@liveblocks/core 3.20.0-perm5 → 3.20.0-perm6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -99,34 +99,39 @@ declare const Permission: {
99
99
  readonly LegacyRoomPresenceWrite: "room:presence:write";
100
100
  };
101
101
  type Permission = (typeof Permission)[keyof typeof Permission];
102
- type AccessLevel = "write" | "read" | "none";
102
+ declare const ACCESS_LEVELS: readonly ["none", "read", "write"];
103
+ type AccessLevel = (typeof ACCESS_LEVELS)[number];
103
104
  type RequiredAccessLevel = "read" | "write";
104
105
  type PermissionMatrix = {
105
106
  room: AccessLevel;
106
107
  storage: AccessLevel;
107
108
  comments: AccessLevel;
108
109
  feeds: AccessLevel;
109
- personal: "write";
110
+ personal: AccessLevel;
110
111
  };
111
112
  type PermissionResources = keyof PermissionMatrix;
112
- declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
113
- declare function hasPermissionAccess(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
114
- declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
115
-
116
113
  type RoomPermissionGrant = {
117
114
  resource: string;
118
- scopes: readonly string[];
115
+ scopes: readonly Permission[];
119
116
  };
120
117
  type RoomPermission = Permission[];
121
118
  type RoomPermissionInput = readonly Permission[];
122
119
  type RoomAccesses = Record<string, RoomPermission>;
123
120
  type RoomAccessesInput = Record<string, RoomPermissionInput>;
124
121
  type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
122
+ type RoomPermissionSources = {
123
+ defaultAccesses: readonly Permission[];
124
+ groupsAccesses: readonly (readonly Permission[])[];
125
+ userAccesses?: readonly Permission[] | undefined;
126
+ };
127
+ declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
128
+ declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
125
129
  declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
126
130
  declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
127
131
  declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
128
132
  declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
129
133
  declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
134
+ declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: RoomPermissionSources): Permission[];
130
135
 
131
136
  type CustomAuthenticationResult = Relax<{
132
137
  token: string;
@@ -4163,7 +4168,7 @@ type StaticSessionInfo = {
4163
4168
  type DynamicSessionInfo = {
4164
4169
  readonly actor: number;
4165
4170
  readonly nonce: string;
4166
- readonly scopes: string[];
4171
+ readonly permissionMatrix: PermissionMatrix;
4167
4172
  readonly meta: JsonObject;
4168
4173
  };
4169
4174
  type Polyfills = {
@@ -5764,4 +5769,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5764
5769
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5765
5770
  };
5766
5771
 
5767
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5772
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionSources, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.d.ts CHANGED
@@ -99,34 +99,39 @@ declare const Permission: {
99
99
  readonly LegacyRoomPresenceWrite: "room:presence:write";
100
100
  };
101
101
  type Permission = (typeof Permission)[keyof typeof Permission];
102
- type AccessLevel = "write" | "read" | "none";
102
+ declare const ACCESS_LEVELS: readonly ["none", "read", "write"];
103
+ type AccessLevel = (typeof ACCESS_LEVELS)[number];
103
104
  type RequiredAccessLevel = "read" | "write";
104
105
