@liveblocks/core 3.20.0-perm5 → 3.20.0-perm6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +68 -58
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +14 -9
- package/dist/index.d.ts +14 -9
- package/dist/index.js +67 -57
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -6,7 +6,7 @@ var __export = (target, all) => {
|
|
|
6
6
|
|
|
7
7
|
// src/version.ts
|
|
8
8
|
var PKG_NAME = "@liveblocks/core";
|
|
9
|
-
var PKG_VERSION = "3.20.0-
|
|
9
|
+
var PKG_VERSION = "3.20.0-perm6";
|
|
10
10
|
var PKG_FORMAT = "cjs";
|
|
11
11
|
|
|
12
12
|
// src/dupe-detection.ts
|
|
@@ -5167,7 +5167,7 @@ function createReceivingToolInvocation(invocationId, name, partialArgsText = "")
|
|
|
5167
5167
|
};
|
|
5168
5168
|
}
|
|
5169
5169
|
|
|
5170
|
-
// src/
|
|
5170
|
+
// src/permissions.ts
|
|
5171
5171
|
var Permission = {
|
|
5172
5172
|
/**
|
|
5173
5173
|
* Default permission for a room.
|
|
@@ -5202,24 +5202,13 @@ var Permission = {
|
|
|
5202
5202
|
*/
|
|
5203
5203
|
LegacyRoomPresenceWrite: "room:presence:write"
|
|
5204
5204
|
};
|
|
5205
|
-
var ACCESS_LEVELS = [
|
|
5206
|
-
|
|
5207
|
-
"read",
|
|
5208
|
-
"write"
|
|
5209
|
-
];
|
|
5210
|
-
var ACCESS_RANKS = {
|
|
5205
|
+
var ACCESS_LEVELS = ["none", "read", "write"];
|
|
5206
|
+
var ACCESS_LEVEL_RANKS = {
|
|
5211
5207
|
none: 0,
|
|
5212
5208
|
read: 1,
|
|
5213
5209
|
write: 2
|
|
5214
5210
|
};
|
|
5215
|
-
var
|
|
5216
|
-
room: "none",
|
|
5217
|
-
storage: "none",
|
|
5218
|
-
comments: "none",
|
|
5219
|
-
feeds: "none",
|
|
5220
|
-
personal: "write"
|
|
5221
|
-
};
|
|
5222
|
-
var RESOURCE_PERMISSIONS = {
|
|
5211
|
+
var PERMISSIONS_BY_RESOURCE = {
|
|
5223
5212
|
room: {
|
|
5224
5213
|
read: [Permission.Read, Permission.RoomRead],
|
|
5225
5214
|
write: [Permission.Write, Permission.RoomWrite]
|
|
@@ -5243,14 +5232,22 @@ var RESOURCE_PERMISSIONS = {
|
|
|
5243
5232
|
none: [Permission.FeedsNone]
|
|
5244
5233
|
}
|
|
5245
5234
|
};
|
|
5246
|
-
var
|
|
5235
|
+
var NO_PERMISSION_MATRIX = {
|
|
5236
|
+
room: "none",
|
|
5237
|
+
storage: "none",
|
|
5238
|
+
comments: "none",
|
|
5239
|
+
feeds: "none",
|
|
5240
|
+
personal: "none"
|
|
5241
|
+
};
|
|
5242
|
+
var BASE_PERMISSION_RESOURCE = "room";
|
|
5247
5243
|
var ROOM_PERMISSION_RESOURCES = [
|
|
5248
5244
|
"storage",
|
|
5249
5245
|
"comments",
|
|
5250
5246
|
"feeds"
|
|
5251
5247
|
];
|
|
5248
|
+
var VALID_PERMISSIONS = new Set(Object.values(Permission));
|
|
5252
5249
|
function resolveResourceAccess(scopes, resource) {
|
|
5253
|
-
const permissions =
|
|
5250
|
+
const permissions = PERMISSIONS_BY_RESOURCE[resource];
|
|
5254
5251
|
let resourceAccess;
|
|
5255
5252
|
for (const access of ACCESS_LEVELS) {
|
|
5256
5253
|
const scopedPermissions = permissions[access];
|
|
@@ -5260,13 +5257,14 @@ function resolveResourceAccess(scopes, resource) {
|
|
|
5260
5257
|
}
|
|
5261
5258
|
return resourceAccess;
|
|
5262
5259
|
}
|
|
5263
|
-
function
|
|
5260
|
+
function permissionMatrixFromResolvedScopes(resolved) {
|
|
5264
5261
|
if (!resolved.hasDefaultPermission) {
|
|
5265
|
-
return NO_PERMISSION_MATRIX;
|
|
5262
|
+
return { ...NO_PERMISSION_MATRIX };
|
|
5266
5263
|
}
|
|
5267
5264
|
const matrix = {
|
|
5268
5265
|
...NO_PERMISSION_MATRIX,
|
|
5269
|
-
[
|
|
5266
|
+
[BASE_PERMISSION_RESOURCE]: resolved.baseAccess,
|
|
5267
|
+
personal: "write"
|
|
5270
5268
|
};
|
|
5271
5269
|
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5272
5270
|
