npm - @lightdash/common - Versions diffs - 0.2897.0 → 0.2899.0 - Mend

@lightdash/common 0.2897.0 → 0.2899.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/dist/cjs/.tsbuildinfo +1 -1
package/dist/cjs/authorization/parseScopes.test.js +4 -7
package/dist/cjs/authorization/parseScopes.test.js.map +1 -1
package/dist/cjs/authorization/roleToScopeMapping.d.ts.map +1 -1
package/dist/cjs/authorization/roleToScopeMapping.js +56 -0
package/dist/cjs/authorization/roleToScopeMapping.js.map +1 -1
package/dist/cjs/authorization/roleToScopeParity.test.js +169 -97
package/dist/cjs/authorization/roleToScopeParity.test.js.map +1 -1
package/dist/cjs/authorization/scopes.d.ts.map +1 -1
package/dist/cjs/authorization/scopes.js +7 -22
package/dist/cjs/authorization/scopes.js.map +1 -1
package/dist/cjs/authorization/types.d.ts +1 -1
package/dist/cjs/authorization/types.d.ts.map +1 -1
package/dist/cjs/ee/apps/types.d.ts +3 -0
package/dist/cjs/ee/apps/types.d.ts.map +1 -1
package/dist/cjs/types/projects.d.ts +1 -0
package/dist/cjs/types/projects.d.ts.map +1 -1
package/dist/cjs/types/projects.js +12 -1
package/dist/cjs/types/projects.js.map +1 -1
package/dist/cjs/types/roles.d.ts +12 -0
package/dist/cjs/types/roles.d.ts.map +1 -1
package/dist/cjs/utils/timeFrames.d.ts +9 -7
package/dist/cjs/utils/timeFrames.d.ts.map +1 -1
package/dist/cjs/utils/timeFrames.js +10 -10
package/dist/cjs/utils/timeFrames.js.map +1 -1
package/dist/cjs/utils/timeFrames.test.js +26 -0
package/dist/cjs/utils/timeFrames.test.js.map +1 -1
package/dist/esm/.tsbuildinfo +1 -1
package/dist/esm/authorization/parseScopes.test.js +4 -7
package/dist/esm/authorization/parseScopes.test.js.map +1 -1
package/dist/esm/authorization/roleToScopeMapping.d.ts.map +1 -1
package/dist/esm/authorization/roleToScopeMapping.js +56 -0
package/dist/esm/authorization/roleToScopeMapping.js.map +1 -1
package/dist/esm/authorization/roleToScopeParity.test.js +169 -96
package/dist/esm/authorization/roleToScopeParity.test.js.map +1 -1
package/dist/esm/authorization/scopes.d.ts.map +1 -1
package/dist/esm/authorization/scopes.js +7 -22
package/dist/esm/authorization/scopes.js.map +1 -1
package/dist/esm/authorization/types.d.ts +1 -1
package/dist/esm/authorization/types.d.ts.map +1 -1
package/dist/esm/ee/apps/types.d.ts +3 -0
package/dist/esm/ee/apps/types.d.ts.map +1 -1
package/dist/esm/types/projects.d.ts +1 -0
package/dist/esm/types/projects.d.ts.map +1 -1
package/dist/esm/types/projects.js +10 -0
package/dist/esm/types/projects.js.map +1 -1
package/dist/esm/types/roles.d.ts +12 -0
package/dist/esm/types/roles.d.ts.map +1 -1
package/dist/esm/utils/timeFrames.d.ts +9 -7
package/dist/esm/utils/timeFrames.d.ts.map +1 -1
package/dist/esm/utils/timeFrames.js +10 -10
package/dist/esm/utils/timeFrames.js.map +1 -1
package/dist/esm/utils/timeFrames.test.js +26 -0
package/dist/esm/utils/timeFrames.test.js.map +1 -1
package/dist/types/.tsbuildinfo +1 -1
package/dist/types/authorization/parseScopes.test.js +4 -7
package/dist/types/authorization/parseScopes.test.js.map +1 -1
package/dist/types/authorization/roleToScopeMapping.d.ts.map +1 -1
package/dist/types/authorization/roleToScopeMapping.js +56 -0
package/dist/types/authorization/roleToScopeMapping.js.map +1 -1
package/dist/types/authorization/roleToScopeParity.test.js +169 -96
package/dist/types/authorization/roleToScopeParity.test.js.map +1 -1
package/dist/types/authorization/scopes.d.ts.map +1 -1
package/dist/types/authorization/scopes.js +7 -22
package/dist/types/authorization/scopes.js.map +1 -1
package/dist/types/authorization/types.d.ts +1 -1
package/dist/types/authorization/types.d.ts.map +1 -1
package/dist/types/ee/apps/types.d.ts +3 -0
package/dist/types/ee/apps/types.d.ts.map +1 -1
package/dist/types/types/projects.d.ts +1 -0
package/dist/types/types/projects.d.ts.map +1 -1
package/dist/types/types/projects.js +10 -0
package/dist/types/types/projects.js.map +1 -1
package/dist/types/types/roles.d.ts +12 -0
package/dist/types/types/roles.d.ts.map +1 -1
package/dist/types/utils/timeFrames.d.ts +9 -7
package/dist/types/utils/timeFrames.d.ts.map +1 -1
package/dist/types/utils/timeFrames.js +10 -10
package/dist/types/utils/timeFrames.js.map +1 -1
package/dist/types/utils/timeFrames.test.js +26 -0
package/dist/types/utils/timeFrames.test.js.map +1 -1
package/package.json +1 -1

package/dist/esm/authorization/parseScopes.test.js CHANGED Viewed

@@ -23,14 +23,11 @@ describe('parseScopes', () => {
         });
         it('should handle mixed case scope names correctly', () => {
             const result = parseScopes({
-                scopes: [
-                    'export:dashboard_csv',
-                    'manage:personal_access_token',
-                ],
+                scopes: ['manage:custom_sql', 'manage:personal_access_token'],
                 isEnterprise: true,
             });
             expect(result.size).toBe(2);
-            expect(result.has('export:DashboardCsv')).toBe(true);
+            expect(result.has('manage:CustomSql')).toBe(true);
             expect(result.has('manage:PersonalAccessToken')).toBe(true);
         });
         it('should handle single scope correctly', () => {
@@ -72,13 +69,13 @@ describe('parseScopes', () => {
         it('should transform snake_case to PascalCase correctly', () => {
             const result = parseScopes({
                 scopes: [
-                    'export:dashboard_csv',
+                    'manage:custom_sql',
                     'manage:personal_access_token',
                     'view:semantic_viewer',
                 ],
                 isEnterprise: true,
             });
-            expect(result.has('export:DashboardCsv')).toBe(true);
+            expect(result.has('manage:CustomSql')).toBe(true);
             expect(result.has('manage:PersonalAccessToken')).toBe(true);
             expect(result.has('view:SemanticViewer')).toBe(true);
         });

package/dist/esm/authorization/parseScopes.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parseScopes.test.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IACzB,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACnE,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;gBAC9C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;gBAC5C,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE~~;oBACJ~~,~~sBAAsB;oBACtB~~,8BAA8B;~~iBACjC;gBACD~~,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,~~qBAAqB~~,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;~~YACrD~~,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,cAAc,CAAC;gBACxB,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,EAAE;gBACV,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAEvC,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,IAAI;aACrB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC3D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE;oBACJ,~~sBAAsB~~;~~oBACtB~~,8BAA8B;oBAC9B,sBAAsB;iBACzB;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,~~qBAAqB~~,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;~~YACrD~~,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;gBAC/C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,sBAAsB,CAAC;gBAChC,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"parseScopes.test.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IACzB,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACnE,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;gBAC9C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;gBAC5C,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,mBAAmB,EAAE,8BAA8B,CAAC;gBAC7D,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,cAAc,CAAC;gBACxB,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,EAAE;gBACV,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAEvC,MAAM,CACF,WAAW,CAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,IAAI;aACrB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC3D,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE;oBACJ,mBAAmB;oBACnB,8BAA8B;oBAC9B,sBAAsB;iBACzB;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;gBAC/C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,WAAW,CAAC;gBACvB,MAAM,EAAE,CAAC,sBAAsB,CAAC;gBAChC,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/esm/authorization/roleToScopeMapping.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"roleToScopeMapping.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,iBAAiB,EAEpB,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;~~AA2HrD~~;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAoBnE,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,mBAAmB,GAAI,MAAM,iBAAiB,KAAG,MAAM,EAEnE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,GACtC,MAAM,iBAAiB,KACxB,MAAM,EAyBR,CAAC;AAEF,eAAO,MAAM,cAAc,QAAO,cAAc,EAWzC,CAAC;AAER,eAAO,MAAM,YAAY,GAAI,UAAU,MAAM,KAAG,QAAQ,IAAI,iBACF,CAAC"}
1	+ {"version":3,"file":"roleToScopeMapping.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,iBAAiB,EAEpB,MAAM,4BAA4B,CAAC;AACpC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AA0LrD;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAoBnE,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,mBAAmB,GAAI,MAAM,iBAAiB,KAAG,MAAM,EAEnE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,GACtC,MAAM,iBAAiB,KACxB,MAAM,EAyBR,CAAC;AAEF,eAAO,MAAM,cAAc,QAAO,cAAc,EAWzC,CAAC;AAER,eAAO,MAAM,YAAY,GAAI,UAAU,MAAM,KAAG,QAAQ,IAAI,iBACF,CAAC"}

package/dist/esm/authorization/roleToScopeMapping.js CHANGED Viewed

@@ -18,6 +18,11 @@ const BASE_ROLE_SCOPES = {
         'view:DashboardComments',
         'view:Tags',
         'manage:ExportCsv',
+        // Org-context view scopes — every member-or-above can see the
+        // org's own metadata + the list of fellow members. Granted by
+        // `applyOrganizationMemberStaticAbilities.member` / `viewer`.
