@liveblocks/core 3.20.0-perm6 → 3.20.0-perm8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +120 -45
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +38 -28
- package/dist/index.d.ts +38 -28
- package/dist/index.js +122 -47
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -110,28 +110,38 @@ type PermissionMatrix = {
|
|
|
110
110
|
personal: AccessLevel;
|
|
111
111
|
};
|
|
112
112
|
type PermissionResources = keyof PermissionMatrix;
|
|
113
|
-
type
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
type RoomPermission = Permission[];
|
|
118
|
-
type RoomPermissionInput = readonly Permission[];
|
|
119
|
-
type RoomAccesses = Record<string, RoomPermission>;
|
|
120
|
-
type RoomAccessesInput = Record<string, RoomPermissionInput>;
|
|
121
|
-
type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
|
|
122
|
-
type RoomPermissionSources = {
|
|
123
|
-
defaultAccesses: readonly Permission[];
|
|
124
|
-
groupsAccesses: readonly (readonly Permission[])[];
|
|
125
|
-
userAccesses?: readonly Permission[] | undefined;
|
|
126
|
-
};
|
|
127
|
-
declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
|
|
113
|
+
type RoomPermissions = Permission[];
|
|
114
|
+
type RoomAccesses = Record<string, RoomPermissions>;
|
|
115
|
+
type UpdateRoomAccesses = Record<string, RoomPermissions | null>;
|
|
116
|
+
declare function permissionMatrixFromScopes(scopes: RoomPermissions): PermissionMatrix;
|
|
128
117
|
declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
|
|
129
|
-
declare function
|
|
130
|
-
declare function
|
|
131
|
-
declare function
|
|
132
|
-
declare function mergePermissionMatrices(
|
|
133
|
-
declare function permissionMatrixToScopes(matrix: PermissionMatrix):
|
|
134
|
-
|
|
118
|
+
declare function normalizeRoomPermissions(permissions: string[] | readonly string[]): RoomPermissions;
|
|
119
|
+
declare function normalizeRoomAccesses(accesses: RoomAccesses | undefined): RoomAccesses | undefined;
|
|
120
|
+
declare function normalizeUpdateRoomAccesses(accesses: UpdateRoomAccesses | undefined): UpdateRoomAccesses | undefined;
|
|
121
|
+
declare function mergePermissionMatrices(matrices: PermissionMatrix[]): PermissionMatrix;
|
|
122
|
+
declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermissions;
|
|
123
|
+
/**
|
|
124
|
+
* Merges permission scopes from multiple sources, by priority: explicit user
|
|
125
|
+
* accesses override group accesses, which override the room defaults. Groups
|
|
126
|
+
* all share the same priority, so they are first merged together by taking
|
|
127
|
+
* the highest access level per feature (and base).
|
|
128
|
+
*/
|
|
129
|
+
declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: {
|
|
130
|
+
defaultAccesses: RoomPermissions;
|
|
131
|
+
groupsAccesses: RoomPermissions[];
|
|
132
|
+
userAccesses: RoomPermissions;
|
|
133
|
+
}): RoomPermissions;
|
|
134
|
+
/**
|
|
135
|
+
* Validates a set of permissions:
|
|
136
|
+
* - every scope must be a known permission scope,
|
|
137
|
+
* - exactly one base permission is required (*:read, *:write, or the legacy
|
|
138
|
+
* aliases room:read, room:write),
|
|
139
|
+
* - at most one scope per feature (storage, comments, feeds, ...),
|
|
140
|
+
* - room:presence:write is accepted as an extra legacy scope.
|
|
141
|
+
*
|
|
142
|
+
* Returns `true` when the set is valid, or an error message otherwise.