matrix[resource] = _nullishCoalesce(resolved.matrix[resource], () => ( resolved.baseAccess));
|
|
@@ -5274,9 +5272,9 @@ function resolveFullPermissionMatrix(resolved) {
|
|
|
5274
5272
|
return matrix;
|
|
5275
5273
|
}
|
|
5276
5274
|
function permissionMatrixFromScopes(scopes) {
|
|
5277
|
-
return
|
|
5275
|
+
return permissionMatrixFromResolvedScopes(resolvePermissionScopes(scopes));
|
|
5278
5276
|
}
|
|
5279
|
-
function
|
|
5277
|
+
function resolvePermissionScopes(scopes) {
|
|
5280
5278
|
const hasDefaultPermission = scopes.includes(Permission.Write) || scopes.includes(Permission.Read) || scopes.includes(Permission.RoomWrite) || scopes.includes(Permission.RoomRead);
|
|
5281
5279
|
const baseAccess = scopes.includes(Permission.Write) || scopes.includes(Permission.RoomWrite) ? "write" : scopes.includes(Permission.Read) || scopes.includes(Permission.RoomRead) ? "read" : "none";
|
|
5282
5280
|
const matrix = {};
|
|
@@ -5288,26 +5286,9 @@ function resolvePermissionMatrix(scopes) {
|
|
|
5288
5286
|
}
|
|
5289
5287
|
return { hasDefaultPermission, baseAccess, matrix };
|
|
5290
5288
|
}
|
|
5291
|
-
function hasPermissionAccess(
|
|
5292
|
-
const matrix = isPermissionScopes(source) ? permissionMatrixFromScopes(source) : source;
|
|
5289
|
+
function hasPermissionAccess(matrix, resource, requiredAccess) {
|
|
5293
5290
|
const access = _nullishCoalesce(matrix[resource], () => ( "none"));
|
|
5294
|
-
return
|
|
5295
|
-
}
|
|
5296
|
-
function isPermissionScopes(source) {
|
|
5297
|
-
return Array.isArray(source);
|
|
5298
|
-
}
|
|
5299
|
-
|
|
5300
|
-
// src/permissions.ts
|
|
5301
|
-
var VALID_PERMISSIONS = new Set(Object.values(Permission));
|
|
5302
|
-
function permissionForAccessLevel(resource, access, field = resource) {
|
|
5303
|
-
const levels = RESOURCE_PERMISSIONS[resource];
|
|
5304
|
-
const permissions = levels[access];
|
|
5305
|
-
if (permissions === void 0 || permissions.length === 0) {
|
|
5306
|
-
throw new Error(
|
|
5307
|
-
`Invalid permission level for ${field}: ${_nullishCoalesce(JSON.stringify(access), () => ( String(access)))}`
|
|
5308
|
-
);
|
|
5309
|
-
}
|
|
5310
|
-
return permissions[0];
|
|
5291
|
+
return ACCESS_LEVEL_RANKS[access] >= ACCESS_LEVEL_RANKS[requiredAccess];
|
|
5311
5292
|
}
|
|
5312
5293
|
function resolveRoomPermissionMatrix(permissions, roomId) {
|
|
5313
5294
|
const matchedPermissions = permissions.filter(
|
|
@@ -5321,7 +5302,7 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
|
|
|
5321
5302
|
const explicitMatrix = {};
|
|
5322
5303
|
const explicitSpecificity = {};
|
|
5323
5304
|
for (const permission of matchedPermissions) {
|
|
5324
|
-
const resolved =
|
|
5305
|
+
const resolved = resolvePermissionScopes(permission.scopes);
|
|
5325
5306
|
const specificity = getResourceSpecificity(permission.resource);
|
|
5326
5307
|
if (resolved.hasDefaultPermission) {
|
|
5327
5308
|
hasDefaultPermission = true;
|
|
@@ -5343,7 +5324,7 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
|
|
|
5343
5324
|
}
|
|
5344
5325
|
}
|
|
5345
5326
|
}
|
|
5346
|
-
return
|
|
5327
|
+
return permissionMatrixFromResolvedScopes({
|
|
5347
5328
|
hasDefaultPermission,
|
|
5348
5329
|
baseAccess,
|
|
5349
5330
|
matrix: explicitMatrix
|
|
@@ -5388,16 +5369,14 @@ function mergePermissionMatrices(sources) {
|
|
|
5388
5369
|
storage: strongestMatrixAccess(sources, "storage"),
|
|
5389
5370
|
comments: strongestMatrixAccess(sources, "comments"),
|
|
5390
5371
|