+        'view:Organization',
+        'view:OrganizationMemberProfile',
         // Enterprise scopes (when available)
         'view:MetricsTree',
         'view:SpotlightTableConfig',
@@ -34,9 +39,15 @@ const BASE_ROLE_SCOPES = {
         'manage:ScheduledDeliveries@self',
         'create:DashboardComments',
         'manage:GoogleSheets',
+        // Job tracking — orchestrating queries/exports/etc. Granted at
+        // `applyOrganizationMemberStaticAbilities.interactive_viewer`.
+        'create:Job',
+        'view:Job',
+        'view:Job@self',
         // Space-level content management (requires space admin/editor role)
         'manage:Dashboard@space', // Via space access
         'manage:SavedChart@space', // Via space access
+        'manage:SemanticViewer@space', // Via space access (paired w/ @space content)
         'manage:DataApp@space', // Via space access
         'manage:Space@assigned', // Via space access (admin role)
         // Enterprise scopes
@@ -54,6 +65,14 @@ const BASE_ROLE_SCOPES = {
         'manage:PinnedItems',
         'manage:DashboardComments',
         'manage:Tags',
+        // Broad SemanticViewer mgmt — promoted from the @space variant
+        // when the user reaches editor tier. Granted at
+        // `applyOrganizationMemberStaticAbilities.editor`.
+        'manage:SemanticViewer',
+        // View-only access to org warehouse creds — needed before admin
+        // tier so editors can see what's already configured. Granted at
+        // `applyOrganizationMemberStaticAbilities.editor`.
+        'view:OrganizationWarehouseCredentials',
         // Enterprise scopes
         'manage:MetricsTree',
         'manage:AiAgentThread@self', // User's own threads
@@ -62,6 +81,11 @@ const BASE_ROLE_SCOPES = {
         // Developer-specific permissions
         'manage:PreAggregation',
         'manage:VirtualView',
+        // Granular create/delete companions to manage:VirtualView. Both
+        // covered by the broader manage at runtime, but listed
+        // explicitly so the role-builder UI shows them ticked.
+        'create:VirtualView',
+        'delete:VirtualView',
         'manage:CustomSql',
         'manage:CustomFields',
         'manage:SqlRunner',
@@ -76,6 +100,12 @@ const BASE_ROLE_SCOPES = {
         'view:JobStatus', // All jobs in project
         'view:SourceCode',
         'manage:SourceCode',
+        // Promote to upstream project. Both broad + @space variants
+        // surface in `applyOrganizationMemberStaticAbilities.developer`.
+        'promote:Dashboard',
+        'promote:Dashboard@space',
+        'promote:SavedChart',
+        'promote:SavedChart@space',
         // Enterprise scopes
         'manage:SpotlightTableConfig',
         'manage:ContentAsCode',
@@ -96,6 +126,32 @@ const BASE_ROLE_SCOPES = {
         'manage:AiAgentThread', // All threads in project
         'manage:ScheduledDeliveries',
         'manage:ContentVerification',
+        // Organization-management scopes. These are no-ops at project
+        // assignment (CASL conditions match `organizationUuid`-keyed
+        // subjects only) but are necessary at the role's intended ORG
+        // assignment — service accounts with `roleUuid`, or any future
+        // org-level human assignment. See `docs/authentication-and-roles.md`
+        // → "Project vs organization assignment of custom roles".
+        // Granted at `applyOrganizationMemberStaticAbilities.admin`.
+        'manage:OrganizationMemberProfile',
+        'manage:Group',
+        'manage:InviteLink',
+        'manage:GitIntegration',
+        'manage:OrganizationWarehouseCredentials',
+        'manage:Organization',
+        'impersonate:User',
+        // PAT management. Granted dynamically at runtime via
+        // `applyOrganizationMemberDynamicAbilities` based on the
+        // deployment-wide `PAT_ALLOWED_ORG_ROLES` env var — that path
+        // remains the source of truth for system roles. Listing it
+        // here lets admin-clone custom roles surface the toggle in the
+        // role builder. **Caveat:** toggling it in a custom role
+        // *bypasses* the dynamic gate, since CASL is additive (the
+        // static scope-built rule wins regardless of deployment
+        // config). Operators who clone admin into a lower-privilege
+        // role should untick it manually if their deployment intends
+        // to restrict PAT to specific tiers.
+        'manage:PersonalAccessToken',
     ],
 };
 /**

package/dist/esm/authorization/roleToScopeMapping.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"roleToScopeMapping.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,iBAAiB,EACjB,uBAAuB,GAC1B,MAAM,4BAA4B,CAAC;AAGpC;;;GAGG;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACrB,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,4BAA4B;QAC5B,gBAAgB;QAChB,qBAAqB,EAAE,yCAAyC;QAChE,iBAAiB;QACjB,YAAY;QACZ,cAAc;QACd,kBAAkB;QAClB,wBAAwB;QACxB,WAAW;QACX,kBAAkB;QAElB,qCAAqC;QACrC,kBAAkB;QAClB,2BAA2B;QAC3B,yBAAyB;QACzB,cAAc;KACjB;IAED,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE;QACpC,4CAA4C;QAC5C,qBAAqB;QACrB,qBAAqB;QACrB,gBAAgB;QAChB,yBAAyB;QACzB,4BAA4B;QAC5B,iCAAiC;QACjC,0BAA0B;QAC1B,qBAAqB;QAErB,oEAAoE;QACpE,wBAAwB,EAAE,mBAAmB;QAC7C,yBAAyB,EAAE,mBAAmB;QAC9C,sBAAsB,EAAE,mBAAmB;QAC3C,uBAAuB,EAAE,gCAAgC;QAEzD,oBAAoB;QACpB,cAAc;QACd,sBAAsB;QACtB,gBAAgB,EAAE,qCAAqC;QACvD,mBAAmB,EAAE,oBAAoB;QACzC,qBAAqB,EAAE,oBAAoB;KAC9C;IAED,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,8BAA8B;QAC9B,cAAc;QACd,qBAAqB,EAAE,yBAAyB;QAChD,YAAY;QACZ,oBAAoB;QACpB,0BAA0B;QAC1B,aAAa;QAEb,oBAAoB;QACpB,oBAAoB;QACpB,2BAA2B,EAAE,qBAAqB;KACrD;IAED,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;QAC3B,iCAAiC;QACjC,uBAAuB;QACvB,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,mBAAmB;QACnB,uBAAuB;QACvB,sBAAsB;QACtB,2BAA2B;QAC3B,wBAAwB,EAAE,mBAAmB;QAC7C,qBAAqB,EAAE,mCAAmC;QAC1D,gBAAgB;QAChB,qBAAqB;QACrB,gBAAgB,EAAE,sBAAsB;QACxC,iBAAiB;QACjB,mBAAmB;QAEnB,oBAAoB;QACpB,6BAA6B;QAC7B,sBAAsB;QACtB,gBAAgB;QAChB,2BAA2B,EAAE,qBAAqB;KACrD;IAED,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE;QACvB,6BAA6B;QAC7B,gBAAgB;QAChB,gBAAgB,EAAE,cAAc;QAChC,gBAAgB;QAChB,kBAAkB,EAAE,iBAAiB;QACrC,cAAc,EAAE,aAAa;QAC7B,gBAAgB,EAAE,2CAA2C;QAC7D,mBAAmB,EAAE,mBAAmB;QACxC,uBAAuB,EAAE,kCAAkC;QAC3D,oBAAoB,EAAE,yBAAyB;QAC/C,sBAAsB,EAAE,yBAAyB;QACjD,4BAA4B;QAC5B,4BAA4B;KAC/B;CACK,CAAC;AAEX;;GAEG;AACH,MAAM,cAAc,GAAG;IACnB,iBAAiB,CAAC,MAAM;IACxB,iBAAiB,CAAC,kBAAkB;IACpC,iBAAiB,CAAC,MAAM;IACxB,iBAAiB,CAAC,SAAS;IAC3B,iBAAiB,CAAC,KAAK;CACjB,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GACnC,CAAC,GAAG,EAAE;IACF,MAAM,MAAM,GAAG,EAAyC,CAAC;IAEzD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,wCAAwC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACtC,gBAAgB,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAC5C,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAC7B,CAAC;QACN,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC,EAAE,