@liveblocks/core 3.20.0-perm2 → 3.20.0-perm4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -104,19 +104,23 @@ declare const Permission: {
104
104
  type Permission = (typeof Permission)[keyof typeof Permission];
105
105
  type AccessLevel = "write" | "read" | "none";
106
106
  type RequiredAccessLevel = "read" | "write";
107
- type PermissionCapabilities = {
108
- creation: AccessLevel;
107
+ type PermissionMatrix = {
108
+ room: AccessLevel;
109
109
  presence: AccessLevel;
110
110
  storage: AccessLevel;
111
111
  comments: AccessLevel;
112
112
  feeds: AccessLevel;
113
113
  personal: "write";
114
114
  };
115
- type PermissionResources = keyof PermissionCapabilities;
116
- declare function permissionCapabilitiesFromScopes(scopes: readonly string[]): PermissionCapabilities;
117
- declare function hasPermissionCapability(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
118
- declare function hasPermissionCapabilityAccess(capabilities: Partial<PermissionCapabilities>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
115
+ type PermissionResources = keyof PermissionMatrix;
116
+ declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
117
+ declare function hasPermissionAccess(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
118
+ declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
119
119
 
120
+ type RoomPermissionGrant = {
121
+ resource: string;
122
+ scopes: readonly string[];
123
+ };
120
124
  type RoomPermission = Permission[];
121
125
  type RoomPermissionObject = {
122
126
  default?: "read" | "write";
@@ -132,7 +136,8 @@ type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
132
136
  declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
133
137
  declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
134
138
  declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
135
- declare function getRoomPermissionConflicts(permission: Permission): readonly Permission[];
139
+ declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
140
+ declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
136
141
 
137
142
  type CustomAuthenticationResult = Relax<{
138
143
  token: string;
@@ -5770,4 +5775,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5770
5775
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5771
5776
  };
5772
5777
 
5773
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionCapabilities, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionInput, type RoomPermissionObject, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getRoomPermissionConflicts, getSubscriptionKey, hasPermissionCapability, hasPermissionCapabilityAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionCapabilitiesFromScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5778
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionObject, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.d.ts CHANGED
@@ -104,19 +104,23 @@ declare const Permission: {
104
104
  type Permission = (typeof Permission)[keyof typeof Permission];
105
105
  type AccessLevel = "write" | "read" | "none";
106
106
  type RequiredAccessLevel = "read" | "write";
107
- type PermissionCapabilities = {
108
- creation: AccessLevel;
107
+ type PermissionMatrix = {
108
+ room: AccessLevel;
109
109
  presence: AccessLevel;
110
110
  storage: AccessLevel;
111
111
  comments: AccessLevel;
112
112
  feeds: AccessLevel;
113
113
  personal: "write";
114
114
  };
115
- type PermissionResources = keyof PermissionCapabilities;
116
- declare function permissionCapabilitiesFromScopes(scopes: readonly string[]): PermissionCapabilities;
117
- declare function hasPermissionCapability(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
118
- declare function hasPermissionCapabilityAccess(capabilities: Partial<PermissionCapabilities>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
115
+ type PermissionResources = keyof PermissionMatrix;
116
+ declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
117
+ declare function hasPermissionAccess(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
118
+ declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
119
119
 
120
+ type RoomPermissionGrant = {
121
+ resource: string;
122
+ scopes: readonly string[];
123
+ };
120
124
  type RoomPermission = Permission[];
121
125
  type RoomPermissionObject = {
122
126
  default?: "read" | "write";
@@ -132,7 +136,8 @@ type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
132
136
  declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
133
137
  declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
134
138
  declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
135
- declare function getRoomPermissionConflicts(permission: Permission): readonly Permission[];
139
+ declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
140
+ declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
136
141
 
137
142
  type CustomAuthenticationResult = Relax<{
138
143
  token: string;
@@ -5770,4 +5775,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5770
5775
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5771
5776
  };
5772
5777
 
