer.js +365 -0
- package/dist/types/utils/metricsExplorer.js.map +1 -0
- package/dist/types/utils/oauth.js +242 -0
- package/dist/types/utils/oauth.js.map +1 -0
- package/dist/types/utils/organization.js +23 -0
- package/dist/types/utils/organization.js.map +1 -0
- package/dist/types/utils/projectMemberRole.js +85 -0
- package/dist/types/utils/projectMemberRole.js.map +1 -0
- package/dist/types/utils/projectMemberRole.test.js +36 -0
- package/dist/types/utils/projectMemberRole.test.js.map +1 -0
- package/dist/types/utils/promises.js +5 -0
- package/dist/types/utils/promises.js.map +1 -0
- package/dist/types/utils/sanitizeHtml.js +111 -0
- package/dist/types/utils/sanitizeHtml.js.map +1 -0
- package/dist/types/utils/sanitizeHtml.test.js +101 -0
- package/dist/types/utils/sanitizeHtml.test.js.map +1 -0
- package/dist/types/utils/scheduler.js +85 -0
- package/dist/types/utils/scheduler.js.map +1 -0
- package/dist/types/utils/scheduler.test.js +41 -0
- package/dist/types/utils/scheduler.test.js.map +1 -0
- package/dist/types/utils/searchParams.js +8 -0
- package/dist/types/utils/searchParams.js.map +1 -0
- package/dist/types/utils/sleep.js +6 -0
- package/dist/types/utils/sleep.js.map +1 -0
- package/dist/types/utils/slug.test.js +129 -0
- package/dist/types/utils/slug.test.js.map +1 -0
- package/dist/types/utils/slugs.js +55 -0
- package/dist/types/utils/slugs.js.map +1 -0
- package/dist/types/utils/subtotals.js +4 -0
- package/dist/types/utils/subtotals.js.map +1 -0
- package/dist/types/utils/time.js +25 -0
- package/dist/types/utils/time.js.map +1 -0
- package/dist/types/utils/timeFrames.js +529 -0
- package/dist/types/utils/timeFrames.js.map +1 -0
- package/dist/types/utils/timeFrames.test.js +50 -0
- package/dist/types/utils/timeFrames.test.js.map +1 -0
- package/dist/types/utils/virtualView.js +98 -0
- package/dist/types/utils/virtualView.js.map +1 -0
- package/dist/types/utils/warehouse.js +57 -0
- package/dist/types/utils/warehouse.js.map +1 -0
- package/dist/types/visualizations/CartesianChartDataModel.js +515 -0
- package/dist/types/visualizations/CartesianChartDataModel.js.map +1 -0
- package/dist/types/visualizations/PieChartDataModel.js +258 -0
- package/dist/types/visualizations/PieChartDataModel.js.map +1 -0
- package/dist/types/visualizations/TableDataModel.js +96 -0
- package/dist/types/visualizations/TableDataModel.js.map +1 -0
- package/dist/types/visualizations/chartTransformations.js +107 -0
- package/dist/types/visualizations/chartTransformations.js.map +1 -0
- package/dist/types/visualizations/helpers/getCartesianAxisFormatterConfig.js +142 -0
- package/dist/types/visualizations/helpers/getCartesianAxisFormatterConfig.js.map +1 -0
- package/dist/types/visualizations/types/IResultsRunner.js +2 -0
- package/dist/types/visualizations/types/IResultsRunner.js.map +1 -0
- package/dist/types/visualizations/types/index.js +78 -0
- package/dist/types/visualizations/types/index.js.map +1 -0
- package/package.json +1 -1
- package/dist/tsconfig.types.tsbuildinfo +0 -1
|
@@ -0,0 +1,1348 @@
|
|
|
1
|
+
import { Ability, AbilityBuilder, subject } from '@casl/ability';
|
|
2
|
+
import { ProjectType } from '../types/projects';
|
|
3
|
+
import { SpaceMemberRole } from '../types/space';
|
|
4
|
+
import { buildAbilityFromScopes } from './scopeAbilityBuilder';
|
|
5
|
+
describe('scopeAbilityBuilder', () => {
|
|
6
|
+
describe('buildAbilityFromScopes', () => {
|
|
7
|
+
const baseContext = {
|
|
8
|
+
isEnterprise: false,
|
|
9
|
+
organizationRole: 'admin',
|
|
10
|
+
projectUuid: 'project-123',
|
|
11
|
+
userUuid: 'user1',
|
|
12
|
+
scopes: [],
|
|
13
|
+
};
|
|
14
|
+
const baseContextWithOrg = {
|
|
15
|
+
...baseContext,
|
|
16
|
+
projectUuid: undefined,
|
|
17
|
+
organizationUuid: 'org-123',
|
|
18
|
+
};
|
|
19
|
+
it('should build ability with organization view permissions', () => {
|
|
20
|
+
const builder = new AbilityBuilder(Ability);
|
|
21
|
+
buildAbilityFromScopes({
|
|
22
|
+
...baseContextWithOrg,
|
|
23
|
+
scopes: ['view:Organization'],
|
|
24
|
+
}, builder);
|
|
25
|
+
const ability = builder.build();
|
|
26
|
+
expect(ability.can('view', subject('Organization', {
|
|
27
|
+
organizationUuid: 'org-123',
|
|
28
|
+
projectUuid: 'project-123',
|
|
29
|
+
}))).toBe(true);
|
|
30
|
+
expect(ability.can('view', subject('Organization', {
|
|
31
|
+
organizationUuid: 'different-org',
|
|
32
|
+
projectUuid: 'project-123',
|
|
33
|
+
}))).toBe(false);
|
|
34
|
+
});
|
|
35
|
+
it('should build ability with dashboard view permissions', () => {
|
|
36
|
+
const builder = new AbilityBuilder(Ability);
|
|
37
|
+
buildAbilityFromScopes({
|
|
38
|
+
...baseContext,
|
|
39
|
+
scopes: ['view:Dashboard'],
|
|
40
|
+
}, builder);
|
|
41
|
+
const ability = builder.build();
|
|
42
|
+
// Should be able to view public dashboards
|
|
43
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
44
|
+
organizationUuid: 'org-123',
|
|
45
|
+
projectUuid: 'project-123',
|
|
46
|
+
isPrivate: false,
|
|
47
|
+
}))).toBe(true);
|
|
48
|
+
// Should not be able to view private dashboards without user context
|
|
49
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
50
|
+
organizationUuid: 'org-123',
|
|
51
|
+
projectUuid: 'project-123',
|
|
52
|
+
isPrivate: true,
|
|
53
|
+
}))).toBe(false);
|
|
54
|
+
});
|
|
55
|
+
it('should build ability with dashboard permissions for user with space access', () => {
|
|
56
|
+
const contextWithUser = {
|
|
57
|
+
...baseContext,
|
|
58
|
+
userUuid: 'user-456',
|
|
59
|
+
};
|
|
60
|
+
const builder = new AbilityBuilder(Ability);
|
|
61
|
+
buildAbilityFromScopes({
|
|
62
|
+
...contextWithUser,
|
|
63
|
+
scopes: ['view:Dashboard'],
|
|
64
|
+
}, builder);
|
|
65
|
+
const ability = builder.build();
|
|
66
|
+
// Can view dashboards with user access
|
|
67
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
68
|
+
organizationUuid: 'org-123',
|
|
69
|
+
projectUuid: 'project-123',
|
|
70
|
+
access: [{ userUuid: 'user-456' }],
|
|
71
|
+
}))).toBe(true);
|
|
72
|
+
});
|
|
73
|
+
it('should build ability with project-scoped permissions', () => {
|
|
74
|
+
const projectContext = {
|
|
75
|
+
...baseContext,
|
|
76
|
+
projectUuid: 'project-789',
|
|
77
|
+
};
|
|
78
|
+
const builder = new AbilityBuilder(Ability);
|
|
79
|
+
buildAbilityFromScopes({
|
|
80
|
+
...projectContext,
|
|
81
|
+
scopes: ['view:Project'],
|
|
82
|
+
}, builder);
|
|
83
|
+
const ability = builder.build();
|
|
84
|
+
expect(ability.can('view', subject('Project', {
|
|
85
|
+
organizationUuid: 'org-123',
|
|
86
|
+
projectUuid: 'project-789',
|
|
87
|
+
}))).toBe(true);
|
|
88
|
+
});
|
|
89
|
+
it('should build ability with project creation permissions and type restrictions', () => {
|
|
90
|
+
const builder = new AbilityBuilder(Ability);
|
|
91
|
+
buildAbilityFromScopes({
|
|
92
|
+
...baseContextWithOrg,
|
|
93
|
+
scopes: ['create:Project'],
|
|
94
|
+
}, builder);
|
|
95
|
+
const ability = builder.build();
|
|
96
|
+
// Can create preview projects
|
|
97
|
+
expect(ability.can('create', subject('Project', {
|
|
98
|
+
organizationUuid: 'org-123',
|
|
99
|
+
type: ProjectType.PREVIEW,
|
|
100
|
+
}))).toBe(true);
|
|
101
|
+