CAAC;AAET;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,IAAuB,EAAY,EAAE,CAAC;IACtE,GAAG,0BAA0B,CAAC,IAAI,CAAC;CACtC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CACzC,IAAuB,EACf,EAAE;IACV,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;QAC7B,kBAAkB;QAClB,oBAAoB;QACpB,2BAA2B;QAC3B,6BAA6B;QAC7B,cAAc;QACd,oBAAoB;QACpB,sBAAsB;QACtB,gBAAgB;QAChB,sBAAsB;QACtB,sBAAsB;QACtB,cAAc;QACd,gBAAgB;QAChB,sBAAsB;QACtB,gBAAgB;QAChB,mBAAmB;QACnB,qBAAqB;QACrB,4BAA4B;QAC5B,uBAAuB;KAC1B,CAAC,CAAC;IAEH,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,CAC1C,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAC1C,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,GAAqB,EAAE,CACjD,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC1B,QAAQ,EAAE,IAAI;IACd,IAAI,EAAE,uBAAuB,CAAC,IAAI,CAAC;IACnC,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC;IAC1C,SAAS,EAAE,QAAQ;IACnB,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC;IACjC,gBAAgB,EAAE,IAAI;IACtB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;CAClB,CAAC,CAAC,CAAC;AAER,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAiC,EAAE,CAC5E,cAAc,CAAC,QAAQ,CAAC,QAA6B,CAAC,CAAC"}
1	+ {"version":3,"file":"roleToScopeMapping.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,iBAAiB,EACjB,uBAAuB,GAC1B,MAAM,4BAA4B,CAAC;AAGpC;;;GAGG;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACrB,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,4BAA4B;QAC5B,gBAAgB;QAChB,qBAAqB,EAAE,yCAAyC;QAChE,iBAAiB;QACjB,YAAY;QACZ,cAAc;QACd,kBAAkB;QAClB,wBAAwB;QACxB,WAAW;QACX,kBAAkB;QAElB,8DAA8D;QAC9D,8DAA8D;QAC9D,8DAA8D;QAC9D,mBAAmB;QACnB,gCAAgC;QAEhC,qCAAqC;QACrC,kBAAkB;QAClB,2BAA2B;QAC3B,yBAAyB;QACzB,cAAc;KACjB;IAED,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE;QACpC,4CAA4C;QAC5C,qBAAqB;QACrB,qBAAqB;QACrB,gBAAgB;QAChB,yBAAyB;QACzB,4BAA4B;QAC5B,iCAAiC;QACjC,0BAA0B;QAC1B,qBAAqB;QAErB,+DAA+D;QAC/D,+DAA+D;QAC/D,YAAY;QACZ,UAAU;QACV,eAAe;QAEf,oEAAoE;QACpE,wBAAwB,EAAE,mBAAmB;QAC7C,yBAAyB,EAAE,mBAAmB;QAC9C,6BAA6B,EAAE,8CAA8C;QAC7E,sBAAsB,EAAE,mBAAmB;QAC3C,uBAAuB,EAAE,gCAAgC;QAEzD,oBAAoB;QACpB,cAAc;QACd,sBAAsB;QACtB,gBAAgB,EAAE,qCAAqC;QACvD,mBAAmB,EAAE,oBAAoB;QACzC,qBAAqB,EAAE,oBAAoB;KAC9C;IAED,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,8BAA8B;QAC9B,cAAc;QACd,qBAAqB,EAAE,yBAAyB;QAChD,YAAY;QACZ,oBAAoB;QACpB,0BAA0B;QAC1B,aAAa;QAEb,+DAA+D;QAC/D,gDAAgD;QAChD,mDAAmD;QACnD,uBAAuB;QAEvB,gEAAgE;QAChE,gEAAgE;QAChE,mDAAmD;QACnD,uCAAuC;QAEvC,oBAAoB;QACpB,oBAAoB;QACpB,2BAA2B,EAAE,qBAAqB;KACrD;IAED,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;QAC3B,iCAAiC;QACjC,uBAAuB;QACvB,oBAAoB;QACpB,gEAAgE;QAChE,uDAAuD;QACvD,uDAAuD;QACvD,oBAAoB;QACpB,oBAAoB;QACpB,kBAAkB;QAClB,qBAAqB;QACrB,kBAAkB;QAClB,mBAAmB;QACnB,uBAAuB;QACvB,sBAAsB;QACtB,2BAA2B;QAC3B,wBAAwB,EAAE,mBAAmB;QAC7C,qBAAqB,EAAE,mCAAmC;QAC1D,gBAAgB;QAChB,qBAAqB;QACrB,gBAAgB,EAAE,sBAAsB;QACxC,iBAAiB;QACjB,mBAAmB;QAEnB,4DAA4D;QAC5D,iEAAiE;QACjE,mBAAmB;QACnB,yBAAyB;QACzB,oBAAoB;QACpB,0BAA0B;QAE1B,oBAAoB;QACpB,6BAA6B;QAC7B,sBAAsB;QACtB,gBAAgB;QAChB,2BAA2B,EAAE,qBAAqB;KACrD;IAED,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE;QACvB,6BAA6B;QAC7B,gBAAgB;QAChB,gBAAgB,EAAE,cAAc;QAChC,gBAAgB;QAChB,kBAAkB,EAAE,iBAAiB;QACrC,cAAc,EAAE,aAAa;QAC7B,gBAAgB,EAAE,2CAA2C;QAC7D,mBAAmB,EAAE,mBAAmB;QACxC,uBAAuB,EAAE,kCAAkC;QAC3D,oBAAoB,EAAE,yBAAyB;QAC/C,sBAAsB,EAAE,yBAAyB;QACjD,4BAA4B;QAC5B,4BAA4B;QAE5B,8DAA8D;QAC9D,6DAA6D;QAC7D,8DAA8D;QAC9D,+DAA+D;QAC/D,qEAAqE;QACrE,0DAA0D;QAC1D,6DAA6D;QAC7D,kCAAkC;QAClC,cAAc;QACd,mBAAmB;QACnB,uBAAuB;QACvB,yCAAyC;QACzC,qBAAqB;QACrB,kBAAkB;QAElB,qDAAqD;QACrD,yDAAyD;QACzD,8DAA8D;QAC9D,2DAA2D;QAC3D,+DAA+D;QAC/D,yDAAyD;QACzD,2DAA2D;QAC3D,wDAAwD;QACxD,4DAA4D;QAC5D,6DAA6D;QAC7D,qCAAqC;QACrC,4BAA4B;KAC/B;CACK,CAAC;AAEX;;GAEG;AACH,MAAM,cAAc,GAAG;IACnB,iBAAiB,CAAC,MAAM;IACxB,iBAAiB,CAAC,kBAAkB;IACpC,iBAAiB,CAAC,MAAM;IACxB,iBAAiB,CAAC,SAAS;IAC3B,iBAAiB,CAAC,KAAK;CACjB,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,0BAA0B,GACnC,CAAC,GAAG,EAAE;IACF,MAAM,MAAM,GAAG,EAAyC,CAAC;IAEzD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,wCAAwC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACtC,gBAAgB,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAC5C,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAC7B,CAAC;QACN,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC,EAAE,CAAC;AAET;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,IAAuB,EAAY,EAAE,CAAC;IACtE,GAAG,0BAA0B,CAAC,IAAI,CAAC;CACtC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CACzC,IAAuB,EACf,EAAE;IACV,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;QAC7B,kBAAkB;QAClB,oBAAoB;QACpB,2BAA2B;QAC3B,6BAA6B;QAC7B,cAAc;QACd,oBAAoB;QACpB,sBAAsB;QACtB,gBAAgB;QAChB,sBAAsB;QACtB,sBAAsB;QACtB,cAAc;QACd,gBAAgB;QAChB,sBAAsB;QACtB,gBAAgB;QAChB,mBAAmB;QACnB,qBAAqB;QACrB,4BAA4B;QAC5B,uBAAuB;KAC1B,CAAC,CAAC;IAEH,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,CAC1C,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAC1C,CAAC;AACN,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG,GAAqB,EAAE,CACjD,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC1B,QAAQ,EAAE,IAAI;IACd,IAAI,EAAE,uBAAuB,CAAC,IAAI,CAAC;IACnC,WAAW,EAAE,uBAAuB,CAAC,IAAI,CAAC;IAC1C,SAAS,EAAE,QAAQ;IACnB,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC;IACjC,gBAAgB,EAAE,IAAI;IACtB,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;IACf,SAAS,EAAE,IAAI;CAClB,CAAC,CAAC,CAAC;AAER,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAiC,EAAE,CAC5E,cAAc,CAAC,QAAQ,CAAC,QAA6B,CAAC,CAAC"}

package/dist/esm/authorization/roleToScopeParity.test.js CHANGED Viewed

@@ -1,70 +1,36 @@
 /* eslint-disable no-console */
 import { Ability, AbilityBuilder } from '@casl/ability';
-import groupBy from 'lodash/groupBy';
-import isEqual from 'lodash/isEqual';
 import { ProjectMemberRole } from '../types/projectMemberRole';
+import { applyOrganizationMemberStaticAbilities } from './organizationMemberAbility';
+import { ORGANIZATION_ADMIN, ORGANIZATION_DEVELOPER, ORGANIZATION_EDITOR, ORGANIZATION_INTERACTIVE_VIEWER, ORGANIZATION_VIEWER, } from './organizationMemberAbility.mock';
 import { projectMemberAbilities } from './projectMemberAbility';
 import { PROJECT_ADMIN, PROJECT_DEVELOPER, PROJECT_EDITOR, PROJECT_INTERACTIVE_VIEWER, PROJECT_VIEWER, } from './projectMemberAbility.mock';
 import { getAllScopesForRole } from './roleToScopeMapping';
 import { buildAbilityFromScopes } from './scopeAbilityBuilder';
+import { getScopes } from './scopes';
 /**
- * Normalize a CASL rule for comparison by sorting object keys and handling undefined values
+ * Coverage check: every `${action}:${subject}` key that the role-based
+ * ability emits must also appear in the scope-based ability. Extras on
+ * the scope side are allowed — they represent granular toggles that
+ * either subsume into a broader role grant (e.g. `manage:Job` covers
+ * `create:Job` + `view:Job`) or unlock org-level abilities the project
+ * role doesn't carry. Those extras are validated by the separate
+ * scope-vocabulary coverage test.