  type PermissionMatrix = {
105
106
  room: AccessLevel;
106
107
  storage: AccessLevel;
107
108
  comments: AccessLevel;
108
109
  feeds: AccessLevel;
109
- personal: "write";
110
+ personal: AccessLevel;
110
111
  };
111
112
  type PermissionResources = keyof PermissionMatrix;
112
- declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
113
- declare function hasPermissionAccess(scopes: readonly string[], resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
114
- declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
115
-
116
113
  type RoomPermissionGrant = {
117
114
  resource: string;
118
- scopes: readonly string[];
115
+ scopes: readonly Permission[];
119
116
  };
120
117
  type RoomPermission = Permission[];
121
118
  type RoomPermissionInput = readonly Permission[];
122
119
  type RoomAccesses = Record<string, RoomPermission>;
123
120
  type RoomAccessesInput = Record<string, RoomPermissionInput>;
124
121
  type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
122
+ type RoomPermissionSources = {
123
+ defaultAccesses: readonly Permission[];
124
+ groupsAccesses: readonly (readonly Permission[])[];
125
+ userAccesses?: readonly Permission[] | undefined;
126
+ };
127
+ declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
128
+ declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
125
129
  declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
126
130
  declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
127
131
  declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
128
132
  declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
129
133
  declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
134
+ declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: RoomPermissionSources): Permission[];
130
135
 
131
136
  type CustomAuthenticationResult = Relax<{
132
137
  token: string;
@@ -4163,7 +4168,7 @@ type StaticSessionInfo = {
4163
4168
  type DynamicSessionInfo = {
4164
4169
  readonly actor: number;
4165
4170
  readonly nonce: string;
4166
- readonly scopes: string[];
4171
+ readonly permissionMatrix: PermissionMatrix;
4167
4172
  readonly meta: JsonObject;
4168
4173
  };
4169
4174
  type Polyfills = {
@@ -5764,4 +5769,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5764
5769
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5765
5770
  };
5766
5771
 
5767
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5772
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionSources, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.js CHANGED
@@ -6,7 +6,7 @@ var __export = (target, all) => {
6
6
 
7
7
  // src/version.ts
8
8
  var PKG_NAME = "@liveblocks/core";
9
- var PKG_VERSION = "3.20.0-perm5";
9
+ var PKG_VERSION = "3.20.0-perm6";
10
10
  var PKG_FORMAT = "esm";
11
11
 
12
12
  // src/dupe-detection.ts
@@ -5167,7 +5167,7 @@ function createReceivingToolInvocation(invocationId, name, partialArgsText = "")
5167
5167
  };
5168
5168
  }
5169
5169
 
5170
- // src/protocol/Permissions.ts
5170
+ // src/permissions.ts
5171
5171
  var Permission = {
5172
5172
  /**
5173
5173
  * Default permission for a room.
@@ -5202,24 +5202,13 @@ var Permission = {
5202
5202
  */
5203
5203
  LegacyRoomPresenceWrite: "room:presence:write"
5204
5204
  };
5205
- var ACCESS_LEVELS = [
5206
- "none",
5207
- "read",
5208
- "write"
5209
- ];
5210
- var ACCESS_RANKS = {
5205
+ var ACCESS_LEVELS = ["none", "read", "write"];
5206
+ var ACCESS_LEVEL_RANKS = {
5211
5207
  none: 0,
5212
5208
  read: 1,
5213
5209
  write: 2