// Cannot create default projects with basic scope
|
|
102
|
+
expect(ability.can('create', subject('Project', {
|
|
103
|
+
organizationUuid: 'org-123',
|
|
104
|
+
type: ProjectType.DEFAULT,
|
|
105
|
+
}))).toBe(false);
|
|
106
|
+
});
|
|
107
|
+
it('should build ability with editor permissions for dashboards', () => {
|
|
108
|
+
const editorContext = {
|
|
109
|
+
...baseContextWithOrg,
|
|
110
|
+
userUuid: 'user-456',
|
|
111
|
+
};
|
|
112
|
+
const builder = new AbilityBuilder(Ability);
|
|
113
|
+
buildAbilityFromScopes({
|
|
114
|
+
...editorContext,
|
|
115
|
+
scopes: ['manage:Dashboard'],
|
|
116
|
+
}, builder);
|
|
117
|
+
const ability = builder.build();
|
|
118
|
+
// Can manage dashboards where user is editor
|
|
119
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
120
|
+
organizationUuid: 'org-123',
|
|
121
|
+
access: [
|
|
122
|
+
{
|
|
123
|
+
userUuid: 'user-456',
|
|
124
|
+
role: SpaceMemberRole.EDITOR,
|
|
125
|
+
},
|
|
126
|
+
],
|
|
127
|
+
}))).toBe(true);
|
|
128
|
+
});
|
|
129
|
+
it('should build ability with admin permissions for spaces', () => {
|
|
130
|
+
const adminContext = {
|
|
131
|
+
...baseContextWithOrg,
|
|
132
|
+
userUuid: 'user-456',
|
|
133
|
+
};
|
|
134
|
+
const builder = new AbilityBuilder(Ability);
|
|
135
|
+
buildAbilityFromScopes({
|
|
136
|
+
...adminContext,
|
|
137
|
+
scopes: ['manage:Space'],
|
|
138
|
+
}, builder);
|
|
139
|
+
const ability = builder.build();
|
|
140
|
+
// Can manage spaces where user is admin
|
|
141
|
+
expect(ability.can('manage', subject('Space', {
|
|
142
|
+
organizationUuid: 'org-123',
|
|
143
|
+
access: [
|
|
144
|
+
{
|
|
145
|
+
userUuid: 'user-456',
|
|
146
|
+
role: SpaceMemberRole.ADMIN,
|
|
147
|
+
},
|
|
148
|
+
],
|
|
149
|
+
}))).toBe(true);
|
|
150
|
+
});
|
|
151
|
+
it('should build ability with user-specific job status permissions', () => {
|
|
152
|
+
const userContext = {
|
|
153
|
+
...baseContext,
|
|
154
|
+
userUuid: 'user-456',
|
|
155
|
+
};
|
|
156
|
+
const builder = new AbilityBuilder(Ability);
|
|
157
|
+
buildAbilityFromScopes({
|
|
158
|
+
...userContext,
|
|
159
|
+
scopes: ['view:JobStatus@self'],
|
|
160
|
+
}, builder);
|
|
161
|
+
const ability = builder.build();
|
|
162
|
+
// Can view job status created by the user
|
|
163
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
164
|
+
createdByUserUuid: 'user-456',
|
|
165
|
+
}))).toBe(true);
|
|
166
|
+
// Cannot view job status created by another user
|
|
167
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
168
|
+
createdByUserUuid: 'other-user',
|
|
169
|
+
}))).toBe(false);
|
|
170
|
+
});
|
|
171
|
+
it('should build ability with AI agent thread permissions for enterprise users', () => {
|
|
172
|
+
const userContext = {
|
|
173
|
+
...baseContext,
|
|
174
|
+
userUuid: 'user-456',
|
|
175
|
+
isEnterprise: true,
|
|
176
|
+
};
|
|
177
|
+
const builder = new AbilityBuilder(Ability);
|
|
178
|
+
buildAbilityFromScopes({
|
|
179
|
+
...userContext,
|
|
180
|
+
scopes: ['manage:AiAgentThread@self'],
|
|
181
|
+
}, builder);
|
|
182
|
+
const ability = builder.build();
|
|
183
|
+
// Can manage user's own AI agent threads
|
|
184
|
+
expect(ability.can('manage', subject('AiAgentThread', {
|
|
185
|
+
projectUuid: 'project-123',
|
|
186
|
+
userUuid: 'user-456',
|
|
187
|
+
}))).toBe(true);
|
|
188
|
+
// Cannot manage another user's threads
|
|
189
|
+
expect(ability.can('manage', subject('AiAgentThread', {
|
|
190
|
+
projectUuid: 'project-123',
|
|
191
|
+
userUuid: 'other-user',
|
|
192
|
+
}))).toBe(false);
|
|
193
|
+
});
|
|
194
|
+
it('should build ability with basic permissions for scopes without custom logic', () => {
|
|
195
|
+
// These scopes don't have custom applyConditions
|
|
196
|
+
const builder = new AbilityBuilder(Ability);
|
|
197
|
+
buildAbilityFromScopes({
|
|
198
|
+
...baseContext,
|
|
199
|
+
scopes: ['view:Analytics', 'manage:Tags'],
|
|
200
|
+
}, builder);
|
|
201
|
+
const ability = builder.build();
|
|
202
|
+
expect(ability.can('view', subject('Analytics', {
|
|
203
|
+
organizationUuid: 'org-123',
|
|
204
|
+
projectUuid: 'project-123',
|
|
205
|
+
}))).toBe(true);
|
|
206
|
+
expect(ability.can('manage', subject('Tags', {
|
|
207
|
+
organizationUuid: 'org-123',
|
|
208
|
+
projectUuid: 'project-123',
|
|
209
|
+
}))).toBe(true);
|
|
210
|
+
});
|
|
211
|
+
it('should handle unknown scopes gracefully', () => {
|
|
212
|
+
const builder = new AbilityBuilder(Ability);
|
|
213
|
+
buildAbilityFromScopes(baseContext, builder);
|
|
214
|
+
const ability = builder.build();
|
|
215
|
+
// Unknown scope should not add any abilities
|
|
216
|
+
expect(ability.rules.length).toBe(0);
|
|
217
|
+
});
|
|
218
|
+
it('should handle enterprise scopes when not enterprise', () => {
|
|
219
|
+
const nonEnterpriseContext = {
|
|
220
|
+
...baseContext,
|
|
221
|
+
isEnterprise: false,
|
|
222
|
+
};
|
|
223
|
+
const builder = new AbilityBuilder(Ability);
|
|
224
|
+
buildAbilityFromScopes(nonEnterpriseContext, builder);
|
|
225
|
+
const ability = builder.build();
|
|
226
|
+
// Enterprise scope should not add abilities in non-enterprise context
|
|
227
|
+
expect(ability.rules.length).toBe(0);
|
|
228
|
+
});
|
|
229
|
+
it('should build a complete ability from multiple scopes', () => {
|
|
230
|
+
const context = {
|
|
231
|
+
userUuid: 'user-456',
|
|
232
|
+
organizationUuid: 'org-123',
|
|
233
|
+
isEnterprise: false,
|
|
234
|
+
organizationRole: 'admin',
|
|
235
|
+
scopes: ['view:Dashboard', 'manage:SavedChart', 'view:Project'],
|
|
236
|
+
};
|
|
237
|
+
const builder = new AbilityBuilder(Ability);
|
|
238
|
+
buildAbilityFromScopes(context, builder);
|
|
239
|
+
const ability = builder.build();
|
|
240
|
+
// Check that all abilities were applied
|
|
241
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
242
|
+
organizationUuid: 'org-123',
|
|
243
|
+
projectUuid: 'project-789',
|
|
244
|
+
isPrivate: false,
|
|
245
|
+
}))).toBe(true);
|
|
246
|
+
// Should be able to manage saved charts with proper access
|
|
247
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
248
|
+
organizationUuid: 'org-123',
|
|
249
|
+
access: [
|
|
250
|
+
{
|
|
251
|
+
userUuid: 'user-456',
|
|
252
|
+
role: SpaceMemberRole.EDITOR,
|
|
253
|
+
},
|
|
254
|
+
],
|
|
255
|
+
}))).toBe(true);
|
|
256
|
+
expect(ability.can('view', subject('Project', {
|
|
257
|
+
organizationUuid: 'org-123',
|
|
258
|
+
projectUuid: 'project-789',
|
|
259
|
+
}))).toBe(true);
|
|
260
|
+
});
|
|
261
|
+
describe('scope dependency checks', () => {
|
|
262
|
+
it('should apply organization-level permissions when manage:organization scope is present', () => {
|
|
263
|
+
const contextWithOrgManage = {
|
|
264
|
+
...baseContext,
|
|
265
|
+
userUuid: 'user-456',
|
|
266
|
+
scopes: ['manage:Organization', 'manage:SavedChart'],
|
|
267
|
+
};
|
|
268
|
+
const builder = new AbilityBuilder(Ability);
|
|
269
|
+
buildAbilityFromScopes(contextWithOrgManage, builder);
|
|
270
|
+
const ability = builder.build();
|
|
271
|
+
// Should have organization-wide permissions for saved charts
|
|
272
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
273
|
+
organizationUuid: 'org-123',
|
|
274
|
+