+ *
+ * Why not strict equivalence: role-based and scope-based deliberately
+ * emit different *condition shapes* for the same action+subject (CASL
+ * inheritance, `userUuid` filters, etc.). Comparing rule counts or
+ * conditions exactly is brittle and tests architectural detail rather
+ * than the property we care about — "no role-granted ability is
+ * unreachable through scopes."
  */
-const normalizeRule = (rule) => ({
-    action: rule.action,
-    subject: rule.subject,
-});
-/**
- * Compare two sets of CASL rules for functional equivalence
- */
-const compareRuleSets = (roleBasedRules, scopeBasedRules, roleName) => {
-    const normalizedRoleRules = roleBasedRules.map(normalizeRule);
-    const normalizedScopeRules = scopeBasedRules.map(normalizeRule);
-    const mismatches = [];
-    // Check if rule counts match
-    if (normalizedRoleRules.length !== normalizedScopeRules.length) {
-        mismatches.push(`Rule count mismatch: role-based has ${normalizedRoleRules.length} rules, scope-based has ${normalizedScopeRules.length} rules`);
-    }
-    // Group rules by action+subject for easier comparison
-    const roleRulesGrouped = groupBy(normalizedRoleRules, (rule) => `${rule.action}:${rule.subject}`);
-    const scopeRulesGrouped = groupBy(normalizedScopeRules, (rule) => `${rule.action}:${rule.subject}`);
-    // Check for missing or extra rule types
-    const roleKeys = new Set(Object.keys(roleRulesGrouped));
-    const scopeKeys = new Set(Object.keys(scopeRulesGrouped));
-    const missingInScope = [...roleKeys].filter((key) => !scopeKeys.has(key));
-    const extraInScope = [...scopeKeys].filter((key) => !roleKeys.has(key));
-    missingInScope.forEach((key) => {
-        mismatches.push(`Missing in scope-based: ${key}`);
-    });
-    extraInScope.forEach((key) => {
-        mismatches.push(`Extra in scope-based: ${key}`);
-    });
-    // Compare matching rule groups
-    const commonKeys = [...roleKeys].filter((key) => scopeKeys.has(key));
-    commonKeys.forEach((key) => {
-        const roleRulesForKey = roleRulesGrouped[key];
-        const scopeRulesForKey = scopeRulesGrouped[key];
-        // For rules with the same action+subject, we need to check if the conditions are equivalent
-        // This is more complex because multiple rules might combine to create the same effective permissions
-        if (roleRulesForKey.length !== scopeRulesForKey.length) {
-            // Different number of rules for same action+subject - this might be OK if conditions are equivalent
-            // For now, we'll flag this as a potential issue but continue checking
-            mismatches.push(`Different rule count for ${key}: role-based has ${roleRulesForKey.length}, scope-based has ${scopeRulesForKey.length}`);
-        }
-        // Check if rule sets contain equivalent conditions
-        const roleConditions = roleRulesForKey
-            .map((r) => r.conditions)
-            .filter(Boolean);
-        const scopeConditions = scopeRulesForKey
-            .map((r) => r.conditions)
-            .filter(Boolean);
-        if (!isEqual(roleConditions, scopeConditions)) {
-            mismatches.push(`Condition mismatch on ${roleName} for ${key}:\nRole-based: ${JSON.stringify(roleConditions, null, 2)}\nScope-based: ${JSON.stringify(scopeConditions, null, 2)}`);
-        }
-    });
+const checkRoleCoveredByScopes = (roleBasedRules, scopeBasedRules, roleName) => {
+    const roleKeys = new Set(roleBasedRules.map((r) => `${r.action}:${r.subject}`));
+    const scopeKeys = new Set(scopeBasedRules.map((r) => `${r.action}:${r.subject}`));
+    const missingInScope = [...roleKeys].filter((k) => !scopeKeys.has(k));
     return {
-        isEqual: mismatches.length === 0,
-        mismatches,
+        isEqual: missingInScope.length === 0,
+        mismatches: missingInScope.map((k) => `Role ${roleName} grants "${k}" but no scope in BASE_ROLE_SCOPES emits a rule for it`),
     };
 };
 /**
@@ -77,6 +43,12 @@ const ENTERPRISE_SUBJECTS = new Set([
     'AiAgentThread',
     'ContentAsCode',
     'PreAggregation',
+    // The matching scopes (`view:` + `manage:OrganizationWarehouseCredentials`)
+    // are `isEnterprise: true` in scopes.ts, so the scope-build path
+    // strips them in non-enterprise mode. Mirror that filter on the
+    // role-based side so non-enterprise parity stays clean — at runtime
+    // the feature is gated by license anyway.
+    'OrganizationWarehouseCredentials',
 ]);
 /**
  * Filter enterprise rules from role-based abilities when testing in non-enterprise mode
@@ -88,37 +60,118 @@ const filterEnterpriseRules = (rules, isEnterprise) => {
     return rules.filter((rule) => !ENTERPRISE_SUBJECTS.has(rule.subject));
 };
 /**
- * Test role-to-scope parity for a specific role
+ * `${action}:${subject}` pairs that we expect on the **scope-built** side
+ * but NOT on the **project-role-built** side, when comparing project
+ * parity. Two reasons something lands here:
+ *
+ * 1. **Org-only subject** — the subject never appears in any project
+ *    ability (e.g. `manage:OrganizationMemberProfile`,
+ *    `manage:Group`, `impersonate:User`). The scope-built rule for
+ *    these in project context is dead-on-arrival (`{ projectUuid }`
+ *    conditions never match `{ organizationUuid }`-keyed subjects),
+ *    but we keep the toggle in `BASE_ROLE_SCOPES` so admin custom
+ *    roles surface it at org-level assignment. See
+ *    `docs/authentication-and-roles.md`.
+ *
+ * 2. **Granular action of a subject covered by `manage:X` at project
+ *    level** — e.g. project ability grants `manage:Job` (which CASL
+ *    expands to cover `create`/`view`/`update`/`delete`), while the
+ *    scope vocabulary lists `create:Job` and `view:Job@self` as
+ *    separate scopes. The scope-built rules are benign extras — at
+ *    runtime they're subsumed by the broader `manage:Job` already
+ *    in role-based.
+ *
+ * Subjects with `*` mean "all actions on this subject," used for
+ * org-only subjects (case 1).
+ */
+const PROJECT_PARITY_IGNORE = new Set([
+    // Case 1: org-only subjects.
+    '*:OrganizationMemberProfile',
+    '*:Organization',
+    '*:Group',
+    '*:InviteLink',
+    '*:GitIntegration',
+    '*:OrganizationWarehouseCredentials',
+    '*:User', // impersonate:User
+    // Case 2: granular actions subsumed by project's broader `manage:X`.
+    'create:Job',
+    'view:Job',
+    'manage:SemanticViewer', // broad org-only; @space variant is project
+    'create:VirtualView',
+    'delete:VirtualView',
+    'promote:Dashboard',
+    'promote:SavedChart',
+    'promote:Dashboard@space',
+    'promote:SavedChart@space',
+]);
+const isProjectParityIgnored = (rule) => {
+    const key = `${rule.action}:${rule.subject}`;
+    return (PROJECT_PARITY_IGNORE.has(key) ||
+        PROJECT_PARITY_IGNORE.has(`*:${rule.subject}`));
+};
+/**
+ * Test project-context parity for a role.