|
|
143
|
+
*/
|
|
144
|
+
declare function validatePermissionsSet(scopes: readonly string[]): true | string;
|
|
135
145
|
|
|
136
146
|
type CustomAuthenticationResult = Relax<{
|
|
137
147
|
token: string;
|
|
@@ -1754,7 +1764,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
|
|
|
1754
1764
|
subscriptions: SubscriptionData[];
|
|
1755
1765
|
requestedAt: Date;
|
|
1756
1766
|
nextCursor: string | null;
|
|
1757
|
-
permissionHints: Record<string,
|
|
1767
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
1758
1768
|
}>;
|
|
1759
1769
|
getThreadsSince(options: {
|
|
1760
1770
|
roomId: string;
|
|
@@ -1774,7 +1784,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
|
|
|
1774
1784
|
deleted: SubscriptionDeleteInfo[];
|
|
1775
1785
|
};
|
|
1776
1786
|
requestedAt: Date;
|
|
1777
|
-
permissionHints: Record<string,
|
|
1787
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
1778
1788
|
}>;
|
|
1779
1789
|
searchComments(options: {
|
|
1780
1790
|
roomId: string;
|
|
@@ -2024,7 +2034,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
|
|
|
2024
2034
|
subscriptions: SubscriptionData[];
|
|
2025
2035
|
nextCursor: string | null;
|
|
2026
2036
|
requestedAt: Date;
|
|
2027
|
-
permissionHints: Record<string,
|
|
2037
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
2028
2038
|
}>;
|
|
2029
2039
|
getUserThreadsSince_experimental(options: {
|
|
2030
2040
|
since: Date;
|
|
@@ -2043,7 +2053,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
|
|
|
2043
2053
|
deleted: SubscriptionDeleteInfo[];
|
|
2044
2054
|
};
|
|
2045
2055
|
requestedAt: Date;
|
|
2046
|
-
permissionHints: Record<string,
|
|
2056
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
2047
2057
|
}>;
|
|
2048
2058
|
groupsStore: BatchStore<GroupData | undefined, string>;
|
|
2049
2059
|
getGroup(groupId: string): Promise<GroupData | undefined>;
|
|
@@ -3852,7 +3862,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
|
|
|
3852
3862
|
subscriptions: SubscriptionData[];
|
|
3853
3863
|
requestedAt: Date;
|
|
3854
3864
|
nextCursor: string | null;
|
|
3855
|
-
permissionHints: Record<string,
|
|
3865
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
3856
3866
|
}>;
|
|
3857
3867
|
/**
|
|
3858
3868
|
* Returns the updated and deleted threads and their associated inbox notifications and subscriptions since the requested date.
|
|
@@ -3876,7 +3886,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
|
|
|
3876
3886
|
deleted: SubscriptionDeleteInfo[];
|
|
3877
3887
|
};
|
|
3878
3888
|
requestedAt: Date;
|
|
3879
|
-
permissionHints: Record<string,
|
|
3889
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
3880
3890
|
}>;
|
|
3881
3891
|
/**
|
|
3882
3892
|
* Returns a thread and the associated inbox notification and subscription if it exists.
|
|
@@ -5769,4 +5779,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
|
|
|
5769
5779
|
[K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
|
|
5770
5780
|
};
|
|
5771
5781
|
|
|
5772
|
-
export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type
|
|
5782
|
+
export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomEventMessage, type RoomPermissions, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateRoomAccesses, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccesses, normalizeRoomPermissions, normalizeUpdateRoomAccesses, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, validatePermissionsSet, wait, warnOnce, warnOnceIf, withTimeout };
|
package/dist/index.d.ts
CHANGED
|
@@ -110,28 +110,38 @@ type PermissionMatrix = {
|
|
|
110
110
|
personal: AccessLevel;
|
|
111
111
|
};
|
|
112
112
|
type PermissionResources = keyof PermissionMatrix;
|
|
113
|
-
type
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
type RoomPermission = Permission[];
|
|
118
|
-
type RoomPermissionInput = readonly Permission[];
|
|
119
|
-
type RoomAccesses = Record<string, RoomPermission>;
|
|
120
|
-
type RoomAccessesInput = Record<string, RoomPermissionInput>;
|
|
121
|
-
type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
|
|
122
|
-
type RoomPermissionSources = {
|
|
123
|
-
defaultAccesses: readonly Permission[];
|
|
124
|
-
groupsAccesses: readonly (readonly Permission[])[];
|
|
125
|
-
userAccesses?: readonly Permission[] | undefined;
|
|
126
|
-
};
|
|
127
|
-
declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
|
|
113
|
+
type RoomPermissions = Permission[];
|
|
114
|
+
type RoomAccesses = Record<string, RoomPermissions>;
|
|
115
|
+
type UpdateRoomAccesses = Record<string, RoomPermissions | null>;
|
|
116
|
+
declare function permissionMatrixFromScopes(scopes: RoomPermissions): PermissionMatrix;
|
|
128
117
|
declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
|
|
129
|
-
declare function
|
|
130
|
-
declare function
|
|
131
|
-
declare function
|
|
132
|
-
declare function mergePermissionMatrices(
|
|
133
|
-
declare function permissionMatrixToScopes(matrix: PermissionMatrix):
|
|
134
|
-
|
|
118
|
+
declare function normalizeRoomPermissions(permissions: string[] | readonly string[]): RoomPermissions;
|
|
119
|
+
declare function normalizeRoomAccesses(accesses: RoomAccesses | undefined): RoomAccesses | undefined;
|
|
120
|
+
declare function normalizeUpdateRoomAccesses(accesses: UpdateRoomAccesses | undefined): UpdateRoomAccesses | undefined;
|
|
121
|
+
declare function mergePermissionMatrices(matrices: PermissionMatrix[]): PermissionMatrix;
|
|
122
|
+
declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermissions;
|
|
123
|
+
/**
|
|
124
|
+
* Merges permission scopes from multiple sources, by priority: explicit user
|
|
125
|
+
* accesses override group accesses, which override the room defaults. Groups
|
|
126
|
+
* all share the same priority, so they are first merged together by taking
|
|
127
|
+
* the highest access level per feature (and base).