5773
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionCapabilities, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionInput, type RoomPermissionObject, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getRoomPermissionConflicts, getSubscriptionKey, hasPermissionCapability, hasPermissionCapabilityAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionCapabilitiesFromScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5778
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionObject, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.js CHANGED
@@ -6,7 +6,7 @@ var __export = (target, all) => {
6
6
 
7
7
  // src/version.ts
8
8
  var PKG_NAME = "@liveblocks/core";
9
- var PKG_VERSION = "3.20.0-perm2";
9
+ var PKG_VERSION = "3.20.0-perm4";
10
10
  var PKG_FORMAT = "esm";
11
11
 
12
12
  // src/dupe-detection.ts
@@ -5215,8 +5215,8 @@ var ACCESS_RANKS = {
5215
5215
  read: 1,
5216
5216
  write: 2
5217
5217
  };
5218
- var NO_PERMISSION_CAPABILITIES = {
5219
- creation: "none",
5218
+ var NO_PERMISSION_MATRIX = {
5219
+ room: "none",
5220
5220
  presence: "none",
5221
5221
  storage: "none",
5222
5222
  comments: "none",
@@ -5224,7 +5224,7 @@ var NO_PERMISSION_CAPABILITIES = {
5224
5224
  personal: "write"
5225
5225
  };
5226
5226
  var RESOURCE_PERMISSIONS = {
5227
- creation: {
5227
+ room: {
5228
5228
  read: [Permission.RoomRead],
5229
5229
  write: [Permission.RoomWrite]
5230
5230
  },
@@ -5252,7 +5252,7 @@ var RESOURCE_PERMISSIONS = {
5252
5252
  none: [Permission.RoomFeedsNone]
5253
5253
  }
5254
5254
  };
5255
- var DEFAULT_PERMISSION_RESOURCE = "creation";
5255
+ var DEFAULT_PERMISSION_RESOURCE = "room";
5256
5256
  var ROOM_PERMISSION_RESOURCES = [
5257
5257
  "presence",
5258
5258
  "storage",
@@ -5270,75 +5270,60 @@ function resolveResourceAccess(scopes, resource) {
5270
5270
  }
5271
5271
  return resourceAccess;
5272
5272
  }
5273
- function resolveFullPermissionCapabilities(resolved) {
5273
+ function resolveFullPermissionMatrix(resolved) {
5274
5274
  if (!resolved.hasDefaultPermission) {
5275
- return { ...NO_PERMISSION_CAPABILITIES, ...resolved.capabilities };
5275
+ return { ...NO_PERMISSION_MATRIX, ...resolved.matrix };
5276
5276
  }
5277
- const capabilities = {
5278
- ...NO_PERMISSION_CAPABILITIES,
5277
+ const matrix = {
5278
+ ...NO_PERMISSION_MATRIX,
5279
5279
  [DEFAULT_PERMISSION_RESOURCE]: resolved.baseAccess
5280
5280
  };
5281
5281
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5282
- capabilities[resource] = resolved.capabilities[resource] ?? resolved.baseAccess;
5282
+ matrix[resource] = resolved.matrix[resource] ?? resolved.baseAccess;
5283
5283
  }
5284
- return capabilities;
5284
+ return matrix;
5285
5285
  }
5286
- function permissionCapabilitiesFromScopes(scopes) {
5287
- return resolveFullPermissionCapabilities(
5288
- resolvePermissionCapabilities(scopes)
5289
- );
5286
+ function permissionMatrixFromScopes(scopes) {
5287
+ return resolveFullPermissionMatrix(resolvePermissionMatrix(scopes));
5290
5288
  }
5291
- function resolvePermissionCapabilities(scopes) {
5289
+ function resolvePermissionMatrix(scopes) {
5292
5290
  const hasDefaultPermission = scopes.includes(Permission.RoomWrite) || scopes.includes(Permission.RoomRead);
5293
5291
  const baseAccess = scopes.includes(Permission.RoomWrite) ? "write" : scopes.includes(Permission.RoomRead) ? "read" : "none";
5294
- const capabilities = {};
5292
+ const matrix = {};
5295
5293
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5296
5294
  const access = resolveResourceAccess(scopes, resource);
5297
5295
  if (access !== void 0) {
5298
- capabilities[resource] = access;
5296
+ matrix[resource] = access;
5299
5297
  }
5300
5298
  }
5301
- return { hasDefaultPermission, baseAccess, capabilities };
5299
+ return { hasDefaultPermission, baseAccess, matrix };
5302
5300
  }
5303
- function hasPermissionCapability(scopes, resource, requiredAccess) {
5304
- const access = permissionCapabilitiesFromScopes(scopes)[resource];
5301
+ function hasPermissionAccess(source, resource, requiredAccess) {
5302
+ const matrix = isPermissionScopes(source) ? permissionMatrixFromScopes(source) : source;
5303
+ const access = matrix[resource] ?? "none";
5305
5304
  return ACCESS_RANKS[access] >= ACCESS_RANKS[requiredAccess];
5306
5305
  }
5307
- function hasPermissionCapabilityAccess(capabilities, resource, requiredAccess) {
5308
- const access = capabilities[resource] ?? "none";
5309
- return ACCESS_RANKS[access] >= ACCESS_RANKS[requiredAccess];
5306
+ function isPermissionScopes(source) {
5307
+ return Array.isArray(source);
5310
5308
  }
5311
5309
 