projectUuid: 'project-123',
|
|
275
|
+
}))).toBe(true);
|
|
276
|
+
// Should not require user access restrictions
|
|
277
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
278
|
+
organizationUuid: 'org-123',
|
|
279
|
+
projectUuid: 'project-123',
|
|
280
|
+
access: [{ userUuid: 'other-user' }],
|
|
281
|
+
}))).toBe(true);
|
|
282
|
+
});
|
|
283
|
+
it('should apply user-restricted permissions when manage:organization scope is not present', () => {
|
|
284
|
+
const contextWithoutOrgManage = {
|
|
285
|
+
...baseContext,
|
|
286
|
+
userUuid: 'user-456',
|
|
287
|
+
scopes: ['manage:SavedChart@space'],
|
|
288
|
+
};
|
|
289
|
+
const builder = new AbilityBuilder(Ability);
|
|
290
|
+
buildAbilityFromScopes(contextWithoutOrgManage, builder);
|
|
291
|
+
const ability = builder.build();
|
|
292
|
+
// Should require user access restrictions
|
|
293
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
294
|
+
organizationUuid: 'org-123',
|
|
295
|
+
projectUuid: 'project-123',
|
|
296
|
+
access: [
|
|
297
|
+
{
|
|
298
|
+
userUuid: 'user-456',
|
|
299
|
+
role: SpaceMemberRole.EDITOR,
|
|
300
|
+
},
|
|
301
|
+
],
|
|
302
|
+
}))).toBe(true);
|
|
303
|
+
// Should not allow access to other users' charts
|
|
304
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
305
|
+
organizationUuid: 'org-123',
|
|
306
|
+
projectUuid: 'project-123',
|
|
307
|
+
access: [{ userUuid: 'other-user' }],
|
|
308
|
+
}))).toBe(false);
|
|
309
|
+
});
|
|
310
|
+
it('should handle space management with different scope combinations', () => {
|
|
311
|
+
const contextWithProjectManage = {
|
|
312
|
+
...baseContext,
|
|
313
|
+
userUuid: 'user-456',
|
|
314
|
+
scopes: ['manage:Project', 'manage:Space'],
|
|
315
|
+
};
|
|
316
|
+
const builder = new AbilityBuilder(Ability);
|
|
317
|
+
buildAbilityFromScopes(contextWithProjectManage, builder);
|
|
318
|
+
const ability = builder.build();
|
|
319
|
+
// Should allow managing public spaces when user has project management
|
|
320
|
+
expect(ability.can('manage', subject('Space', {
|
|
321
|
+
organizationUuid: 'org-123',
|
|
322
|
+
projectUuid: 'project-123',
|
|
323
|
+
isPrivate: false,
|
|
324
|
+
}))).toBe(true);
|
|
325
|
+
// Should still allow managing spaces where user is admin
|
|
326
|
+
expect(ability.can('manage', subject('Space', {
|
|
327
|
+
organizationUuid: 'org-123',
|
|
328
|
+
projectUuid: 'project-123',
|
|
329
|
+
access: [
|
|
330
|
+
{
|
|
331
|
+
userUuid: 'user-456',
|
|
332
|
+
role: SpaceMemberRole.ADMIN,
|
|
333
|
+
},
|
|
334
|
+
],
|
|
335
|
+
}))).toBe(true);
|
|
336
|
+
});
|
|
337
|
+
it('should handle promotion permissions based on organization scope', () => {
|
|
338
|
+
const contextWithOrgManage = {
|
|
339
|
+
...baseContext,
|
|
340
|
+
userUuid: 'user-456',
|
|
341
|
+
scopes: ['manage:Organization', 'promote:Dashboard'],
|
|
342
|
+
};
|
|
343
|
+
const contextWithoutOrgManage = {
|
|
344
|
+
...baseContext,
|
|
345
|
+
userUuid: 'user-456',
|
|
346
|
+
scopes: ['promote:Dashboard@space'],
|
|
347
|
+
};
|
|
348
|
+
// Test dashboard promotion with organization management
|
|
349
|
+
const builder = new AbilityBuilder(Ability);
|
|
350
|
+
buildAbilityFromScopes(contextWithOrgManage, builder);
|
|
351
|
+
const abilityWithOrg = builder.build();
|
|
352
|
+
expect(abilityWithOrg.can('promote', subject('Dashboard', {
|
|
353
|
+
organizationUuid: 'org-123',
|
|
354
|
+
projectUuid: 'project-123',
|
|
355
|
+
}))).toBe(true);
|
|
356
|
+
// Test dashboard promotion without organization management
|
|
357
|
+
const builderWithoutOrg = new AbilityBuilder(Ability);
|
|
358
|
+
buildAbilityFromScopes(contextWithoutOrgManage, builderWithoutOrg);
|
|
359
|
+
const abilityWithoutOrg = builderWithoutOrg.build();
|
|
360
|
+
expect(abilityWithoutOrg.can('promote', subject('Dashboard', {
|
|
361
|
+
organizationUuid: 'org-123',
|
|
362
|
+
projectUuid: 'project-123',
|
|
363
|
+
access: [
|
|
364
|
+
{
|
|
365
|
+
userUuid: 'user-456',
|
|
366
|
+
role: SpaceMemberRole.EDITOR,
|
|
367
|
+
},
|
|
368
|
+
],
|
|
369
|
+
}))).toBe(true);
|
|
370
|
+
// Should not allow promotion without proper access
|
|
371
|
+
expect(abilityWithoutOrg.can('promote', subject('Dashboard', {
|
|
372
|
+
organizationUuid: 'org-123',
|
|
373
|
+
projectUuid: 'project-123',
|
|
374
|
+
access: [{ userUuid: 'other-user' }],
|
|
375
|
+
}))).toBe(false);
|
|
376
|
+
});
|
|
377
|
+
});
|
|
378
|
+
describe('AI agent thread permissions with modifiers', () => {
|
|
379
|
+
it('should handle view:ai_agent_thread@self permissions', () => {
|
|
380
|
+
const contextWithUser = {
|
|
381
|
+
...baseContext,
|
|
382
|
+
userUuid: 'user-456',
|
|
383
|
+
isEnterprise: true,
|
|
384
|
+
};
|
|
385
|
+
const builder = new AbilityBuilder(Ability);
|
|
386
|
+
buildAbilityFromScopes({
|
|
387
|
+
...contextWithUser,
|
|
388
|
+
scopes: ['view:AiAgentThread@self'],
|
|
389
|
+
}, builder);
|
|
390
|
+
const ability = builder.build();
|
|
391
|
+
// Can view own AI agent threads
|
|
392
|
+
expect(ability.can('view', subject('AiAgentThread', {
|
|
393
|
+
projectUuid: 'project-123',
|
|
394
|
+
userUuid: 'user-456',
|
|
395
|
+
}))).toBe(true);
|
|
396
|
+
// Cannot view other users' threads
|
|
397
|
+
expect(ability.can('view', subject('AiAgentThread', {
|
|
398
|
+
projectUuid: 'project-123',
|
|
399
|
+
userUuid: 'other-user',
|
|
400
|
+
}))).toBe(false);
|
|
401
|
+
});
|
|
402
|
+
it('should handle manage:ai_agent_thread@self permissions', () => {
|
|
403
|
+
const contextWithUser = {
|
|
404
|
+
...baseContext,
|
|
405
|
+
userUuid: 'user-456',
|
|
406
|
+
isEnterprise: true,
|
|
407
|
+
};
|
|
408
|
+
const builder = new AbilityBuilder(Ability);
|
|
409
|
+
buildAbilityFromScopes({
|
|
410
|
+
...contextWithUser,
|
|
411
|
+
userUuid: 'user-456',
|
|
412
|
+
scopes: ['manage:AiAgentThread@self'],
|
|
413
|
+
}, builder);
|
|
414
|
+
const ability = builder.build();
|
|
415
|
+
// Can manage own AI agent threads
|
|
416
|
+
expect(ability.can('manage', subject('AiAgentThread', {
|
|
417
|
+
projectUuid: 'project-123',
|
|
418
|
+
userUuid: 'user-456',
|
|
419
|
+
}))).toBe(true);
|
|
420
|
+
// Cannot manage other users' threads
|
|
421
|
+
expect(ability.can('manage', subject('AiAgentThread', {
|
|
422
|
+
userUuid: 'other-user',
|
|
423
|
+
}))).toBe(false);
|
|
424
|
+
});
|
|
425
|
+
it('should handle view:ai_agent_thread permissions for all threads', () => {
|
|
426
|
+
const builder = new AbilityBuilder(Ability);
|
|
427
|
+
buildAbilityFromScopes({
|
|
428
|
+
...baseContextWithOrg,
|
|
429
|
+
isEnterprise: true,
|
|
430
|
+
scopes: ['view:AiAgentThread'],
|
|
431
|
+
}, builder);
|
|
432
|
+
const ability = builder.build();
|
|
433
|
+
// Can view any AI agent thread
|
|
434
|
+
expect(ability.can('view', subject('AiAgentThread', {
|
|
435
|
+
organizationUuid: 'org-123',
|
|
436
|
+
userUuid: 'any-user',
|
|
437
|
+
}))).toBe(true);
|
|
438
|
+
});
|
|
439
|
+
it('should handle manage:ai_agent_thread permissions for all threads', () => {
|
|
440
|
+
const builder = new AbilityBuilder(Ability);
|
|
441
|
+
buildAbilityFromScopes({
|
|
442
|
+
...baseContextWithOrg,
|
|
443
|
+
isEnterprise: true,
|
|
444
|
+
scopes: ['manage:AiAgentThread'],