+ *
+ * Compares `projectMemberAbilities[role]` against
+ * `buildAbilityFromScopes(scopes, { projectUuid })`. Org-only subjects
+ * are filtered out of the scope-built side because their rules at
+ * project context are dead-on-arrival (`{ projectUuid }` conditions
+ * never match `{ organizationUuid }`-keyed subjects) — the role-builder
+ * UI still surfaces them for org-level assignment, but project parity
+ * shouldn't fail on them.
  */
-const testRoleScopeParity = (role, isEnterprise = false) => {
-    // Get the appropriate mock member profile
-    const memberProfiles = {
+const testProjectRoleScopeParity = (role, isEnterprise = false) => {
+    const member = {
         [ProjectMemberRole.VIEWER]: PROJECT_VIEWER,
         [ProjectMemberRole.INTERACTIVE_VIEWER]: PROJECT_INTERACTIVE_VIEWER,
         [ProjectMemberRole.EDITOR]: PROJECT_EDITOR,
         [ProjectMemberRole.DEVELOPER]: PROJECT_DEVELOPER,
         [ProjectMemberRole.ADMIN]: PROJECT_ADMIN,
-    };
-    const member = memberProfiles[role];
-    // Build abilities using role-based approach
+    }[role];
     const roleBuilder = new AbilityBuilder(Ability);
     projectMemberAbilities[role](member, roleBuilder);
-    const roleAbility = roleBuilder.build();
-    // Filter enterprise rules from role-based abilities if not enterprise
-    const filteredRoleRules = filterEnterpriseRules(roleAbility.rules, isEnterprise);
-    // Build abilities using scope-based approach
+    const filteredRoleRules = filterEnterpriseRules(roleBuilder.build().rules, isEnterprise);
     const scopeBuilder = new AbilityBuilder(Ability);
-    const scopes = getAllScopesForRole(role);
     buildAbilityFromScopes({
         userUuid: member.userUuid,
         projectUuid: member.projectUuid,
-        scopes,
+        scopes: getAllScopesForRole(role),
+        isEnterprise,
+    }, scopeBuilder);
+    const scopeRules = scopeBuilder.build().rules.filter((r) => !isProjectParityIgnored(r));
+    return checkRoleCoveredByScopes(filteredRoleRules, scopeRules, `${role} (project)`);
+};
+/**
+ * Test org-context parity for a role.
+ *
+ * Compares `applyOrganizationMemberStaticAbilities[role]` against
+ * `buildAbilityFromScopes(scopes, { organizationUuid })`. This is the
+ * second leg the project-only test never had — it catches drift on
+ * org-management scopes (which is what let `manage:Group`,
+ * `manage:InviteLink`, etc. silently fall out of the scope vocabulary
+ * before this PR).
+ */
+const testOrgRoleScopeParity = (role, isEnterprise = false) => {
+    const member = {
+        [ProjectMemberRole.VIEWER]: ORGANIZATION_VIEWER,
+        [ProjectMemberRole.INTERACTIVE_VIEWER]: ORGANIZATION_INTERACTIVE_VIEWER,
+        [ProjectMemberRole.EDITOR]: ORGANIZATION_EDITOR,
+        [ProjectMemberRole.DEVELOPER]: ORGANIZATION_DEVELOPER,
+        [ProjectMemberRole.ADMIN]: ORGANIZATION_ADMIN,
+    }[role];
+    const orgRole = role;
+    const roleBuilder = new AbilityBuilder(Ability);
+    applyOrganizationMemberStaticAbilities[orgRole](member, roleBuilder);
+    const filteredRoleRules = filterEnterpriseRules(roleBuilder.build().rules, isEnterprise);
+    const scopeBuilder = new AbilityBuilder(Ability);
+    buildAbilityFromScopes({
+        userUuid: member.userUuid,
+        organizationUuid: member.organizationUuid,
+        scopes: getAllScopesForRole(role),
         isEnterprise,
     }, scopeBuilder);
-    const scopeAbility = scopeBuilder.build();
-    // Compare the filtered rule sets
-    const result = compareRuleSets(filteredRoleRules, scopeAbility.rules, role);
-    return result;
+    const scopeRules = scopeBuilder.build().rules;
+    return checkRoleCoveredByScopes(filteredRoleRules, scopeRules, `${role} (org)`);
 };
 describe('Role to Scope Parity', () => {
     const systemProjectRoles = [
@@ -128,30 +181,50 @@ describe('Role to Scope Parity', () => {
         ProjectMemberRole.DEVELOPER,
         ProjectMemberRole.ADMIN,
     ];
-    describe('Non-Enterprise Environment', () => {
-        it.each(systemProjectRoles)('should have equivalent permissions for %s role', (role) => {
-            const comparison = testRoleScopeParity(role, false);
-            if (!comparison.isEqual) {
-                console.error(`\n=== PARITY MISMATCH FOR ${role.toUpperCase()} ROLE ===`);
-                comparison.mismatches.forEach((mismatch) => {
-                    console.error(`❌ ${mismatch}`);
-                });
-                console.error('=== END MISMATCH REPORT ===\n');
-            }
-            expect(comparison.isEqual).toBe(true);
-        });
+    const reportAndAssert = (label, comparison) => {
+        if (!comparison.isEqual) {
+            console.error(`\n=== ${label} ===`);
+            comparison.mismatches.forEach((m) => console.error(`❌ ${m}`));
+            console.error('=== END MISMATCH REPORT ===\n');
+        }
+        expect(comparison.isEqual).toBe(true);
+    };
+    describe('Project parity (Non-Enterprise)', () => {
+        it.each(systemProjectRoles)('project ability ≡ scope build (project context) for %s', (role) => reportAndAssert(`PROJECT PARITY MISMATCH FOR ${role.toUpperCase()}`, testProjectRoleScopeParity(role, false)));
+    });
+    describe('Project parity (Enterprise)', () => {
+        it.each(systemProjectRoles)('project ability ≡ scope build (project context) for %s [EE]', (role) => reportAndAssert(`ENTERPRISE PROJECT PARITY MISMATCH FOR ${role.toUpperCase()}`, testProjectRoleScopeParity(role, true)));
     });
-    describe('Enterprise Environment', () => {
-        it.each(systemProjectRoles)('should have equivalent permissions for %s role in enterprise', (role) => {
-            const comparison = testRoleScopeParity(role, true);
-            if (!comparison.isEqual) {
-                console.error(`\n=== ENTERPRISE PARITY MISMATCH FOR ${role.toUpperCase()} ROLE ===`);
-                comparison.mismatches.forEach((mismatch) => {
-                    console.error(`❌ ${mismatch}`);
-                });
-                console.error('=== END MISMATCH REPORT ===\n');
+    describe('Org parity (Non-Enterprise)', () => {
+        it.each(systemProjectRoles)('org ability ≡ scope build (org context) for %s', (role) => reportAndAssert(`ORG PARITY MISMATCH FOR ${role.toUpperCase()}`, testOrgRoleScopeParity(role, false)));
+    });
+    describe('Org parity (Enterprise)', () => {
+        it.each(systemProjectRoles)('org ability ≡ scope build (org context) for %s [EE]', (role) => reportAndAssert(`ENTERPRISE ORG PARITY MISMATCH FOR ${role.toUpperCase()}`, testOrgRoleScopeParity(role, true)));
+    });
+    // Coverage assertion. The parity tests above only catch drift on
+    // scopes that ARE in some role tier — they can't see scopes that
+    // exist in the vocabulary (`scopes.ts`) but appear in NO tier.
+    // Those would silently render as dead toggles in the role-builder
+    // UI. This test enforces that every scope in `scopes.ts` is in
+    // `BASE_ROLE_SCOPES` for at least one tier — closing the loop on
+    // "how did the misc orphans drift in the first place?".