5312
5310
  // src/permissions.ts
5313
5311
  var VALID_PERMISSIONS = new Set(Object.values(Permission));
5314
- var DEFAULT_PERMISSIONS = [
5315
- Permission.RoomRead,
5316
- Permission.RoomWrite
5317
- ];
5318
5312
  var ROOM_PERMISSION_OBJECT_KEYS = /* @__PURE__ */ new Set([
5319
5313
  "default",
5320
5314
  ...ROOM_PERMISSION_RESOURCES
5321
5315
  ]);
5322
- var RESOURCE_SPECIFIC_PERMISSIONS_BY_RESOURCE = {
5323
- presence: Object.values(RESOURCE_PERMISSIONS.presence).flat(),
5324
- storage: Object.values(RESOURCE_PERMISSIONS.storage).flat(),
5325
- comments: Object.values(RESOURCE_PERMISSIONS.comments).flat(),
5326
- feeds: Object.values(RESOURCE_PERMISSIONS.feeds).flat()
5327
- };
5328
- var RESOURCE_SPECIFIC_PERMISSIONS = ROOM_PERMISSION_RESOURCES.flatMap(
5329
- (resource) => RESOURCE_SPECIFIC_PERMISSIONS_BY_RESOURCE[resource]
5330
- );
5331
- function permissionForAccessLevel(resource, access) {
5316
+ function permissionForAccessLevel(resource, access, field = resource) {
5332
5317
  const levels = RESOURCE_PERMISSIONS[resource];
5333
5318
  const permissions = levels[access];
5334
5319
  if (permissions === void 0 || permissions.length === 0) {
5335
5320
  throw new Error(
5336
- `Invalid permission level for ${resource}: ${String(access)}`
5321
+ `Invalid permission level for ${field}: ${JSON.stringify(access) ?? String(access)}`
5337
5322
  );
5338
5323
  }
5339
5324
  return permissions[0];
5340
5325
  }
5341
- function resolveRoomPermissionCapabilities(permissions, roomId) {
5326
+ function resolveRoomPermissionMatrix(permissions, roomId) {
5342
5327
  const matchedPermissions = permissions.filter(
5343
5328
  (permission) => resourceMatchesRoomId(permission.resource, roomId)
5344
5329
  );
@@ -5347,27 +5332,27 @@ function resolveRoomPermissionCapabilities(permissions, roomId) {
5347
5332
  }
5348
5333
  let hasDefaultPermission = false;
5349
5334
  let baseAccess = "none";
5350
- const explicitCapabilities = {};
5335
+ const explicitMatrix = {};
5351
5336
  for (const permission of matchedPermissions) {
5352
- const resolved = resolvePermissionCapabilities(permission.scopes);
5337
+ const resolved = resolvePermissionMatrix(permission.scopes);
5353
5338
  if (resolved.hasDefaultPermission) {
5354
5339
  hasDefaultPermission = true;
5355
5340
  baseAccess = strongestAccess(baseAccess, resolved.baseAccess);
5356
5341
  }
5357
5342
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5358
- const access = resolved.capabilities[resource];
5343
+ const access = resolved.matrix[resource];
5359
5344
  if (access !== void 0) {
5360
- explicitCapabilities[resource] = strongestAccess(
5361
- explicitCapabilities[resource] ?? "none",
5345
+ explicitMatrix[resource] = strongestAccess(
5346
+ explicitMatrix[resource] ?? "none",
5362
5347
  access
5363
5348
  );
5364
5349
  }
5365
5350
  }
5366
5351
  }
5367
- return resolveFullPermissionCapabilities({
5352
+ return resolveFullPermissionMatrix({
5368
5353
  hasDefaultPermission,
5369
5354
  baseAccess,