|
|
445
|
+
}, builder);
|
|
446
|
+
const ability = builder.build();
|
|
447
|
+
// Can manage any AI agent thread
|
|
448
|
+
expect(ability.can('manage', subject('AiAgentThread', {
|
|
449
|
+
organizationUuid: 'org-123',
|
|
450
|
+
userUuid: 'any-user',
|
|
451
|
+
}))).toBe(true);
|
|
452
|
+
});
|
|
453
|
+
});
|
|
454
|
+
describe('edge cases and error handling', () => {
|
|
455
|
+
it('should handle empty scope array', () => {
|
|
456
|
+
const builder = new AbilityBuilder(Ability);
|
|
457
|
+
buildAbilityFromScopes(baseContext, builder);
|
|
458
|
+
const ability = builder.build();
|
|
459
|
+
expect(ability.rules.length).toBe(0);
|
|
460
|
+
});
|
|
461
|
+
it('should handle undefined userUuid in context', () => {
|
|
462
|
+
const contextWithoutUser = {
|
|
463
|
+
...baseContext,
|
|
464
|
+
};
|
|
465
|
+
const builder = new AbilityBuilder(Ability);
|
|
466
|
+
buildAbilityFromScopes({
|
|
467
|
+
...contextWithoutUser,
|
|
468
|
+
scopes: ['view:Dashboard'],
|
|
469
|
+
}, builder);
|
|
470
|
+
const ability = builder.build();
|
|
471
|
+
// Should only allow viewing public dashboards
|
|
472
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
473
|
+
organizationUuid: 'org-123',
|
|
474
|
+
projectUuid: 'project-123',
|
|
475
|
+
isPrivate: false,
|
|
476
|
+
}))).toBe(true);
|
|
477
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
478
|
+
organizationUuid: 'org-123',
|
|
479
|
+
projectUuid: 'project-123',
|
|
480
|
+
isPrivate: true,
|
|
481
|
+
}))).toBe(false);
|
|
482
|
+
});
|
|
483
|
+
it('should handle mixed valid and invalid scopes', () => {
|
|
484
|
+
const builder = new AbilityBuilder(Ability);
|
|
485
|
+
buildAbilityFromScopes({
|
|
486
|
+
...baseContext,
|
|
487
|
+
scopes: [
|
|
488
|
+
'view:Dashboard',
|
|
489
|
+
'view:Project',
|
|
490
|
+
'invalid:scope',
|
|
491
|
+
],
|
|
492
|
+
}, builder);
|
|
493
|
+
const ability = builder.build();
|
|
494
|
+
// We have 3 valid rules, 2 for dashboard and 1 for project, dropping the invalid scope
|
|
495
|
+
expect(ability.rules.length).toBe(3);
|
|
496
|
+
expect(ability.rules.filter((r) => r.subject === 'Dashboard')).toHaveLength(2);
|
|
497
|
+
expect(ability.rules.find((r) => r.subject === 'Project')).toBeDefined();
|
|
498
|
+
});
|
|
499
|
+
});
|
|
500
|
+
describe('cross-boundary access tests', () => {
|
|
501
|
+
it('should not allow access to resources from different organizations', () => {
|
|
502
|
+
const builder = new AbilityBuilder(Ability);
|
|
503
|
+
buildAbilityFromScopes({
|
|
504
|
+
...baseContext,
|
|
505
|
+
scopes: [
|
|
506
|
+
'view:Dashboard',
|
|
507
|
+
'manage:SavedChart',
|
|
508
|
+
'view:Space',
|
|
509
|
+
],
|
|
510
|
+
}, builder);
|
|
511
|
+
const ability = builder.build();
|
|
512
|
+
// Should not access dashboard from different org
|
|
513
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
514
|
+
organizationUuid: 'different-org',
|
|
515
|
+
isPrivate: false,
|
|
516
|
+
}))).toBe(false);
|
|
517
|
+
// Should not manage saved chart from different org
|
|
518
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
519
|
+
organizationUuid: 'different-org',
|
|
520
|
+
}))).toBe(false);
|
|
521
|
+
// Should not view space from different org
|
|
522
|
+
expect(ability.can('view', subject('Space', {
|
|
523
|
+
organizationUuid: 'different-org',
|
|
524
|
+
isPrivate: false,
|
|
525
|
+
}))).toBe(false);
|
|
526
|
+
});
|
|
527
|
+
it('should not allow access to resources from different projects', () => {
|
|
528
|
+
const builder = new AbilityBuilder(Ability);
|
|
529
|
+
buildAbilityFromScopes({
|
|
530
|
+
...baseContext,
|
|
531
|
+
scopes: ['view:SavedChart'],
|
|
532
|
+
}, builder);
|
|
533
|
+
const ability = builder.build();
|
|
534
|
+
// Should not access saved chart from different project
|
|
535
|
+
expect(ability.can('view', subject('SavedChart', {
|
|
536
|
+
organizationUuid: 'org-123',
|
|
537
|
+
projectUuid: 'different-project',
|
|
538
|
+
isPrivate: false,
|
|
539
|
+
}))).toBe(false);
|
|
540
|
+
});
|
|
541
|
+
});
|
|
542
|
+
describe('private resource access with space roles', () => {
|
|
543
|
+
it('should handle viewer role access to private resources', () => {
|
|
544
|
+
const contextWithUser = {
|
|
545
|
+
...baseContextWithOrg,
|
|
546
|
+
userUuid: 'user-456',
|
|
547
|
+
};
|
|
548
|
+
const builder = new AbilityBuilder(Ability);
|
|
549
|
+
buildAbilityFromScopes({
|
|
550
|
+
...contextWithUser,
|
|
551
|
+
scopes: ['view:Dashboard'],
|
|
552
|
+
}, builder);
|
|
553
|
+
const ability = builder.build();
|
|
554
|
+
// Can view private dashboard with viewer access
|
|
555
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
556
|
+
organizationUuid: 'org-123',
|
|
557
|
+
isPrivate: true,
|
|
558
|
+
access: [
|
|
559
|
+
{
|
|
560
|
+
userUuid: 'user-456',
|
|
561
|
+
role: SpaceMemberRole.VIEWER,
|
|
562
|
+
},
|
|
563
|
+
],
|
|
564
|
+
}))).toBe(true);
|
|
565
|
+
// Cannot view private dashboard without access
|
|
566
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
567
|
+
organizationUuid: 'org-123',
|
|
568
|
+
isPrivate: true,
|
|
569
|
+
access: [],
|
|
570
|
+
}))).toBe(false);
|
|
571
|
+
// Cannot view private dashboard with access for another user
|
|
572
|
+
expect(ability.can('view', subject('Dashboard', {
|
|
573
|
+
organizationUuid: 'org-123',
|
|
574
|
+
isPrivate: true,
|
|
575
|
+
access: [
|
|
576
|
+
{
|
|
577
|
+
userUuid: 'other-user',
|
|
578
|
+
role: SpaceMemberRole.VIEWER,
|
|
579
|
+
},
|
|
580
|
+
],
|
|
581
|
+
}))).toBe(false);
|
|
582
|
+
});
|
|
583
|
+
it('should handle editor role for managing resources', () => {
|
|
584
|
+
const contextWithUser = {
|
|
585
|
+
...baseContextWithOrg,
|
|
586
|
+
userUuid: 'user-456',
|
|
587
|
+
};
|
|
588
|
+
const builder = new AbilityBuilder(Ability);
|
|
589
|
+
buildAbilityFromScopes({
|
|
590
|
+
...contextWithUser,
|
|
591
|
+
scopes: ['manage:Dashboard@space'],
|
|
592
|
+
}, builder);
|
|
593
|
+
const ability = builder.build();
|
|
594
|
+
// Can manage dashboard with editor role
|
|
595
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
596
|
+
organizationUuid: 'org-123',
|
|
597
|
+
access: [
|
|
598
|
+
{
|
|
599
|
+
userUuid: 'user-456',
|
|
600
|
+
role: SpaceMemberRole.EDITOR,
|
|
601
|
+
},
|
|
602
|
+
],
|
|
603
|
+
}))).toBe(true);
|
|
604
|
+
// Can manage dashboard with admin role
|
|
605
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
606
|
+
organizationUuid: 'org-123',
|
|
607
|
+
access: [
|
|
608
|
+
{
|
|
609
|
+
userUuid: 'user-456',
|
|
610
|
+
role: SpaceMemberRole.ADMIN,
|
|
611
|
+
},
|
|
612
|
+
],
|
|
613
|
+
}))).toBe(true);
|
|
614
|
+
// Cannot manage dashboard with viewer role
|
|
615
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
616
|
+
organizationUuid: 'org-123',
|
|
617
|
+
access: [
|
|
618
|
+
{
|
|
619
|
+
userUuid: 'user-456',
|
|
620
|
+
role: SpaceMemberRole.VIEWER,
|
|
621
|
+
},
|
|
622
|
+
],
|
|
623
|
+
}))).toBe(false);
|
|
624
|
+
// Cannot manage dashboard without access
|
|
625
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
626
|
+
organizationUuid: 'org-123',
|
|
627
|
+
access: [],
|
|
628
|
+
}))).toBe(false);
|
|
629
|
+
});
|
|