feeds: strongestMatrixAccess(sources, "feeds"),
|
|
5391
|
-
personal: "
|
|
5372
|
+
personal: strongestMatrixAccess(sources, "personal")
|
|
5392
5373
|
};
|
|
5393
5374
|
}
|
|
5394
5375
|
function permissionMatrixToScopes(matrix) {
|
|
5395
5376
|
const scopes = [];
|
|
5396
5377
|
const baseAccess = matrix.room;
|
|
5397
5378
|
if (baseAccess !== "none") {
|
|
5398
|
-
scopes.push(
|
|
5399
|
-
permissionForAccessLevel(DEFAULT_PERMISSION_RESOURCE, baseAccess)
|
|
5400
|
-
);
|
|
5379
|
+
scopes.push(permissionForAccessLevel(BASE_PERMISSION_RESOURCE, baseAccess));
|
|
5401
5380
|
}
|
|
5402
5381
|
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5403
5382
|
const access = matrix[resource];
|
|
@@ -5407,6 +5386,28 @@ function permissionMatrixToScopes(matrix) {
|
|
|
5407
5386
|
}
|
|
5408
5387
|
return scopes;
|
|
5409
5388
|
}
|
|
5389
|
+
function mergeRoomPermissionScopes({
|
|
5390
|
+
defaultAccesses,
|
|
5391
|
+
groupsAccesses,
|
|
5392
|
+
userAccesses
|
|
5393
|
+
}) {
|
|
5394
|
+
const sources = [
|
|
5395
|
+
permissionMatrixFromScopes(defaultAccesses),
|
|
5396
|
+
...groupsAccesses.map((scopes) => permissionMatrixFromScopes(scopes)),
|
|
5397
|
+
...userAccesses !== void 0 ? [permissionMatrixFromScopes(userAccesses)] : []
|
|
5398
|
+
];
|
|
5399
|
+
return permissionMatrixToScopes(mergePermissionMatrices(sources));
|
|
5400
|
+
}
|
|
5401
|
+
function permissionForAccessLevel(resource, access, field = resource) {
|
|
5402
|
+
const levels = PERMISSIONS_BY_RESOURCE[resource];
|
|
5403
|
+
const permissions = levels[access];
|
|
5404
|
+
if (permissions === void 0 || permissions.length === 0) {
|
|
5405
|
+
throw new Error(
|
|
5406
|
+
`Invalid permission level for ${field}: ${_nullishCoalesce(JSON.stringify(access), () => ( String(access)))}`
|
|
5407
|
+
);
|
|
5408
|
+
}
|
|
5409
|
+
return permissions[0];
|
|
5410
|
+
}
|
|
5410
5411
|
function strongestMatrixAccess(sources, resource) {
|
|
5411
5412
|
return sources.reduce(
|
|
5412
5413
|
(strongest, source) => strongestAccess(strongest, source[resource]),
|
|
@@ -5414,7 +5415,7 @@ function strongestMatrixAccess(sources, resource) {
|
|
|
5414
5415
|
);
|
|
5415
5416
|
}
|
|
5416
5417
|
function strongestAccess(left, right) {
|
|
5417
|
-
return
|
|
5418
|
+
return ACCESS_LEVEL_RANKS[right] > ACCESS_LEVEL_RANKS[left] ? right : left;
|
|
5418
5419
|
}
|
|
5419
5420
|
function resourceMatchesRoomId(resource, roomId) {
|
|
5420
5421
|
if (resource.includes("*")) {
|
|
@@ -9501,14 +9502,22 @@ var ClientMsgCode = Object.freeze({
|
|
|
9501
9502
|
// src/refs/ManagedOthers.ts
|
|
9502
9503
|
function makeUser(conn, presence) {
|
|
9503
9504
|
const { connectionId, id, info } = conn;
|
|
9504
|
-
const canWrite = hasPermissionAccess(
|
|
9505
|
+
const canWrite = hasPermissionAccess(
|
|
9506
|
+
conn.permissionMatrix,
|
|
9507
|
+
"storage",
|
|
9508
|
+
"write"
|
|
9509
|
+
);
|
|
9505
9510
|
return freeze(
|
|
9506
9511
|
compactObject({
|
|
9507
9512
|
connectionId,
|
|
9508
9513
|
id,
|
|
9509
9514
|
info,
|
|
9510
9515
|
canWrite,
|
|
9511
|
-
canComment: hasPermissionAccess(
|
|
9516
|
+
canComment: hasPermissionAccess(
|
|
9517
|
+
conn.permissionMatrix,
|
|
9518
|
+
"comments",
|
|
9519
|
+
"write"
|
|
9520
|
+
),
|
|
9512
9521
|
isReadOnly: !canWrite,
|
|
9513
9522
|
// Deprecated, kept for backward-compatibility
|
|
9514
9523
|
presence
|
|
@@ -9587,7 +9596,7 @@ var ManagedOthers = class {
|
|
|
9587
9596
|
connectionId,
|
|
9588
9597
|