5370
- capabilities: explicitCapabilities
5355
+ matrix: explicitMatrix
5371
5356
  });
5372
5357
  }
5373
5358
  function isRoomPermissionArray(input) {
@@ -5393,7 +5378,11 @@ function normalizeRoomPermissionObject(objectInput) {
5393
5378
  const permissions = [];
5394
5379
  if (objectInput.default !== void 0) {
5395
5380
  permissions.push(
5396
- permissionForAccessLevel(DEFAULT_PERMISSION_RESOURCE, objectInput.default)
5381
+ permissionForAccessLevel(
5382
+ DEFAULT_PERMISSION_RESOURCE,
5383
+ objectInput.default,
5384
+ "default"
5385
+ )
5397
5386
  );
5398
5387
  }
5399
5388
  for (const resource of ROOM_PERMISSION_RESOURCES) {
@@ -5429,17 +5418,37 @@ function normalizeRoomAccessesUpdateInput(input) {
5429
5418
  ])
5430
5419
  );
5431
5420
  }
5432
- function getRoomPermissionConflicts(permission) {
5433
- if (DEFAULT_PERMISSIONS.includes(permission)) {
5434
- return [...DEFAULT_PERMISSIONS, ...RESOURCE_SPECIFIC_PERMISSIONS];
5421
+ function mergePermissionMatrices(sources) {
5422
+ return {
5423
+ room: strongestMatrixAccess(sources, "room"),
5424
+ presence: strongestMatrixAccess(sources, "presence"),
5425
+ storage: strongestMatrixAccess(sources, "storage"),
5426
+ comments: strongestMatrixAccess(sources, "comments"),
5427
+ feeds: strongestMatrixAccess(sources, "feeds"),
5428
+ personal: "write"
5429
+ };
5430
+ }
5431
+ function permissionMatrixToScopes(matrix) {
5432
+ const scopes = [];
5433
+ const baseAccess = matrix.room;
5434
+ if (baseAccess !== "none") {
5435
+ scopes.push(
5436
+ permissionForAccessLevel(DEFAULT_PERMISSION_RESOURCE, baseAccess)
5437
+ );
5435
5438
  }
5436
5439
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5437
- const permissions = RESOURCE_SPECIFIC_PERMISSIONS_BY_RESOURCE[resource];
5438
- if (permissions.includes(permission)) {
5439
- return permissions;
5440
+ const access = matrix[resource];
5441
+ if (access !== baseAccess) {
5442
+ scopes.push(permissionForAccessLevel(resource, access));
5440
5443
  }
5441
5444
  }
5442
- return [];
5445
+ return scopes;
5446
+ }
5447
+ function strongestMatrixAccess(sources, resource) {
5448
+ return sources.reduce(
5449
+ (strongest, source) => strongestAccess(strongest, source[resource]),
5450
+ "none"
5451
+ );
5443
5452
  }
5444
5453
  function strongestAccess(left, right) {
5445
5454
  return ACCESS_RANKS[right] > ACCESS_RANKS[left] ? right : left;
@@ -5630,15 +5639,11 @@ function cachedTokenSatisfiesRequest(cachedToken, request) {
5630
5639
  if (request.roomId === void 0) {
5631
5640
  return false;
5632
5641
  }
5633
- const capabilities = resolveRoomPermissionCapabilities(
5642
+ const matrix = resolveRoomPermissionMatrix(
5634
5643
  cachedToken.permissions ?? [],
5635
5644
  request.roomId
5636
5645
  );
5637
- return capabilities !== void 0 && hasPermissionCapabilityAccess(
5638
- capabilities,
5639
- request.resource,
5640
- request.access
5641
- );
5646
+ return matrix !== void 0 && hasPermissionAccess(matrix, request.resource, request.access);
5642
5647