630
|
+
it('should handle space admin role for managing spaces', () => {
|
|
631
|
+
const contextWithUser = {
|
|
632
|
+
...baseContext,
|
|
633
|
+
userUuid: 'user-456',
|
|
634
|
+
};
|
|
635
|
+
const builder = new AbilityBuilder(Ability);
|
|
636
|
+
buildAbilityFromScopes({
|
|
637
|
+
...contextWithUser,
|
|
638
|
+
scopes: ['manage:Space@assigned'],
|
|
639
|
+
}, builder);
|
|
640
|
+
const ability = builder.build();
|
|
641
|
+
// Can manage space with admin role
|
|
642
|
+
expect(ability.can('manage', subject('Space', {
|
|
643
|
+
projectUuid: baseContext.projectUuid,
|
|
644
|
+
access: [
|
|
645
|
+
{
|
|
646
|
+
userUuid: 'user-456',
|
|
647
|
+
role: SpaceMemberRole.ADMIN,
|
|
648
|
+
},
|
|
649
|
+
],
|
|
650
|
+
}))).toBe(true);
|
|
651
|
+
// Cannot manage space with editor role
|
|
652
|
+
expect(ability.can('manage', subject('Space', {
|
|
653
|
+
organizationUuid: 'org-123',
|
|
654
|
+
isPrivate: true,
|
|
655
|
+
access: [
|
|
656
|
+
{
|
|
657
|
+
userUuid: 'user-456',
|
|
658
|
+
role: SpaceMemberRole.EDITOR,
|
|
659
|
+
},
|
|
660
|
+
],
|
|
661
|
+
}))).toBe(false);
|
|
662
|
+
// Cannot manage space with viewer role
|
|
663
|
+
expect(ability.can('manage', subject('Space', {
|
|
664
|
+
organizationUuid: 'org-123',
|
|
665
|
+
isPrivate: true,
|
|
666
|
+
access: [
|
|
667
|
+
{
|
|
668
|
+
userUuid: 'user-456',
|
|
669
|
+
role: SpaceMemberRole.VIEWER,
|
|
670
|
+
},
|
|
671
|
+
],
|
|
672
|
+
}))).toBe(false);
|
|
673
|
+
});
|
|
674
|
+
});
|
|
675
|
+
describe('job and job status permissions', () => {
|
|
676
|
+
it('should handle view:job@self permissions', () => {
|
|
677
|
+
const contextWithUser = {
|
|
678
|
+
...baseContext,
|
|
679
|
+
userUuid: 'user-456',
|
|
680
|
+
};
|
|
681
|
+
const builder = new AbilityBuilder(Ability);
|
|
682
|
+
buildAbilityFromScopes({
|
|
683
|
+
...contextWithUser,
|
|
684
|
+
scopes: ['view:Job@self'],
|
|
685
|
+
}, builder);
|
|
686
|
+
const ability = builder.build();
|
|
687
|
+
// Can view own jobs
|
|
688
|
+
expect(ability.can('view', subject('Job', {
|
|
689
|
+
userUuid: 'user-456',
|
|
690
|
+
}))).toBe(true);
|
|
691
|
+
// Cannot view other users' jobs without manage permission
|
|
692
|
+
expect(ability.can('view', subject('Job', {
|
|
693
|
+
userUuid: 'other-user',
|
|
694
|
+
}))).toBe(false);
|
|
695
|
+
});
|
|
696
|
+
it('should handle view:job_status@self permissions for user context', () => {
|
|
697
|
+
const builder = new AbilityBuilder(Ability);
|
|
698
|
+
buildAbilityFromScopes({
|
|
699
|
+
...baseContext,
|
|
700
|
+
userUuid: 'user-456',
|
|
701
|
+
scopes: ['view:JobStatus@self'],
|
|
702
|
+
}, builder);
|
|
703
|
+
const ability = builder.build();
|
|
704
|
+
// Can view own job status
|
|
705
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
706
|
+
createdByUserUuid: 'user-456',
|
|
707
|
+
}))).toBe(true);
|
|
708
|
+
// Cannot view other users' job status
|
|
709
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
710
|
+
createdByUserUuid: 'other-user',
|
|
711
|
+
}))).toBe(false);
|
|
712
|
+
});
|
|
713
|
+
it('should handle view:job_status permissions for all job status', () => {
|
|
714
|
+
const builder = new AbilityBuilder(Ability);
|
|
715
|
+
buildAbilityFromScopes({
|
|
716
|
+
...baseContextWithOrg,
|
|
717
|
+
scopes: ['view:JobStatus'],
|
|
718
|
+
}, builder);
|
|
719
|
+
const ability = builder.build();
|
|
720
|
+
// Can view all job status in organization
|
|
721
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
722
|
+
organizationUuid: 'org-123',
|
|
723
|
+
}))).toBe(true);
|
|
724
|
+
// Cannot view job status from another organization
|
|
725
|
+
expect(ability.can('view', subject('JobStatus', {
|
|
726
|
+
organizationUuid: 'different-org',
|
|
727
|
+
}))).toBe(false);
|
|
728
|
+
});
|
|
729
|
+
it('should handle view:job permissions for all jobs', () => {
|
|
730
|
+
const builder = new AbilityBuilder(Ability);
|
|
731
|
+
buildAbilityFromScopes({
|
|
732
|
+
...baseContext,
|
|
733
|
+
scopes: ['view:Job'],
|
|
734
|
+
}, builder);
|
|
735
|
+
const ability = builder.build();
|
|
736
|
+
// Can view any job
|
|
737
|
+
expect(ability.can('view', subject('Job', {
|
|
738
|
+
organizationUuid: 'org-123',
|
|
739
|
+
projectUuid: 'project-123',
|
|
740
|
+
userUuid: 'any-user',
|
|
741
|
+
}))).toBe(true);
|
|
742
|
+
});
|
|
743
|
+
});
|
|
744
|
+
describe('space-based permissions modifiers', () => {
|
|
745
|
+
it('should handle manage:dashboard@space permissions', () => {
|
|
746
|
+
const contextWithUser = {
|
|
747
|
+
...baseContextWithOrg,
|
|
748
|
+
userUuid: 'user-456',
|
|
749
|
+
};
|
|
750
|
+
const builder = new AbilityBuilder(Ability);
|
|
751
|
+
buildAbilityFromScopes({
|
|
752
|
+
...contextWithUser,
|
|
753
|
+
scopes: ['manage:Dashboard@space'],
|
|
754
|
+
}, builder);
|
|
755
|
+
const ability = builder.build();
|
|
756
|
+
// Can manage dashboard with editor role
|
|
757
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
758
|
+
organizationUuid: 'org-123',
|
|
759
|
+
access: [
|
|
760
|
+
{
|
|
761
|
+
userUuid: 'user-456',
|
|
762
|
+
role: SpaceMemberRole.EDITOR,
|
|
763
|
+
},
|
|
764
|
+
],
|
|
765
|
+
}))).toBe(true);
|
|
766
|
+
// Can manage dashboard with admin role
|
|
767
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
768
|
+
organizationUuid: 'org-123',
|
|
769
|
+
access: [
|
|
770
|
+
{
|
|
771
|
+
userUuid: 'user-456',
|
|
772
|
+
role: SpaceMemberRole.ADMIN,
|
|
773
|
+
},
|
|
774
|
+
],
|
|
775
|
+
}))).toBe(true);
|
|
776
|
+
// Cannot manage dashboard with viewer role
|
|
777
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
778
|
+
organizationUuid: 'org-123',
|
|
779
|
+
access: [
|
|
780
|
+
{
|
|
781
|
+
userUuid: 'user-456',
|
|
782
|
+
role: SpaceMemberRole.VIEWER,
|
|
783
|
+
},
|
|
784
|
+
],
|
|
785
|
+
}))).toBe(false);
|
|
786
|
+
// Cannot manage dashboard without access
|
|
787
|
+
expect(ability.can('manage', subject('Dashboard', {
|
|
788
|
+
organizationUuid: 'org-123',
|
|
789
|
+
access: [],
|
|
790
|
+
}))).toBe(false);
|
|
791
|
+
});
|
|
792
|
+
it('should handle manage:saved_chart@space permissions', () => {
|
|
793
|
+
const contextWithUser = {
|
|
794
|
+
...baseContext,
|
|
795
|
+
userUuid: 'user-456',
|
|
796
|
+
};
|
|
797
|
+
const builder = new AbilityBuilder(Ability);
|
|
798
|
+
buildAbilityFromScopes({
|
|
799
|
+
...contextWithUser,
|
|
800
|
+
scopes: ['manage:SavedChart@space'],
|
|
801
|
+
}, builder);
|
|
802
|
+
const ability = builder.build();
|
|
803
|
+
// Can manage saved chart with editor role
|
|
804
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
805
|
+
projectUuid: 'project-123',
|
|
806
|
+
access: [
|
|
807
|
+
{
|
|
808
|
+
userUuid: 'user-456',
|
|
809
|
+
role: SpaceMemberRole.EDITOR,
|
|
810
|
+
},
|
|
811
|
+
],
|
|
812
|
+
}))).toBe(true);
|
|
813
|
+
// Can manage saved chart with admin role
|
|
814
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
815
|
+
projectUuid: 'project-123',
|
|
816
|
+
access: [
|
|
817
|
+
{
|
|
818
|
+
userUuid: 'user-456',
|
|
819
|
+
role: SpaceMemberRole.ADMIN,
|
|
820
|
+
},
|
|
821
|
+
],
|
|
822
|
+
}))).toBe(true);
|
|
823
|
+
// Cannot manage without proper access