5214
5210
  };
5215
- var NO_PERMISSION_MATRIX = {
5216
- room: "none",
5217
- storage: "none",
5218
- comments: "none",
5219
- feeds: "none",
5220
- personal: "write"
5221
- };
5222
- var RESOURCE_PERMISSIONS = {
5211
+ var PERMISSIONS_BY_RESOURCE = {
5223
5212
  room: {
5224
5213
  read: [Permission.Read, Permission.RoomRead],
5225
5214
  write: [Permission.Write, Permission.RoomWrite]
@@ -5243,14 +5232,22 @@ var RESOURCE_PERMISSIONS = {
5243
5232
  none: [Permission.FeedsNone]
5244
5233
  }
5245
5234
  };
5246
- var DEFAULT_PERMISSION_RESOURCE = "room";
5235
+ var NO_PERMISSION_MATRIX = {
5236
+ room: "none",
5237
+ storage: "none",
5238
+ comments: "none",
5239
+ feeds: "none",
5240
+ personal: "none"
5241
+ };
5242
+ var BASE_PERMISSION_RESOURCE = "room";
5247
5243
  var ROOM_PERMISSION_RESOURCES = [
5248
5244
  "storage",
5249
5245
  "comments",
5250
5246
  "feeds"
5251
5247
  ];
5248
+ var VALID_PERMISSIONS = new Set(Object.values(Permission));
5252
5249
  function resolveResourceAccess(scopes, resource) {
5253
- const permissions = RESOURCE_PERMISSIONS[resource];
5250
+ const permissions = PERMISSIONS_BY_RESOURCE[resource];
5254
5251
  let resourceAccess;
5255
5252
  for (const access of ACCESS_LEVELS) {
5256
5253
  const scopedPermissions = permissions[access];
@@ -5260,13 +5257,14 @@ function resolveResourceAccess(scopes, resource) {
5260
5257
  }
5261
5258
  return resourceAccess;
5262
5259
  }
5263
- function resolveFullPermissionMatrix(resolved) {
5260
+ function permissionMatrixFromResolvedScopes(resolved) {
5264
5261
  if (!resolved.hasDefaultPermission) {
5265
- return NO_PERMISSION_MATRIX;
5262
+ return { ...NO_PERMISSION_MATRIX };
5266
5263
  }
5267
5264
  const matrix = {
5268
5265
  ...NO_PERMISSION_MATRIX,
5269
- [DEFAULT_PERMISSION_RESOURCE]: resolved.baseAccess
5266
+ [BASE_PERMISSION_RESOURCE]: resolved.baseAccess,
5267
+ personal: "write"
5270
5268
  };
5271
5269
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5272
5270
  matrix[resource] = resolved.matrix[resource] ?? resolved.baseAccess;
@@ -5274,9 +5272,9 @@ function resolveFullPermissionMatrix(resolved) {
5274
5272
  return matrix;
5275
5273
  }
5276
5274
  function permissionMatrixFromScopes(scopes) {
5277
- return resolveFullPermissionMatrix(resolvePermissionMatrix(scopes));
5275
+ return permissionMatrixFromResolvedScopes(resolvePermissionScopes(scopes));
5278
5276
  }
5279
- function resolvePermissionMatrix(scopes) {
5277
+ function resolvePermissionScopes(scopes) {
5280
5278
  const hasDefaultPermission = scopes.includes(Permission.Write) || scopes.includes(Permission.Read) || scopes.includes(Permission.RoomWrite) || scopes.includes(Permission.RoomRead);
5281
5279
  const baseAccess = scopes.includes(Permission.Write) || scopes.includes(Permission.RoomWrite) ? "write" : scopes.includes(Permission.Read) || scopes.includes(Permission.RoomRead) ? "read" : "none";
5282
5280
  const matrix = {};
@@ -5288,26 +5286,9 @@ function resolvePermissionMatrix(scopes) {
5288
5286
  }
5289
5287
  return { hasDefaultPermission, baseAccess, matrix };
5290
5288
  }
5291
- function hasPermissionAccess(source, resource, requiredAccess) {
5292
- const matrix = isPermissionScopes(source) ? permissionMatrixFromScopes(source) : source;
5289
+ function hasPermissionAccess(matrix, resource, requiredAccess) {
5293
5290
  const access = matrix[resource] ?? "none";
5294
- return ACCESS_RANKS[access] >= ACCESS_RANKS[requiredAccess];
5295
- }
5296
- function isPermissionScopes(source) {