  }
5643
5648
  function prepareAuthentication(authOptions) {
5644
5649
  const { publicApiKey, authEndpoint } = authOptions;
@@ -9530,14 +9535,14 @@ var ClientMsgCode = Object.freeze({
9530
9535
  // src/refs/ManagedOthers.ts
9531
9536
  function makeUser(conn, presence) {
9532
9537
  const { connectionId, id, info } = conn;
9533
- const canWrite = hasPermissionCapability(conn.scopes, "storage", "write");
9538
+ const canWrite = hasPermissionAccess(conn.scopes, "storage", "write");
9534
9539
  return freeze(
9535
9540
  compactObject({
9536
9541
  connectionId,
9537
9542
  id,
9538
9543
  info,
9539
9544
  canWrite,
9540
- canComment: hasPermissionCapability(conn.scopes, "comments", "write"),
9545
+ canComment: hasPermissionAccess(conn.scopes, "comments", "write"),
9541
9546
  isReadOnly: !canWrite,
9542
9547
  // Deprecated, kept for backward-compatibility
9543
9548
  presence
@@ -9994,7 +9999,7 @@ function createRoom(options, config) {
9994
9999
  }
9995
10000
  function isStorageWritable() {
9996
10001
  const scopes = context.dynamicSessionInfoSig.get()?.scopes;
9997
- return scopes !== void 0 ? hasPermissionCapability(scopes, "storage", "write") : true;
10002
+ return scopes !== void 0 ? hasPermissionAccess(scopes, "storage", "write") : true;
9998
10003
  }
9999
10004
  const eventHub = {
10000
10005
  status: makeEventSource(),
@@ -10055,7 +10060,7 @@ function createRoom(options, config) {
10055
10060
  if (staticSession === null || dynamicSession === null) {
10056
10061
  return null;
10057
10062
  } else {
10058
- const canWrite = hasPermissionCapability(
10063
+ const canWrite = hasPermissionAccess(
10059
10064
  dynamicSession.scopes,
10060
10065
  "storage",
10061
10066
  "write"
@@ -10066,7 +10071,7 @@ function createRoom(options, config) {
10066
10071
  info: staticSession.userInfo,
10067
10072
  presence: myPresence,
10068
10073
  canWrite,
10069
- canComment: hasPermissionCapability(
10074
+ canComment: hasPermissionAccess(
10070
10075
  dynamicSession.scopes,
10071
10076
  "comments",
10072
10077
  "write"
@@ -12674,10 +12679,8 @@ export {
12674
12679
  freeze,
12675
12680
  generateUrl,
12676
12681
  getMentionsFromCommentBody,
12677
- getRoomPermissionConflicts,
12678
12682
  getSubscriptionKey,
12679
- hasPermissionCapability,
12680
- hasPermissionCapabilityAccess,
12683
+ hasPermissionAccess,
12681
12684
  html,
12682
12685
  htmlSafe,
12683
12686
  isCommentBodyLink,
@@ -12705,6 +12708,7 @@ export {
12705
12708
  makePosition,
12706
12709
  mapValues,
12707
12710
  memoizeOnSuccess,
12711
+ mergePermissionMatrices,
12708
12712
  nanoid,
12709
12713
  nn,
12710
12714
  nodeStreamToCompactNodes,
@@ -12713,7 +12717,8 @@ export {
12713
12717
  normalizeRoomPermissionInput,
12714
12718
  objectToQuery,
12715
12719
  patchNotificationSettings,
12716
- permissionCapabilitiesFromScopes,
12720
+ permissionMatrixFromScopes,
12721
+ permissionMatrixToScopes,
12717
12722
  raise,
12718
12723
  resolveMentionsInCommentBody,
12719
12724
  sanitizeUrl,