|
|
824
|
+
expect(ability.can('manage', subject('SavedChart', {
|
|
825
|
+
projectUuid: 'project-123',
|
|
826
|
+
access: [
|
|
827
|
+
{
|
|
828
|
+
userUuid: 'other-user',
|
|
829
|
+
role: SpaceMemberRole.EDITOR,
|
|
830
|
+
},
|
|
831
|
+
],
|
|
832
|
+
}))).toBe(false);
|
|
833
|
+
});
|
|
834
|
+
it('should handle promote:dashboard@space permissions', () => {
|
|
835
|
+
const contextWithUser = {
|
|
836
|
+
...baseContext,
|
|
837
|
+
userUuid: 'user-456',
|
|
838
|
+
};
|
|
839
|
+
const builder = new AbilityBuilder(Ability);
|
|
840
|
+
buildAbilityFromScopes({
|
|
841
|
+
...contextWithUser,
|
|
842
|
+
scopes: ['promote:Dashboard@space'],
|
|
843
|
+
}, builder);
|
|
844
|
+
const ability = builder.build();
|
|
845
|
+
// Can promote dashboard with editor access
|
|
846
|
+
expect(ability.can('promote', subject('Dashboard', {
|
|
847
|
+
projectUuid: 'project-123',
|
|
848
|
+
access: [
|
|
849
|
+
{
|
|
850
|
+
userUuid: 'user-456',
|
|
851
|
+
role: SpaceMemberRole.EDITOR,
|
|
852
|
+
},
|
|
853
|
+
],
|
|
854
|
+
}))).toBe(true);
|
|
855
|
+
// Cannot promote without editor access
|
|
856
|
+
expect(ability.can('promote', subject('Dashboard', {
|
|
857
|
+
projectUuid: 'project-123',
|
|
858
|
+
access: [
|
|
859
|
+
{
|
|
860
|
+
userUuid: 'user-456',
|
|
861
|
+
role: SpaceMemberRole.VIEWER,
|
|
862
|
+
},
|
|
863
|
+
],
|
|
864
|
+
}))).toBe(false);
|
|
865
|
+
});
|
|
866
|
+
it('should handle manage:semantic_viewer@space permissions', () => {
|
|
867
|
+
const contextWithUser = {
|
|
868
|
+
...baseContextWithOrg,
|
|
869
|
+
userUuid: 'user-456',
|
|
870
|
+
};
|
|
871
|
+
const builder = new AbilityBuilder(Ability);
|
|
872
|
+
buildAbilityFromScopes({
|
|
873
|
+
...contextWithUser,
|
|
874
|
+
scopes: ['manage:SemanticViewer@space'],
|
|
875
|
+
}, builder);
|
|
876
|
+
const ability = builder.build();
|
|
877
|
+
// Can manage semantic viewer with editor role
|
|
878
|
+
expect(ability.can('manage', subject('SemanticViewer', {
|
|
879
|
+
organizationUuid: 'org-123',
|
|
880
|
+
access: [
|
|
881
|
+
{
|
|
882
|
+
userUuid: 'user-456',
|
|
883
|
+
role: SpaceMemberRole.EDITOR,
|
|
884
|
+
},
|
|
885
|
+
],
|
|
886
|
+
}))).toBe(true);
|
|
887
|
+
// Cannot manage without editor role
|
|
888
|
+
expect(ability.can('manage', subject('SemanticViewer', {
|
|
889
|
+
organizationUuid: 'org-123',
|
|
890
|
+
access: [
|
|
891
|
+
{
|
|
892
|
+
userUuid: 'user-456',
|
|
893
|
+
role: SpaceMemberRole.VIEWER,
|
|
894
|
+
},
|
|
895
|
+
],
|
|
896
|
+
}))).toBe(false);
|
|
897
|
+
});
|
|
898
|
+
});
|
|
899
|
+
describe('semantic viewer permissions', () => {
|
|
900
|
+
it('should handle view:semantic_viewer permissions', () => {
|
|
901
|
+
const builder = new AbilityBuilder(Ability);
|
|
902
|
+
buildAbilityFromScopes({
|
|
903
|
+
...baseContext,
|
|
904
|
+
scopes: ['view:SemanticViewer'],
|
|
905
|
+
}, builder);
|
|
906
|
+
const ability = builder.build();
|
|
907
|
+
expect(ability.can('view', subject('SemanticViewer', {
|
|
908
|
+
organizationUuid: 'org-123',
|
|
909
|
+
projectUuid: 'project-123',
|
|
910
|
+
}))).toBe(true);
|
|
911
|
+
});
|
|
912
|
+
it('should handle manage:semantic_viewer with organization scope', () => {
|
|
913
|
+
const contextWithOrgManage = {
|
|
914
|
+
...baseContextWithOrg,
|
|
915
|
+
userUuid: 'user-456',
|
|
916
|
+
scopes: ['manage:Organization'],
|
|
917
|
+
};
|
|
918
|
+
const builder = new AbilityBuilder(Ability);
|
|
919
|
+
buildAbilityFromScopes({
|
|
920
|
+
...contextWithOrgManage,
|
|
921
|
+
scopes: [
|
|
922
|
+
'manage:Organization',
|
|
923
|
+
'manage:SemanticViewer',
|
|
924
|
+
],
|
|
925
|
+
}, builder);
|
|
926
|
+
const ability = builder.build();
|
|
927
|
+
// Can manage semantic viewer organization-wide
|
|
928
|
+
expect(ability.can('manage', subject('SemanticViewer', {
|
|
929
|
+
organizationUuid: 'org-123',
|
|
930
|
+
}))).toBe(true);
|
|
931
|
+
});
|
|
932
|
+
it('should handle manage:semantic_viewer with editor role', () => {
|
|
933
|
+
const contextWithUser = {
|
|
934
|
+
...baseContextWithOrg,
|
|
935
|
+
userUuid: 'user-456',
|
|
936
|
+
};
|
|
937
|
+
const builder = new AbilityBuilder(Ability);
|
|
938
|
+
buildAbilityFromScopes({
|
|
939
|
+
...contextWithUser,
|
|
940
|
+
scopes: ['manage:SemanticViewer@space'],
|
|
941
|
+
}, builder);
|
|
942
|
+
const ability = builder.build();
|
|
943
|
+
// Can manage semantic viewer with editor role
|
|
944
|
+
expect(ability.can('manage', subject('SemanticViewer', {
|
|
945
|
+
organizationUuid: 'org-123',
|
|
946
|
+
access: [
|
|
947
|
+
{
|
|
948
|
+
userUuid: 'user-456',
|
|
949
|
+
role: SpaceMemberRole.EDITOR,
|
|
950
|
+
},
|
|
951
|
+
],
|
|
952
|
+
}))).toBe(true);
|
|
953
|
+
// Cannot manage without proper access
|
|
954
|
+
expect(ability.can('manage', subject('SemanticViewer', {
|
|
955
|
+
organizationUuid: 'org-123',
|
|
956
|
+
access: [
|
|
957
|
+
{
|
|
958
|
+
userUuid: 'user-456',
|
|
959
|
+
role: SpaceMemberRole.VIEWER,
|
|
960
|
+
},
|
|
961
|
+
],
|
|
962
|
+
}))).toBe(false);
|
|
963
|
+
});
|
|
964
|
+
});
|
|
965
|
+
describe('create space permissions', () => {
|
|
966
|
+
it('should handle create:space permissions', () => {
|
|
967
|
+
const builder = new AbilityBuilder(Ability);
|
|
968
|
+
buildAbilityFromScopes({
|
|
969
|
+
...baseContext,
|
|
970
|
+
scopes: ['create:Space'],
|
|
971
|
+
}, builder);
|
|
972
|
+
const ability = builder.build();
|
|
973
|
+
expect(ability.can('create', subject('Space', {
|
|
974
|
+
organizationUuid: 'org-123',
|
|
975
|
+
projectUuid: 'project-123',
|
|
976
|
+
}))).toBe(true);
|
|
977
|
+
});
|
|
978
|
+
});
|
|
979
|
+
describe('export permissions', () => {
|
|
980
|
+
it('should handle export csv permissions', () => {
|
|
981
|
+
const builder = new AbilityBuilder(Ability);
|
|
982
|
+
buildAbilityFromScopes({
|
|
983
|
+
...baseContext,
|
|
984
|
+
scopes: ['manage:ExportCsv'],
|
|
985
|
+
}, builder);
|
|
986
|
+
const ability = builder.build();
|
|
987
|
+
expect(ability.can('manage', subject('ExportCsv', {
|
|
988
|
+
organizationUuid: 'org-123',
|
|
989
|
+
projectUuid: 'project-123',
|
|
990
|
+
}))).toBe(true);
|
|
991
|
+
});
|
|
992
|
+
it('should handle change csv results permissions', () => {
|
|
993
|
+
const builder = new AbilityBuilder(Ability);
|
|
994
|
+
buildAbilityFromScopes({
|
|
995
|
+
...baseContext,
|
|
996
|
+
scopes: ['manage:ChangeCsvResults'],
|
|
997
|
+
}, builder);
|
|
998
|
+
const ability = builder.build();
|
|
999
|
+
expect(ability.can('manage', subject('ChangeCsvResults', {
|
|
1000
|
+
organizationUuid: 'org-123',
|
|
1001
|
+
projectUuid: 'project-123',
|
|
1002
|
+
}))).toBe(true);
|
|
1003
|
+
});
|
|
1004
|
+
});
|
|
1005
|
+
describe('underlying data permissions', () => {
|
|
1006
|
+
it('should handle view:underlying_data permissions', () => {
|
|
1007
|
+
const builder = new AbilityBuilder(Ability);
|
|
1008
|
+
buildAbilityFromScopes({
|
|
1009
|
+
...baseContext,
|
|
1010
|
+
scopes: ['view:UnderlyingData'],
|
|
1011
|
+
}, builder);
|
|
1012
|
+
const ability = builder.build();
|
|
1013
|
+
expect(ability.can('view', subject('UnderlyingData', {
|
|
1014
|
+
organizationUuid: 'org-123',
|
|
1015
|
+