+    describe('Scope vocabulary coverage', () => {
+        it('every scope in scopes.ts must appear in at least one role tier', () => {
+            const allScopeNames = new Set(getScopes({ isEnterprise: true }).map((s) => s.name));
+            const tieredScopes = new Set();
+            systemProjectRoles.forEach((role) => {
+                getAllScopesForRole(role).forEach((s) => tieredScopes.add(s));
+            });
+            const missing = [...allScopeNames].filter((s) => !tieredScopes.has(s));
+            if (missing.length > 0) {
+                console.error('\n=== SCOPES NOT WIRED TO ANY ROLE TIER ===\n' +
+                    'Each of these is in `scopes.ts` but in no role tier. ' +
+                    'Add them to `BASE_ROLE_SCOPES[<tier>]` in ' +
+                    'roleToScopeMapping.ts.\n');
+                missing.forEach((s) => console.error(`❌ ${s}`));
+                console.error('=== END ===\n');
             }
-            expect(comparison.isEqual).toBe(true);
+            expect(missing).toEqual([]);
         });
     });
     // This is helpful for debugging, but it's not a test

package/dist/esm/authorization/roleToScopeParity.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"roleToScopeParity.test.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeParity.test.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AACxD~~,OAAO,~~OAAO~~,MAAM,~~gBAAgB~~,CAAC;~~AACrC~~,OAAO,~~OAAO~~,MAAM,~~gBAAgB~~,CAAC;~~AACrC~~,OAAO,~~EAAE~~,~~iBAAiB~~,~~EAAE~~,MAAM,~~4BAA4B~~,CAAC;~~AAC/D~~,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EACH,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,0BAA0B,EAC1B,cAAc,GACjB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;~~AAW~~/D~~;;GAEG;AACH~~,~~MAAM~~,~~aAAa,GAAG,CAAC,IAAc,EAAY,~~EAAE,~~CAAC~~,~~CAAC;IACjD,MAAM,~~EAAE,~~IAAI,CAAC,~~MAAM~~;IACnB~~,~~OAAO~~,~~EAAE,IAAI,~~CAAC~~,OAAO~~;~~CACxB,CAAC,CAAC~~;~~AAEH;;GAEG;~~AACH,MAAM,~~eAAe~~,GAAG,~~CACpB~~,cAA0B,EAC1B,eAA2B,EAC3B,QAAgB,EAC0B,EAAE;IAC5C,MAAM,~~mBAAmB~~,GAAG,cAAc,CAAC,GAAG,CAAC,~~aAAa,~~CAAC,CAAC~~;IAC9D~~,~~MAAM~~,~~oBAAoB~~,~~GAAG,eAAe,~~CAAC,GAAG,CAAC,~~aAAa,~~CAAC,~~CAAC;IAEhE,~~MAAM,~~UAAU,GAAa,EAAE,CAAC;IAEhC,6BAA6B;IAC7B,~~IAAI,~~mBAAmB,~~CAAC,~~MAAM,KAAK,oBAAoB,~~CAAC,~~MAAM~~,EAAE,CAAC~~;QAC7D~~,~~UAAU~~,CAAC,~~IAAI~~,~~CACX~~,~~uCAAuC~~,~~mBAAmB~~,~~CAAC~~,~~MAAM~~,~~2BAA2B~~,~~oBAAoB,~~CAAC,~~MAAM~~,~~QAAQ,CAClI,~~CAAC~~;IACN~~,CAAC~~;IAED~~,~~sDAAsD;IACtD,MAAM,gBAAgB,GAAG,OAAO,CAC5B,mBAAmB,EACnB,~~CAAC,~~IAAI,~~EAAE,EAAE,CAAC,GAAG,~~IAAI~~,CAAC,MAAM,IAAI,~~IAAI~~,CAAC,OAAO,EAAE,~~CAC7C~~,CAAC;IACF,MAAM,~~iBAAiB~~,GAAG,~~OAAO,CAC7B,oBAAoB,EACpB,~~CAAC,~~IAAI~~,~~EAAE~~,~~EAAE,~~CAAC,~~GAAG,IAAI,~~CAAC,MAAM,~~IAAI~~,~~IAAI~~,CAAC,~~OAAO~~,EAAE,~~CAC7C~~,CAAC~~;IAEF~~,~~wCAAwC;IACxC~~,~~MAAM~~,~~QAAQ,~~GAAG,~~IAAI,GAAG,~~CAAC,~~MAAM,~~CAAC,~~IAAI,~~CAAC,~~gBAAgB,~~CAAC,CAAC,~~CAAC~~;~~IACxD~~,~~MAAM~~,~~SAAS~~,~~GAAG~~,~~IAAI,GAAG,~~CAAC,MAAM,~~CAAC~~,~~IAAI,~~CAAC,~~iBAAiB~~,~~CAAC~~,~~CAAC,CAAC;IAE1D,MAAM,~~cAAc,~~GAAG,~~CAAC,GAAG,~~QAAQ~~,CAAC,CAAC,~~MAAM,CAAC,CAAC,GAAG,~~EAAE,EAAE,~~CAAC~~,~~CAAC~~,~~SAAS~~,CAAC,~~GAAG~~,~~CAAC~~,~~GAAG,~~CAAC,CAAC,CAAC;~~IAC1E~~,MAAM,~~YAAY~~,GAAG,~~CAAC~~,GAAG,~~SAAS,~~CAAC,~~CAAC~~,~~MAAM~~,~~CAAC~~,~~CAAC~~,~~GAAG~~,~~EAAE~~,~~EAAE~~,~~CAAC~~,~~CAAC~~,~~QAAQ~~,~~CAAC~~,~~GAAG~~,CAAC,~~GAAG,~~CAAC,~~CAAC~~,~~CAAC;IAExE~~,~~cAAc~~,~~CAAC~~,~~OAAO~~,~~CAAC~~,~~CAAC~~,~~GAAG~~,EAAE~~,EAAE~~;~~QAC3B~~,~~UAAU,CAAC,~~IAAI,~~CAAC~~,~~2BAA2B,GAAG,~~EAAE,CAAC~~,CAAC~~;~~IACtD~~,~~CAAC~~,CAAC,CAAC;~~IAEH~~,~~YAAY~~,CAAC,~~OAAO~~,CAAC,CAAC,~~GAAG~~,EAAE,EAAE~~;QACzB~~,~~UAAU~~,CAAC,~~IAAI~~,CAAC,~~yBAAyB,~~GAAG,~~EAAE~~,CAAC,CAAC~~;IACpD~~,CAAC,CAAC,CAAC;~~IAEH,+BAA+B~~;~~IAC/B~~,MAAM,~~UAAU~~,GAAG,~~CAAC~~,GAAG,~~QAAQ,~~CAAC,~~CAAC~~,~~MAAM~~,~~CAAC~~,~~CAAC~~,~~GAAG~~,~~EAAE~~,EAAE,~~CAAC~~,~~SAAS~~,~~CAAC~~,~~GAAG~~,~~CAAC~~,~~GAAG~~,~~CAAC~~,~~CAAC~~,~~CAAC~~;~~IAErE~~,~~UAAU~~,~~CAAC~~,~~OAAO~~,CAAC,CAAC~~,GAAG,EAAE,EAAE~~;~~QACvB~~,MAAM,~~eAAe~~,GAAG,~~gBAAgB,~~CAAC,~~GAAG~~,~~CAAC~~,~~CAAC~~;~~QAC9C~~,MAAM,~~gBAAgB~~,GAAG,~~iBAAiB,CAAC,~~GAAG,~~CAAC,CAAC;QAEhD,4FAA4F;QAC5F,qGAAqG;QACrG,~~IAAI,~~eAAe,~~CAAC,MAAM,~~KAAK~~,~~gBAAgB~~,CAAC,~~MAAM~~,EAAE,CAAC;~~YACrD~~,~~oGAAoG;YACpG~~,~~sEAAsE;YACtE~~,~~UAAU~~,CAAC,~~IAAI~~,~~CACX~~,~~4BAA4B,~~GAAG,~~oBAAoB~~,~~eAAe~~,CAAC,~~MAAM~~,~~qBAAqB~~,~~gBAAgB~~,CAAC,~~MAAM~~,EAAE,~~CAC1H~~,CAAC;~~QACN~~,CAAC~~;QAED~~,~~mDAAmD~~;~~QACnD~~,MAAM,~~cAAc~~,GAAG,~~eAAe;aACjC~~,~~GAAG~~,~~CAAC~~,~~CAAC~~,~~CAAC~~,~~EAAE~~,EAAE,~~CAAC~~,~~CAAC~~,CAAC,~~UAAU~~,CAAC~~;aACxB~~,MAAM,CAAC,~~OAAO~~,CAAC,CAAC~~;QACrB~~,~~MAAM~~,~~eAAe~~,~~GAAG~~,~~gBAAgB~~;~~aACnC~~,~~GAAG,~~CAAC,CAAC,CAAC,EAAE,~~EAAE~~,CAAC,~~CAAC~~,CAAC,~~UAAU~~,CAAC~~;aACxB~~,~~MAAM~~,~~CAAC,OAAO,CAAC,CAAC~~;~~QAErB~~,~~IAAI,~~CAAC,~~OAAO~~,CAAC,~~cAAc~~,~~EAAE,eAAe,~~CAAC,EAAE,~~CAAC~~;~~YAC5C~~,~~UAAU,~~CAAC,IAAI,~~CACX~~,~~yBAAyB~~,~~QAAQ~~,~~QAAQ~~,GAAG,~~kBAAkB,~~IAAI,~~CAAC,SAAS,CACxE,~~cAAc,~~EACd~~,~~IAAI~~,~~EACJ~~,CAAC,~~CACJ~~,~~kBAAkB~~,IAAI,CAAC,~~SAAS,~~CAAC,~~eAAe~~,EAAE,~~IAAI~~,~~EAAE,~~CAAC,CAAC,~~EAAE~~,~~CAChE~~,~~CAAC;QACN~~,~~CAAC;IACL~~,~~CAAC~~,~~CAAC~~,CAAC~~;IAEH~~,~~OAAO;QACH~~,~~OAAO,~~EAAE,~~UAAU,~~CAAC,~~MAAM~~,~~KAAK~~,~~CAAC;QAChC~~,~~UAAU;KACb~~,CAAC;~~AACN~~,~~CAAC,CAAC;AAEF;;GAEG;AACH,~~MAAM,~~mBAAmB~~,GAAG,IAAI,~~GAAG~~,CAAC~~;IAChC~~,~~aAAa~~;~~IACb~~,sBAAsB~~;IACtB~~,~~SAAS~~;~~IACT~~,~~eAAe;IACf~~,~~eAAe;IACf~~,~~gBAAgB;CACnB~~,CAAC,~~CAAC~~;~~AAEH;;GAEG;AACH~~,MAAM,~~qBAAqB~~,~~GAAG~~,~~CAC1B~~,~~KAAiB~~,~~EACjB~~,~~YAAqB~~,~~EACX~~,~~EAAE~~;~~IACZ~~,~~IAAI~~,YAAY,~~EAAE~~,CAAC;~~QACf~~,~~OAAO~~,~~KAAK~~,~~CAAC;IACjB~~,CAAC~~;IAED~~,~~OAAO,~~KAAK,CAAC,MAAM,CAAC,CAAC,~~IAAI,~~EAAE,EAAE,CAAC,CAAC,~~mBAAmB~~,CAAC,~~GAAG~~,CAAC,~~IAAI~~,CAAC,OAAO,~~CAAC~~,~~CAAC~~,CAAC;~~AAC1E~~,CAAC,CAAC;AAEF~~;;GAEG~~;AACH,MAAM,~~mBAAmB~~,GAAG,~~CACxB~~,IAAuB,EACvB,eAAwB,KAAK,EACa,EAAE;IAC5C,~~0CAA0C;IAC1C~~,MAAM,~~cAAc,~~GAAG;~~QACnB~~,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,~~cAAc~~;~~QAC1C~~,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE~~,0BAA0B~~;~~QAClE~~,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,~~cAAc~~;~~QAC1C~~,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,~~iBAAiB~~;~~QAChD~~,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,~~aAAa~~;~~KAC3C~~,CAAC;~~IAEF~~,MAAM,~~MAAM~~,GAAG,~~cAAc~~,CAAC~~,IAAI,CAAC,CAAC~~;~~IAEpC~~,~~4CAA4C;IAC5C,~~MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC/D,~~sBAAsB~~,CAAC,~~IAAI~~,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;~~IAClD~~,MAAM,~~WAAW~~,