5297
- return Array.isArray(source);
5298
- }
5299
-
5300
- // src/permissions.ts
5301
- var VALID_PERMISSIONS = new Set(Object.values(Permission));
5302
- function permissionForAccessLevel(resource, access, field = resource) {
5303
- const levels = RESOURCE_PERMISSIONS[resource];
5304
- const permissions = levels[access];
5305
- if (permissions === void 0 || permissions.length === 0) {
5306
- throw new Error(
5307
- `Invalid permission level for ${field}: ${JSON.stringify(access) ?? String(access)}`
5308
- );
5309
- }
5310
- return permissions[0];
5291
+ return ACCESS_LEVEL_RANKS[access] >= ACCESS_LEVEL_RANKS[requiredAccess];
5311
5292
  }
5312
5293
  function resolveRoomPermissionMatrix(permissions, roomId) {
5313
5294
  const matchedPermissions = permissions.filter(
@@ -5321,7 +5302,7 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
5321
5302
  const explicitMatrix = {};
5322
5303
  const explicitSpecificity = {};
5323
5304
  for (const permission of matchedPermissions) {
5324
- const resolved = resolvePermissionMatrix(permission.scopes);
5305
+ const resolved = resolvePermissionScopes(permission.scopes);
5325
5306
  const specificity = getResourceSpecificity(permission.resource);
5326
5307
  if (resolved.hasDefaultPermission) {
5327
5308
  hasDefaultPermission = true;
@@ -5343,7 +5324,7 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
5343
5324
  }
5344
5325
  }
5345
5326
  }
5346
- return resolveFullPermissionMatrix({
5327
+ return permissionMatrixFromResolvedScopes({
5347
5328
  hasDefaultPermission,
5348
5329
  baseAccess,
5349
5330
  matrix: explicitMatrix
@@ -5388,16 +5369,14 @@ function mergePermissionMatrices(sources) {
5388
5369
  storage: strongestMatrixAccess(sources, "storage"),
5389
5370
  comments: strongestMatrixAccess(sources, "comments"),
5390
5371
  feeds: strongestMatrixAccess(sources, "feeds"),
5391
- personal: "write"
5372
+ personal: strongestMatrixAccess(sources, "personal")
5392
5373
  };
5393
5374
  }
5394
5375
  function permissionMatrixToScopes(matrix) {
5395
5376
  const scopes = [];
5396
5377
  const baseAccess = matrix.room;
5397
5378
  if (baseAccess !== "none") {
5398
- scopes.push(
5399
- permissionForAccessLevel(DEFAULT_PERMISSION_RESOURCE, baseAccess)
5400
- );
5379
+ scopes.push(permissionForAccessLevel(BASE_PERMISSION_RESOURCE, baseAccess));
5401
5380
  }
5402
5381
  for (const resource of ROOM_PERMISSION_RESOURCES) {
5403
5382
  const access = matrix[resource];
@@ -5407,6 +5386,28 @@ function permissionMatrixToScopes(matrix) {
5407
5386
  }
5408
5387
  return scopes;
5409
5388
  }
5389
+ function mergeRoomPermissionScopes({
5390
+ defaultAccesses,
5391
+ groupsAccesses,
5392
+ userAccesses
5393
+ }) {
5394
+ const sources = [
5395
+ permissionMatrixFromScopes(defaultAccesses),
5396
+ ...groupsAccesses.map((scopes) => permissionMatrixFromScopes(scopes)),
5397
+ ...userAccesses !== void 0 ? [permissionMatrixFromScopes(userAccesses)] : []
5398
+ ];
5399
+ return permissionMatrixToScopes(mergePermissionMatrices(sources));
5400
+ }
5401
+ function permissionForAccessLevel(resource, access, field = resource) {
5402
+ const levels = PERMISSIONS_BY_RESOURCE[resource];
5403
+ const permissions = levels[access];
5404
+ if (permissions === void 0 || permissions.length === 0) {
5405
+ throw new Error(
5406
+ `Invalid permission level for ${field}: ${JSON.stringify(access) ?? String(access)}`
5407
+ );
5408
+ }
5409
+ return permissions[0];
5410
+ }
5410
5411
  function strongestMatrixAccess(sources, resource) {