projectUuid: 'project-123',
|
|
1016
|
+
}))).toBe(true);
|
|
1017
|
+
});
|
|
1018
|
+
});
|
|
1019
|
+
describe('sql runner and custom sql permissions', () => {
|
|
1020
|
+
it('should handle manage:sql_runner permissions', () => {
|
|
1021
|
+
const builder = new AbilityBuilder(Ability);
|
|
1022
|
+
buildAbilityFromScopes({
|
|
1023
|
+
...baseContext,
|
|
1024
|
+
scopes: ['manage:SqlRunner'],
|
|
1025
|
+
}, builder);
|
|
1026
|
+
const ability = builder.build();
|
|
1027
|
+
expect(ability.can('manage', subject('SqlRunner', {
|
|
1028
|
+
organizationUuid: 'org-123',
|
|
1029
|
+
projectUuid: 'project-123',
|
|
1030
|
+
}))).toBe(true);
|
|
1031
|
+
});
|
|
1032
|
+
it('should handle manage:custom_sql permissions', () => {
|
|
1033
|
+
const builder = new AbilityBuilder(Ability);
|
|
1034
|
+
buildAbilityFromScopes({
|
|
1035
|
+
...baseContext,
|
|
1036
|
+
scopes: ['manage:CustomSql'],
|
|
1037
|
+
}, builder);
|
|
1038
|
+
const ability = builder.build();
|
|
1039
|
+
expect(ability.can('manage', subject('CustomSql', {
|
|
1040
|
+
organizationUuid: 'org-123',
|
|
1041
|
+
projectUuid: 'project-123',
|
|
1042
|
+
}))).toBe(true);
|
|
1043
|
+
});
|
|
1044
|
+
});
|
|
1045
|
+
describe('project delete permissions', () => {
|
|
1046
|
+
it('should handle delete:project@self permissions', () => {
|
|
1047
|
+
const builder = new AbilityBuilder(Ability);
|
|
1048
|
+
buildAbilityFromScopes({
|
|
1049
|
+
...baseContext,
|
|
1050
|
+
userUuid: 'user-456',
|
|
1051
|
+
scopes: ['delete:Project@self'],
|
|
1052
|
+
}, builder);
|
|
1053
|
+
const ability = builder.build();
|
|
1054
|
+
// Can delete specific project
|
|
1055
|
+
expect(ability.can('delete', subject('Project', {
|
|
1056
|
+
createdByUserUuid: 'user-456',
|
|
1057
|
+
type: ProjectType.PREVIEW,
|
|
1058
|
+
}))).toBe(true);
|
|
1059
|
+
expect(ability.can('delete', subject('Project', {
|
|
1060
|
+
createdByUserUuid: 'different-user',
|
|
1061
|
+
type: ProjectType.PREVIEW,
|
|
1062
|
+
}))).toBe(false);
|
|
1063
|
+
});
|
|
1064
|
+
it('should handle delete:project@self for own preview projects', () => {
|
|
1065
|
+
const builder = new AbilityBuilder(Ability);
|
|
1066
|
+
buildAbilityFromScopes({
|
|
1067
|
+
...baseContext,
|
|
1068
|
+
userUuid: 'user-456',
|
|
1069
|
+
scopes: ['delete:Project@self'],
|
|
1070
|
+
}, builder);
|
|
1071
|
+
const ability = builder.build();
|
|
1072
|
+
// Can delete preview projects in a project
|
|
1073
|
+
expect(ability.can('delete', subject('Project', {
|
|
1074
|
+
createdByUserUuid: 'user-456',
|
|
1075
|
+
type: ProjectType.PREVIEW,
|
|
1076
|
+
}))).toBe(true);
|
|
1077
|
+
// Cannot delete default projects
|
|
1078
|
+
expect(ability.can('delete', subject('Project', {
|
|
1079
|
+
createdByUserUuid: 'user-456',
|
|
1080
|
+
type: ProjectType.DEFAULT,
|
|
1081
|
+
}))).toBe(false);
|
|
1082
|
+
});
|
|
1083
|
+
});
|
|
1084
|
+
describe('pinned items permissions', () => {
|
|
1085
|
+
it('should handle view:pinned_items permissions', () => {
|
|
1086
|
+
const builder = new AbilityBuilder(Ability);
|
|
1087
|
+
buildAbilityFromScopes({
|
|
1088
|
+
...baseContext,
|
|
1089
|
+
scopes: ['view:PinnedItems'],
|
|
1090
|
+
}, builder);
|
|
1091
|
+
const ability = builder.build();
|
|
1092
|
+
expect(ability.can('view', subject('PinnedItems', {
|
|
1093
|
+
organizationUuid: 'org-123',
|
|
1094
|
+
projectUuid: 'project-123',
|
|
1095
|
+
}))).toBe(true);
|
|
1096
|
+
});
|
|
1097
|
+
it('should handle manage:pinned_items permissions', () => {
|
|
1098
|
+
const builder = new AbilityBuilder(Ability);
|
|
1099
|
+
buildAbilityFromScopes({
|
|
1100
|
+
...baseContext,
|
|
1101
|
+
scopes: ['manage:PinnedItems'],
|
|
1102
|
+
}, builder);
|
|
1103
|
+
const ability = builder.build();
|
|
1104
|
+
expect(ability.can('manage', subject('PinnedItems', {
|
|
1105
|
+
organizationUuid: 'org-123',
|
|
1106
|
+
projectUuid: 'project-123',
|
|
1107
|
+
}))).toBe(true);
|
|
1108
|
+
});
|
|
1109
|
+
});
|
|
1110
|
+
describe('explore permissions', () => {
|
|
1111
|
+
it('should handle manage:explore permissions', () => {
|
|
1112
|
+
const builder = new AbilityBuilder(Ability);
|
|
1113
|
+
buildAbilityFromScopes({
|
|
1114
|
+
...baseContext,
|
|
1115
|
+
scopes: ['manage:Explore'],
|
|
1116
|
+
}, builder);
|
|
1117
|
+
const ability = builder.build();
|
|
1118
|
+
expect(ability.can('manage', subject('Explore', {
|
|
1119
|
+
organizationUuid: 'org-123',
|
|
1120
|
+
projectUuid: 'project-123',
|
|
1121
|
+
}))).toBe(true);
|
|
1122
|
+
});
|
|
1123
|
+
});
|
|
1124
|
+
describe('virtual view permissions', () => {
|
|
1125
|
+
it('should handle create:virtual_view permissions', () => {
|
|
1126
|
+
const builder = new AbilityBuilder(Ability);
|
|
1127
|
+
buildAbilityFromScopes({
|
|
1128
|
+
...baseContext,
|
|
1129
|
+
scopes: ['create:VirtualView'],
|
|
1130
|
+
}, builder);
|
|
1131
|
+
const ability = builder.build();
|
|
1132
|
+
expect(ability.can('create', subject('VirtualView', {
|
|
1133
|
+
organizationUuid: 'org-123',
|
|
1134
|
+
projectUuid: 'project-123',
|
|
1135
|
+
}))).toBe(true);
|
|
1136
|
+
// Should not be able to delete with create scope
|
|
1137
|
+
expect(ability.can('delete', subject('VirtualView', {
|
|
1138
|
+
organizationUuid: 'org-123',
|
|
1139
|
+
projectUuid: 'project-123',
|
|
1140
|
+
}))).toBe(false);
|
|
1141
|
+
});
|
|
1142
|
+
it('should handle delete:virtual_view permissions', () => {
|
|
1143
|
+
const builder = new AbilityBuilder(Ability);
|
|
1144
|
+
buildAbilityFromScopes({
|
|
1145
|
+
...baseContext,
|
|
1146
|
+
scopes: ['delete:VirtualView'],
|
|
1147
|
+
}, builder);
|
|
1148
|
+
const ability = builder.build();
|
|
1149
|
+
expect(ability.can('delete', subject('VirtualView', {
|
|
1150
|
+
organizationUuid: 'org-123',
|
|
1151
|
+
projectUuid: 'project-123',
|
|
1152
|
+
}))).toBe(true);
|
|
1153
|
+
// Should not be able to create with delete scope
|
|
1154
|
+
expect(ability.can('create', subject('VirtualView', {
|
|
1155
|
+
organizationUuid: 'org-123',
|
|
1156
|
+
projectUuid: 'project-123',
|
|
1157
|
+
}))).toBe(false);
|
|
1158
|
+
});
|
|
1159
|
+
it('should handle manage:virtual_view permissions for both create and delete', () => {
|
|
1160
|
+
const builder = new AbilityBuilder(Ability);
|
|
1161
|
+
buildAbilityFromScopes({
|
|
1162
|
+
...baseContext,
|
|
1163
|
+
scopes: ['manage:VirtualView'],
|
|
1164
|
+
}, builder);
|
|
1165
|
+
const ability = builder.build();
|
|
1166
|
+
// Should be able to manage (create and delete)
|
|
1167
|
+
expect(ability.can('manage', subject('VirtualView', {
|
|
1168
|
+
organizationUuid: 'org-123',
|
|
1169
|
+
projectUuid: 'project-123',
|
|
1170
|
+
}))).toBe(true);
|
|
1171
|
+
// Manage scope should allow both create and delete actions
|
|
1172
|
+
expect(ability.can('create', subject('VirtualView', {
|
|
1173
|
+
organizationUuid: 'org-123',
|
|
1174
|
+
projectUuid: 'project-123',
|
|
1175
|
+
}))).toBe(true);
|
|
1176
|
+
expect(ability.can('delete', subject('VirtualView', {
|
|
1177
|
+
organizationUuid: 'org-123',
|
|
1178
|
+
projectUuid: 'project-123',
|
|
1179
|
+
}))).toBe(true);
|
|
1180
|
+
});
|
|
1181
|
+
it('should not allow virtual view actions for different organizations', () => {