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC~~;IAExC~~,~~sEAAsE;IACtE,MAAM,iBAAiB,GAAG,qBAAqB,CAC3C,WAAW,CAAC,~~KAAmB,~~EAC/B~~,YAAY,CACf,CAAC;IAEF,~~6CAA6C;IAC7C,~~MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAChE,~~MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IAEzC,~~sBAAsB,CAClB;QACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,~~WAAW~~,EAAE,MAAM,CAAC,~~WAAW~~;~~QAC/B~~,MAAM;~~QACN~~,YAAY;KACf,EACD,YAAY,CACf,CAAC;IACF,MAAM,~~YAAY~~,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC~~;IAE1C~~,~~iCAAiC~~;~~IACjC~~,~~MAAM~~,~~MAAM~~,~~GAAG~~,~~eAAe,CAC1B,~~iBAAiB,EACjB,~~YAAY~~,~~CAAC~~,~~KAAmB~~,~~EAChC,~~IAAI,~~CACP~~,~~CAAC;IAEF~~,~~OAAO,MAAM,~~CAAC;~~AAClB~~,CAAC,CAAC;AAEF,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IAClC,MAAM,kBAAkB,GAAG;QACvB,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,QAAQ,CAAC,~~4BAA4B~~,EAAE,GAAG,EAAE;~~QACxC~~,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,~~gDAAgD~~,~~EAChD~~,CAAC,IAAI,EAAE,EAAE~~;YACL~~,~~MAAM~~,~~UAAU~~,~~GAAG~~,~~mBAAmB~~,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;~~YAEpD~~,~~IAAI~~,CAAC,~~UAAU~~,CAAC,~~OAAO~~,EAAE,~~CAAC~~;~~gBACtB~~,~~OAAO~~,CAAC,~~KAAK~~,~~CACT~~,~~6BAA6B~~,IAAI,CAAC,WAAW,EAAE,~~WAAW~~,~~CAC7D~~,CAAC~~;gBACF~~,~~UAAU~~,CAAC,~~UAAU~~,CAAC,~~OAAO~~,CAAC,CAAC,QAAQ,EAAE,EAAE;~~oBACvC~~,~~OAAO~~,CAAC,~~KAAK~~,CAAC,~~KAAK~~,~~QAAQ~~,~~EAAE~~,~~CAAC~~,~~CAAC;gBACnC~~,CAAC,~~CAAC~~,CAAC~~;gBACH~~,~~OAAO~~,CAAC,KAAK,CAAC~~,+BAA+B~~,CAAC,CAAC;~~YACnD~~,CAAC;~~YAED~~,~~MAAM~~,CAAC,~~UAAU~~,CAAC,~~OAAO~~,CAAC,CAAC,IAAI,~~CAAC~~,IAAI,CAAC,CAAC~~;QAC1C~~,CAAC,~~CACJ~~,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,~~wBAAwB~~,EAAE,GAAG,EAAE;~~QACpC~~,EAAE,CAAC,IAAI,CAAC,~~kBAAkB~~,CAAC,~~CACvB~~,~~8DAA8D~~,~~EAC9D~~,CAAC,~~IAAI~~,EAAE,EAAE;~~YACL~~,MAAM,~~UAAU~~,GAAG,~~mBAAmB~~,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC~~;YAEnD~~,~~IAAI~~,CAAC,~~UAAU~~,CAAC,~~OAAO~~,EAAE,CAAC;~~gBACtB~~,OAAO,CAAC,~~KAAK~~,~~CACT~~,~~wCAAwC~~,IAAI,CAAC,~~WAAW~~,EAAE,~~WAAW~~,~~CACxE~~,CAAC;~~gBACF~~,~~UAAU~~,CAAC,~~UAAU~~,CAAC,OAAO,CAAC,CAAC,~~QAAQ~~,EAAE,EAAE~~;oBACvC~~,OAAO,CAAC,KAAK,CAAC,KAAK,~~QAAQ~~,EAAE,CAAC,CAAC~~;gBACnC~~,CAAC~~,CAAC,CAAC~~;~~gBACH~~,OAAO,CAAC,KAAK,CAAC~~,+BAA+B~~,CAAC,CAAC;~~YACnD~~,CAAC;YAED,MAAM,CAAC,~~UAAU,CAAC,~~OAAO,CAAC,CAAC,~~IAAI~~,CAAC,~~IAAI~~,CAAC,CAAC;~~QAC1C~~,CAAC,~~CACJ~~,CAAC;~~IACN~~,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAErD,kBAAkB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG;oBACX,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;oBAC1C,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAClC,0BAA0B;oBAC9B,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;oBAC1C,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;oBAChD,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,aAAa;iBAC3C,CAAC,IAAI,CAAC,CAAC;gBAER,yBAAyB;gBACzB,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;gBAC/D,sBAAsB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBAClD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEvD,0BAA0B;gBAC1B,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;gBAChE,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzC,sBAAsB,CAClB;oBACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,MAAM;oBACN,YAAY,EAAE,KAAK;iBACtB,EACD,YAAY,CACf,CAAC;gBACF,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEzD,OAAO,CAAC,GAAG,CACP,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,aAAa;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,kBAAkB,cAAc;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,MAAM;qBACrC,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,EAAE,CACrB,CAAC;YACN,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"roleToScopeParity.test.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeParity.test.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,sCAAsC,EAAE,MAAM,6BAA6B,CAAC;AACrF,OAAO,EACH,kBAAkB,EAClB,sBAAsB,EACtB,mBAAmB,EACnB,+BAA+B,EAC/B,mBAAmB,GACtB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EACH,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,0BAA0B,EAC1B,cAAc,GACjB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAWrC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,wBAAwB,GAAG,CAC7B,cAA0B,EAC1B,eAA2B,EAC3B,QAAgB,EAC0B,EAAE;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,CACpB,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CACxD,CAAC;IACF,MAAM,SAAS,GAAG,IAAI,GAAG,CACrB,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CACzD,CAAC;IACF,MAAM,cAAc,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO;QACH,OAAO,EAAE,cAAc,CAAC,MAAM,KAAK,CAAC;QACpC,UAAU,EAAE,cAAc,CAAC,GAAG,CAC1B,CAAC,CAAC,EAAE,EAAE,CACF,QAAQ,QAAQ,YAAY,CAAC,wDAAwD,CAC5F;KACJ,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAChC,aAAa;IACb,sBAAsB;IACtB,SAAS;IACT,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,4EAA4E;IAC5E,iEAAiE;IACjE,gEAAgE;IAChE,oEAAoE;IACpE,0CAA0C;IAC1C,kCAAkC;CACrC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,qBAAqB,GAAG,CAC1B,KAAiB,EACjB,YAAqB,EACX,EAAE;IACZ,IAAI,YAAY,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AAC1E,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IAClC,6BAA6B;IAC7B,6BAA6B;IAC7B,gBAAgB;IAChB,SAAS;IACT,cAAc;IACd,kBAAkB;IAClB,oCAAoC;IACpC,QAAQ,EAAE,mBAAmB;IAE7B,qEAAqE;IACrE,YAAY;IACZ,UAAU;IACV,uBAAuB,EAAE,4CAA4C;IACrE,oBAAoB;IACpB,oBAAoB;IACpB,mBAAmB;IACnB,oBAAoB;IACpB,yBAAyB;IACzB,0BAA0B;CAC7B,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,IAAc,EAAW,EAAE;IACvD,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;IAC7C,OAAO,CACH,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC;QAC9B,qBAAqB,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,CACjD,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,0BAA0B,GAAG,CAC/B,IAAuB,EACvB,eAAwB,KAAK,EACa,EAAE;IAC5C,MAAM,MAAM,GAAG;QACX,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;QAC1C,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE,0BAA0B;QAClE,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;QAC1C,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;QAChD,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,aAAa;KAC3C,CAAC,IAAI,CAAC,CAAC;IAER,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC/D,sBAAsB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,iBAAiB,GAAG,qBAAqB,CAC3C,WAAW,CAAC,KAAK,EAAE,CAAC,KAAmB,EACvC,YAAY,CACf,CAAC;IAEF,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAChE,sBAAsB,CAClB;QACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC;QACjC,YAAY;KACf,EACD,YAAY,CACf,CAAC;IACF,MAAM,UAAU,GAAI,YAAY,CAAC,KAAK,EAAE,CAAC,KAAoB,CAAC,MAAM,CAChE