5411
5412
  return sources.reduce(
5412
5413
  (strongest, source) => strongestAccess(strongest, source[resource]),
@@ -5414,7 +5415,7 @@ function strongestMatrixAccess(sources, resource) {
5414
5415
  );
5415
5416
  }
5416
5417
  function strongestAccess(left, right) {
5417
- return ACCESS_RANKS[right] > ACCESS_RANKS[left] ? right : left;
5418
+ return ACCESS_LEVEL_RANKS[right] > ACCESS_LEVEL_RANKS[left] ? right : left;
5418
5419
  }
5419
5420
  function resourceMatchesRoomId(resource, roomId) {
5420
5421
  if (resource.includes("*")) {
@@ -9501,14 +9502,22 @@ var ClientMsgCode = Object.freeze({
9501
9502
  // src/refs/ManagedOthers.ts
9502
9503
  function makeUser(conn, presence) {
9503
9504
  const { connectionId, id, info } = conn;
9504
- const canWrite = hasPermissionAccess(conn.scopes, "storage", "write");
9505
+ const canWrite = hasPermissionAccess(
9506
+ conn.permissionMatrix,
9507
+ "storage",
9508
+ "write"
9509
+ );
9505
9510
  return freeze(
9506
9511
  compactObject({
9507
9512
  connectionId,
9508
9513
  id,
9509
9514
  info,
9510
9515
  canWrite,
9511
- canComment: hasPermissionAccess(conn.scopes, "comments", "write"),
9516
+ canComment: hasPermissionAccess(
9517
+ conn.permissionMatrix,
9518
+ "comments",
9519
+ "write"
9520
+ ),
9512
9521
  isReadOnly: !canWrite,
9513
9522
  // Deprecated, kept for backward-compatibility
9514
9523
  presence
@@ -9587,7 +9596,7 @@ var ManagedOthers = class {
9587
9596
  connectionId,
9588
9597
  id: metaUserId,
9589
9598
  info: metaUserInfo,
9590
- scopes
9599
+ permissionMatrix: permissionMatrixFromScopes(scopes)
9591
9600
  })
9592
9601
  );
9593
9602
  if (!state.presences.has(connectionId)) {
@@ -9964,8 +9973,8 @@ function createRoom(options, config) {
9964
9973
  }
9965
9974
  }
9966
9975
  function isStorageWritable() {
9967
- const scopes = context.dynamicSessionInfoSig.get()?.scopes;
9968
- return scopes !== void 0 ? hasPermissionAccess(scopes, "storage", "write") : true;
9976
+ const permissionMatrix = context.dynamicSessionInfoSig.get()?.permissionMatrix;
9977
+ return permissionMatrix !== void 0 ? hasPermissionAccess(permissionMatrix, "storage", "write") : true;
9969
9978
  }
9970
9979
  const eventHub = {
9971
9980
  status: makeEventSource(),
@@ -10027,7 +10036,7 @@ function createRoom(options, config) {
10027
10036
  return null;
10028
10037
  } else {
10029
10038
  const canWrite = hasPermissionAccess(
10030
- dynamicSession.scopes,
10039
+ dynamicSession.permissionMatrix,
10031
10040
  "storage",
10032
10041
  "write"
10033
10042
  );
@@ -10038,7 +10047,7 @@ function createRoom(options, config) {
10038
10047
  presence: myPresence,
10039
10048
  canWrite,
10040
10049
  canComment: hasPermissionAccess(
10041
- dynamicSession.scopes,
10050
+ dynamicSession.permissionMatrix,
10042
10051
  "comments",
10043
10052
  "write"
10044
10053
  )
@@ -10330,7 +10339,7 @@ function createRoom(options, config) {
10330
10339
  context.dynamicSessionInfoSig.set({
10331
10340
  actor: message.actor,
10332
10341
  nonce: message.nonce,
10333
- scopes: message.scopes,
10342
+ permissionMatrix: permissionMatrixFromScopes(message.scopes),
10334
10343
  meta: message.meta
10335
10344
  });
10336
10345
  context.idFactory = makeIdFactory(message.actor);
@@ -12677,6 +12686,7 @@ export {
12677
12686
  mapValues,
12678
12687
  memoizeOnSuccess,
12679
12688
  mergePermissionMatrices,
12689
+ mergeRoomPermissionScopes,
12680
12690
  nanoid,
12681
12691
  nn,
12682
12692
  nodeStreamToCompactNodes,