|
|
1182
|
+
const builder = new AbilityBuilder(Ability);
|
|
1183
|
+
buildAbilityFromScopes({
|
|
1184
|
+
...baseContextWithOrg,
|
|
1185
|
+
scopes: [
|
|
1186
|
+
'create:VirtualView',
|
|
1187
|
+
'delete:VirtualView',
|
|
1188
|
+
'manage:VirtualView',
|
|
1189
|
+
],
|
|
1190
|
+
}, builder);
|
|
1191
|
+
const ability = builder.build();
|
|
1192
|
+
// Should not access virtual views from different org
|
|
1193
|
+
expect(ability.can('create', subject('VirtualView', {
|
|
1194
|
+
organizationUuid: 'different-org',
|
|
1195
|
+
projectUuid: 'project-123',
|
|
1196
|
+
}))).toBe(false);
|
|
1197
|
+
expect(ability.can('delete', subject('VirtualView', {
|
|
1198
|
+
organizationUuid: 'different-org',
|
|
1199
|
+
projectUuid: 'project-123',
|
|
1200
|
+
}))).toBe(false);
|
|
1201
|
+
expect(ability.can('manage', subject('VirtualView', {
|
|
1202
|
+
organizationUuid: 'different-org',
|
|
1203
|
+
projectUuid: 'project-123',
|
|
1204
|
+
}))).toBe(false);
|
|
1205
|
+
});
|
|
1206
|
+
it('should allow virtual view actions for different projects within same organization', () => {
|
|
1207
|
+
const builder = new AbilityBuilder(Ability);
|
|
1208
|
+
buildAbilityFromScopes({
|
|
1209
|
+
...baseContextWithOrg,
|
|
1210
|
+
scopes: [
|
|
1211
|
+
'create:VirtualView',
|
|
1212
|
+
'delete:VirtualView',
|
|
1213
|
+
'manage:VirtualView',
|
|
1214
|
+
],
|
|
1215
|
+
}, builder);
|
|
1216
|
+
const ability = builder.build();
|
|
1217
|
+
// Virtual view permissions are organization-scoped, not project-scoped
|
|
1218
|
+
// So they should work across different projects within the same org
|
|
1219
|
+
expect(ability.can('create', subject('VirtualView', {
|
|
1220
|
+
organizationUuid: 'org-123',
|
|
1221
|
+
projectUuid: 'different-project',
|
|
1222
|
+
}))).toBe(true);
|
|
1223
|
+
expect(ability.can('delete', subject('VirtualView', {
|
|
1224
|
+
organizationUuid: 'org-123',
|
|
1225
|
+
projectUuid: 'different-project',
|
|
1226
|
+
}))).toBe(true);
|
|
1227
|
+
expect(ability.can('manage', subject('VirtualView', {
|
|
1228
|
+
organizationUuid: 'org-123',
|
|
1229
|
+
projectUuid: 'different-project',
|
|
1230
|
+
}))).toBe(true);
|
|
1231
|
+
});
|
|
1232
|
+
});
|
|
1233
|
+
describe('organization member profile permissions', () => {
|
|
1234
|
+
it('should handle view:organization_member_profile permissions', () => {
|
|
1235
|
+
const builder = new AbilityBuilder(Ability);
|
|
1236
|
+
buildAbilityFromScopes({
|
|
1237
|
+
...baseContextWithOrg,
|
|
1238
|
+
scopes: ['view:OrganizationMemberProfile'],
|
|
1239
|
+
}, builder);
|
|
1240
|
+
const ability = builder.build();
|
|
1241
|
+
expect(ability.can('view', subject('OrganizationMemberProfile', {
|
|
1242
|
+
organizationUuid: 'org-123',
|
|
1243
|
+
projectUuid: 'project-123',
|
|
1244
|
+
}))).toBe(true);
|
|
1245
|
+
// Cannot view profiles from different project
|
|
1246
|
+
expect(ability.can('view', subject('OrganizationMemberProfile', {
|
|
1247
|
+
organizationUuid: 'different-org',
|
|
1248
|
+
projectUuid: 'project-123',
|
|
1249
|
+
}))).toBe(false);
|
|
1250
|
+
});
|
|
1251
|
+
it('should handle manage:organization_member_profile permissions', () => {
|
|
1252
|
+
const builder = new AbilityBuilder(Ability);
|
|
1253
|
+
buildAbilityFromScopes({
|
|
1254
|
+
...baseContext,
|
|
1255
|
+
scopes: ['manage:OrganizationMemberProfile'],
|
|
1256
|
+
}, builder);
|
|
1257
|
+
const ability = builder.build();
|
|
1258
|
+
expect(ability.can('manage', subject('OrganizationMemberProfile', {
|
|
1259
|
+
organizationUuid: 'org-123',
|
|
1260
|
+
projectUuid: 'project-123',
|
|
1261
|
+
}))).toBe(true);
|
|
1262
|
+
});
|
|
1263
|
+
});
|
|
1264
|
+
describe('personal access token permissions', () => {
|
|
1265
|
+
it('should allow managing PAT when enabled and user has allowed role', () => {
|
|
1266
|
+
const builder = new AbilityBuilder(Ability);
|
|
1267
|
+
buildAbilityFromScopes({
|
|
1268
|
+
...baseContext,
|
|
1269
|
+
isEnterprise: true,
|
|
1270
|
+
organizationRole: 'admin',
|
|
1271
|
+
scopes: ['manage:PersonalAccessToken'],
|
|
1272
|
+
permissionsConfig: {
|
|
1273
|
+
pat: {
|
|
1274
|
+
enabled: true,
|
|
1275
|
+
allowedOrgRoles: ['admin', 'developer'],
|
|
1276
|
+
},
|
|
1277
|
+
},
|
|
1278
|
+
}, builder);
|
|
1279
|
+
const ability = builder.build();
|
|
1280
|
+
expect(ability.can('manage', 'PersonalAccessToken')).toBe(true);
|
|
1281
|
+
});
|
|
1282
|
+
it('should not allow managing PAT when disabled', () => {
|
|
1283
|
+
const builder = new AbilityBuilder(Ability);
|
|
1284
|
+
buildAbilityFromScopes({
|
|
1285
|
+
...baseContext,
|
|
1286
|
+
isEnterprise: true,
|
|
1287
|
+
organizationRole: 'admin',
|
|
1288
|
+
scopes: ['manage:PersonalAccessToken'],
|
|
1289
|
+
permissionsConfig: {
|
|
1290
|
+
pat: {
|
|
1291
|
+
enabled: false,
|
|
1292
|
+
allowedOrgRoles: ['admin', 'developer'],
|
|
1293
|
+
},
|
|
1294
|
+
},
|
|
1295
|
+
}, builder);
|
|
1296
|
+
const ability = builder.build();
|
|
1297
|
+
expect(ability.can('manage', subject('PersonalAccessToken', {}))).toBe(false);
|
|
1298
|
+
});
|
|
1299
|
+
it('should not allow managing PAT when user role not in allowed roles', () => {
|
|
1300
|
+
const builder = new AbilityBuilder(Ability);
|
|
1301
|
+
buildAbilityFromScopes({
|
|
1302
|
+
...baseContext,
|
|
1303
|
+
isEnterprise: true,
|
|
1304
|
+
organizationRole: 'developer',
|
|
1305
|
+
scopes: ['manage:PersonalAccessToken'],
|
|
1306
|
+
permissionsConfig: {
|
|
1307
|
+
pat: {
|
|
1308
|
+
enabled: true,
|
|
1309
|
+
allowedOrgRoles: ['admin'],
|
|
1310
|
+
},
|
|
1311
|
+
},
|
|
1312
|
+
}, builder);
|
|
1313
|
+
const ability = builder.build();
|
|
1314
|
+
expect(ability.can('manage', subject('PersonalAccessToken', {}))).toBe(false);
|
|
1315
|
+
});
|
|
1316
|
+
it('should not allow managing PAT when no permissions config provided', () => {
|
|
1317
|
+
const builder = new AbilityBuilder(Ability);
|
|
1318
|
+
buildAbilityFromScopes({
|
|
1319
|
+
...baseContext,
|
|
1320
|
+
isEnterprise: true,
|
|
1321
|
+
organizationRole: 'admin',
|
|
1322
|
+
scopes: ['manage:PersonalAccessToken'],
|
|
1323
|
+
// No permissionsConfig provided
|
|
1324
|
+
}, builder);
|
|
1325
|
+
const ability = builder.build();
|
|
1326
|
+
expect(ability.can('manage', subject('PersonalAccessToken', {}))).toBe(false);
|
|
1327
|
+
});
|
|
1328
|
+
it('should not allow managing PAT when no organization role provided', () => {
|
|
1329
|
+
const builder = new AbilityBuilder(Ability);
|
|
1330
|
+
buildAbilityFromScopes({
|
|
1331
|
+
...baseContext,
|
|
1332
|
+
isEnterprise: true,
|
|
1333
|
+
organizationRole: '', // Empty organization role
|
|
1334
|
+
scopes: ['manage:PersonalAccessToken'],
|
|
1335
|
+
permissionsConfig: {
|
|
1336
|
+
pat: {
|
|
1337
|
+
enabled: true,
|
|
1338
|
+
allowedOrgRoles: ['admin', 'developer'],
|
|
1339
|
+
},
|
|
1340
|
+
},
|
|
1341
|
+
}, builder);
|
|
1342
|
+
const ability = builder.build();
|
|
1343
|
+
expect(ability.can('manage', subject('PersonalAccessToken', {}))).toBe(false);
|
|
1344
|
+
});
|
|
1345
|
+
});
|
|
1346
|
+
});
|
|
1347
|
+
});
|
|
1348
|
+
//# sourceMappingURL=scopeAbilityBuilder.test.js.map
|