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CACpC,CAAC;IAEF,OAAO,wBAAwB,CAC3B,iBAAiB,EACjB,UAAU,EACV,GAAG,IAAI,YAAY,CACtB,CAAC;AACN,CAAC,CAAC;AAEF;;;;;;;;;GASG;AACH,MAAM,sBAAsB,GAAG,CAC3B,IAAuB,EACvB,eAAwB,KAAK,EACa,EAAE;IAC5C,MAAM,MAAM,GAAG;QACX,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,mBAAmB;QAC/C,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE,+BAA+B;QACvE,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,mBAAmB;QAC/C,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,sBAAsB;QACrD,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,kBAAkB;KAChD,CAAC,IAAI,CAAC,CAAC;IACR,MAAM,OAAO,GAAG,IAAyC,CAAC;IAE1D,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC/D,sCAAsC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,qBAAqB,CAC3C,WAAW,CAAC,KAAK,EAAE,CAAC,KAAmB,EACvC,YAAY,CACf,CAAC;IAEF,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAChE,sBAAsB,CAClB;QACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;QACzC,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC;QACjC,YAAY;KACf,EACD,YAAY,CACf,CAAC;IACF,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,KAAmB,CAAC;IAE5D,OAAO,wBAAwB,CAC3B,iBAAiB,EACjB,UAAU,EACV,GAAG,IAAI,QAAQ,CAClB,CAAC;AACN,CAAC,CAAC;AAEF,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IAClC,MAAM,kBAAkB,GAAG;QACvB,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,MAAM,eAAe,GAAG,CACpB,KAAa,EACb,UAAsD,EACxD,EAAE;QACA,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC;YACpC,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;QAC7C,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,wDAAwD,EACxD,CAAC,IAAI,EAAE,EAAE,CACL,eAAe,CACX,+BAA+B,IAAI,CAAC,WAAW,EAAE,EAAE,EACnD,0BAA0B,CAAC,IAAI,EAAE,KAAK,CAAC,CAC1C,CACR,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,6DAA6D,EAC7D,CAAC,IAAI,EAAE,EAAE,CACL,eAAe,CACX,0CAA0C,IAAI,CAAC,WAAW,EAAE,EAAE,EAC9D,0BAA0B,CAAC,IAAI,EAAE,IAAI,CAAC,CACzC,CACR,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,gDAAgD,EAChD,CAAC,IAAI,EAAE,EAAE,CACL,eAAe,CACX,2BAA2B,IAAI,CAAC,WAAW,EAAE,EAAE,EAC/C,sBAAsB,CAAC,IAAI,EAAE,KAAK,CAAC,CACtC,CACR,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CACvB,qDAAqD,EACrD,CAAC,IAAI,EAAE,EAAE,CACL,eAAe,CACX,sCAAsC,IAAI,CAAC,WAAW,EAAE,EAAE,EAC1D,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CACrC,CACR,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,iEAAiE;IACjE,iEAAiE;IACjE,+DAA+D;IAC/D,kEAAkE;IAClE,+DAA+D;IAC/D,iEAAiE;IACjE,wDAAwD;IACxD,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;YACtE,MAAM,aAAa,GAAG,IAAI,GAAG,CACzB,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CACvD,CAAC;YACF,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;YACvC,kBAAkB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAChC,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,CAAC,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAC9B,CAAC;YAEF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,KAAK,CACT,+CAA+C;oBAC3C,uDAAuD;oBACvD,4CAA4C;oBAC5C,0BAA0B,CACjC,CAAC;gBACF,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACnC,CAAC;YAED,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,QAAQ,CAAC,IAAI,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACnD,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YAErD,kBAAkB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG;oBACX,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;oBAC1C,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAClC,0BAA0B;oBAC9B,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,cAAc;oBAC1C,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,iBAAiB;oBAChD,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,aAAa;iBAC3C,CAAC,IAAI,CAAC,CAAC;gBAER,yBAAyB;gBACzB,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;gBAC/D,sBAAsB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBAClD,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEvD,0BAA0B;gBAC1B,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;gBAChE,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBACzC,sBAAsB,CAClB;oBACI,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,MAAM;oBACN,YAAY,EAAE,KAAK;iBACtB,EACD,YAAY,CACf,CAAC;gBACF,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC;gBAEzD,OAAO,CAAC,GAAG,CACP,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,iBAAiB,aAAa;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,kBAAkB,cAAc;qBAC3C,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,MAAM;qBACrC,QAAQ,EAAE;qBACV,QAAQ,CAAC,CAAC,CAAC,EAAE,CACrB,CAAC;YACN,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/esm/authorization/scopes.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopes.ts"],"names":[],"mappings":"AAEA,OAAO,EAEH,KAAK,KAAK,EAEV,KAAK,SAAS,EACjB,MAAM,iBAAiB,CAAC;~~AAuxBzB~~,eAAO,MAAM,SAAS,GAAI;;CAA6B,KAAG,KAAK,EACX,CAAC;AAErD,eAAO,MAAM,cAAc,GAAI;;CAA6B,KAAG,MAAM,CACjE,SAAS,EACT,KAAK,CAQJ,CAAC"}
1	+ {"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopes.ts"],"names":[],"mappings":"AAEA,OAAO,EAEH,KAAK,KAAK,EAEV,KAAK,SAAS,EACjB,MAAM,iBAAiB,CAAC;AAuwBzB,eAAO,MAAM,SAAS,GAAI;;CAA6B,KAAG,KAAK,EACX,CAAC;AAErD,eAAO,MAAM,cAAc,GAAI;;CAA6B,KAAG,MAAM,CACjE,SAAS,EACT,KAAK,CAQJ,CAAC"}

package/dist/esm/authorization/scopes.js CHANGED Viewed

@@ -450,6 +450,13 @@ const scopes = [
         group: ScopeGroup.ORGANIZATION_MANAGEMENT,
         getConditions: addDefaultUuidCondition,
     },
+    {
+        name: 'view:OrganizationWarehouseCredentials',
+        description: 'View organization warehouse credentials',
+        isEnterprise: true,
+        group: ScopeGroup.ORGANIZATION_MANAGEMENT,
+        getConditions: addDefaultUuidCondition,
+    },
     {
         name: 'manage:OrganizationWarehouseCredentials',
         description: 'Manage organization warehouse credentials',
@@ -595,28 +602,6 @@ const scopes = [
         group: ScopeGroup.DATA,
         getConditions: addDefaultUuidCondition,
     },
-    // Sharing Scopes
-    {
-        name: 'export:DashboardCsv',
-        description: 'Can export dashboards and charts to CSV',
-        isEnterprise: false,
-        group: ScopeGroup.SHARING,
-        getConditions: () => [],
-    },
-    {
-        name: 'export:DashboardImage',
-        description: 'Can export dashboards and charts to images',
-        isEnterprise: false,
-        group: ScopeGroup.SHARING,
-        getConditions: () => [],
-    },
-    {
-        name: 'export:DashboardPdf',
-        description: 'Can export dashboards and charts to PDF',
-        isEnterprise: false,
-        group: ScopeGroup.SHARING,
-        getConditions: () => [],
-    },
     // AI Agent
     {
         name: 'view:AiAgent',