id: metaUserId,
|
|
9589
9598
|
info: metaUserInfo,
|
|
9590
|
-
scopes
|
|
9599
|
+
permissionMatrix: permissionMatrixFromScopes(scopes)
|
|
9591
9600
|
})
|
|
9592
9601
|
);
|
|
9593
9602
|
if (!state.presences.has(connectionId)) {
|
|
@@ -9964,8 +9973,8 @@ function createRoom(options, config) {
|
|
|
9964
9973
|
}
|
|
9965
9974
|
}
|
|
9966
9975
|
function isStorageWritable() {
|
|
9967
|
-
const
|
|
9968
|
-
return
|
|
9976
|
+
const permissionMatrix = _optionalChain([context, 'access', _224 => _224.dynamicSessionInfoSig, 'access', _225 => _225.get, 'call', _226 => _226(), 'optionalAccess', _227 => _227.permissionMatrix]);
|
|
9977
|
+
return permissionMatrix !== void 0 ? hasPermissionAccess(permissionMatrix, "storage", "write") : true;
|
|
9969
9978
|
}
|
|
9970
9979
|
const eventHub = {
|
|
9971
9980
|
status: makeEventSource(),
|
|
@@ -10027,7 +10036,7 @@ function createRoom(options, config) {
|
|
|
10027
10036
|
return null;
|
|
10028
10037
|
} else {
|
|
10029
10038
|
const canWrite = hasPermissionAccess(
|
|
10030
|
-
dynamicSession.
|
|
10039
|
+
dynamicSession.permissionMatrix,
|
|
10031
10040
|
"storage",
|
|
10032
10041
|
"write"
|
|
10033
10042
|
);
|
|
@@ -10038,7 +10047,7 @@ function createRoom(options, config) {
|
|
|
10038
10047
|
presence: myPresence,
|
|
10039
10048
|
canWrite,
|
|
10040
10049
|
canComment: hasPermissionAccess(
|
|
10041
|
-
dynamicSession.
|
|
10050
|
+
dynamicSession.permissionMatrix,
|
|
10042
10051
|
"comments",
|
|
10043
10052
|
"write"
|
|
10044
10053
|
)
|
|
@@ -10330,7 +10339,7 @@ function createRoom(options, config) {
|
|
|
10330
10339
|
context.dynamicSessionInfoSig.set({
|
|
10331
10340
|
actor: message.actor,
|
|
10332
10341
|
nonce: message.nonce,
|
|
10333
|
-
|
|
10342
|
+
permissionMatrix: permissionMatrixFromScopes(message.scopes),
|
|
10334
10343
|
meta: message.meta
|
|
10335
10344
|
});
|
|
10336
10345
|
context.idFactory = makeIdFactory(message.actor);
|
|
@@ -12703,5 +12712,6 @@ detectDupes(PKG_NAME, PKG_VERSION, PKG_FORMAT);
|
|
|
12703
12712
|
|
|
12704
12713
|
|
|
12705
12714
|
|
|
12706
|
-
|
|
12715
|
+
|
|
12716
|
+
exports.ClientMsgCode = ClientMsgCode; exports.CrdtType = CrdtType; exports.DefaultMap = DefaultMap; exports.Deque = Deque; exports.DerivedSignal = DerivedSignal; exports.FeedRequestErrorCode = FeedRequestErrorCode; exports.HttpError = HttpError; exports.LiveList = LiveList; exports.LiveMap = LiveMap; exports.LiveObject = LiveObject; exports.LiveblocksError = LiveblocksError; exports.MENTION_CHARACTER = MENTION_CHARACTER; exports.MutableSignal = MutableSignal; exports.OpCode = OpCode; exports.Permission = Permission; exports.Promise_withResolvers = Promise_withResolvers; exports.ServerMsgCode = ServerMsgCode; exports.Signal = Signal; exports.SortedList = SortedList; exports.TextEditorType = TextEditorType; exports.WebsocketCloseCodes = WebsocketCloseCodes; exports.asPos = asPos; exports.assert = assert; exports.assertNever = assertNever; exports.autoRetry = autoRetry; exports.b64decode = b64decode; exports.batch = batch; exports.checkBounds = checkBounds; exports.chunk = chunk; exports.cloneLson = cloneLson; exports.compactNodesToNodeStream = compactNodesToNodeStream; exports.compactObject = compactObject; exports.console = fancy_console_exports; exports.convertToCommentData = convertToCommentData; exports.convertToCommentUserReaction = convertToCommentUserReaction; exports.convertToGroupData = convertToGroupData; exports.convertToInboxNotificationData = convertToInboxNotificationData; exports.convertToSubscriptionData = convertToSubscriptionData; exports.convertToThreadData = convertToThreadData; exports.convertToUserSubscriptionData = convertToUserSubscriptionData; exports.createClient = createClient; exports.createCommentAttachmentId = createCommentAttachmentId; exports.createCommentId = createCommentId; exports.createInboxNotificationId = createInboxNotificationId; exports.createManagedPool = createManagedPool; exports.createNotificationSettings = createNotificationSettings; exports.createThreadId = createThreadId; exports.deepLiveify = deepLiveify; exports.defineAiTool = defineAiTool; exports.deprecate = deprecate; exports.deprecateIf = deprecateIf; exports.detectDupes = detectDupes; exports.entries = entries; exports.errorIf = errorIf; exports.findLastIndex = findLastIndex; exports.freeze = freeze; exports.generateUrl = generateUrl; exports.getMentionsFromCommentBody = getMentionsFromCommentBody; exports.getSubscriptionKey = getSubscriptionKey; exports.hasPermissionAccess = hasPermissionAccess; exports.html = html; exports.htmlSafe = htmlSafe; exports.isCommentBodyLink = isCommentBodyLink; exports.isCommentBodyMention = isCommentBodyMention; exports.isCommentBodyText = isCommentBodyText; exports.isJsonArray = isJsonArray; exports.isJsonObject = isJsonObject; exports.isJsonScalar = isJsonScalar; exports.isListStorageNode = isListStorageNode; exports.isLiveNode = isLiveNode; exports.isMapStorageNode = isMapStorageNode; exports.isNotificationChannelEnabled = isNotificationChannelEnabled; exports.isNumberOperator = isNumberOperator; exports.isObjectStorageNode = isObjectStorageNode; exports.isPlainObject = isPlainObject; exports.isRegisterStorageNode = isRegisterStorageNode; exports.isRootStorageNode = isRootStorageNode; exports.isStartsWithOperator = isStartsWithOperator; exports.isUrl = isUrl; exports.kInternal = kInternal; exports.keys = keys; exports.makeAbortController = makeAbortController; exports.makeEventSource = makeEventSource; exports.makePoller = makePoller; exports.makePosition = makePosition; exports.mapValues = mapValues; exports.memoizeOnSuccess = memoizeOnSuccess; exports.mergePermissionMatrices = mergePermissionMatrices; exports.mergeRoomPermissionScopes = mergeRoomPermissionScopes; exports.nanoid = nanoid; exports.nn = nn; exports.nodeStreamToCompactNodes = nodeStreamToCompactNodes; exports.normalizeRoomAccessesInput = normalizeRoomAccessesInput; exports.normalizeRoomAccessesUpdateInput = normalizeRoomAccessesUpdateInput; exports.normalizeRoomPermissionInput = normalizeRoomPermissionInput; exports.objectToQuery = objectToQuery; exports.patchNotificationSettings = patchNotificationSettings; exports.permissionMatrixFromScopes = permissionMatrixFromScopes; exports.permissionMatrixToScopes = permissionMatrixToScopes; exports.raise = raise; exports.resolveMentionsInCommentBody = resolveMentionsInCommentBody; exports.sanitizeUrl = sanitizeUrl; exports.shallow = shallow; exports.shallow2 = shallow2; exports.stableStringify = stableStringify; exports.stringifyCommentBody = stringifyCommentBody; exports.throwUsageError = throwUsageError; exports.toPlainLson = toPlainLson; exports.tryParseJson = tryParseJson; exports.url = url; exports.urljoin = urljoin; exports.wait = wait; exports.warnOnce = warnOnce; exports.warnOnceIf = warnOnceIf; exports.withTimeout = withTimeout;
|
|
12707
12717
|
//# sourceMappingURL=index.cjs.map
|