|
|
128
|
+
*/
|
|
129
|
+
declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: {
|
|
130
|
+
defaultAccesses: RoomPermissions;
|
|
131
|
+
groupsAccesses: RoomPermissions[];
|
|
132
|
+
userAccesses: RoomPermissions;
|
|
133
|
+
}): RoomPermissions;
|
|
134
|
+
/**
|
|
135
|
+
* Validates a set of permissions:
|
|
136
|
+
* - every scope must be a known permission scope,
|
|
137
|
+
* - exactly one base permission is required (*:read, *:write, or the legacy
|
|
138
|
+
* aliases room:read, room:write),
|
|
139
|
+
* - at most one scope per feature (storage, comments, feeds, ...),
|
|
140
|
+
* - room:presence:write is accepted as an extra legacy scope.
|
|
141
|
+
*
|
|
142
|
+
* Returns `true` when the set is valid, or an error message otherwise.
|
|
143
|
+
*/
|
|
144
|
+
declare function validatePermissionsSet(scopes: readonly string[]): true | string;
|
|
135
145
|
|
|
136
146
|
type CustomAuthenticationResult = Relax<{
|
|
137
147
|
token: string;
|
|
@@ -1754,7 +1764,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
|
|
|
1754
1764
|
subscriptions: SubscriptionData[];
|
|
1755
1765
|
requestedAt: Date;
|
|
1756
1766
|
nextCursor: string | null;
|
|
1757
|
-
permissionHints: Record<string,
|
|
1767
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
1758
1768
|
}>;
|
|
1759
1769
|
getThreadsSince(options: {
|
|
1760
1770
|
roomId: string;
|
|
@@ -1774,7 +1784,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
|
|
|
1774
1784
|
deleted: SubscriptionDeleteInfo[];
|
|
1775
1785
|
};
|
|
1776
1786
|
requestedAt: Date;
|
|
1777
|
-
permissionHints: Record<string,
|
|
1787
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
1778
1788
|
}>;
|
|
1779
1789
|
searchComments(options: {
|
|
1780
1790
|
roomId: string;
|
|
@@ -2024,7 +2034,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
|
|
|
2024
2034
|
subscriptions: SubscriptionData[];
|
|
2025
2035
|
nextCursor: string | null;
|
|
2026
2036
|
requestedAt: Date;
|
|
2027
|
-
permissionHints: Record<string,
|
|
2037
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
2028
2038
|
}>;
|
|
2029
2039
|
getUserThreadsSince_experimental(options: {
|
|
2030
2040
|
since: Date;
|
|
@@ -2043,7 +2053,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
|
|
|
2043
2053
|
deleted: SubscriptionDeleteInfo[];
|
|
2044
2054
|
};
|
|
2045
2055
|
requestedAt: Date;
|
|
2046
|
-
permissionHints: Record<string,
|
|
2056
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
2047
2057
|
}>;
|
|
2048
2058
|
groupsStore: BatchStore<GroupData | undefined, string>;
|
|
2049
2059
|
getGroup(groupId: string): Promise<GroupData | undefined>;
|
|
@@ -3852,7 +3862,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
|
|
|
3852
3862
|
subscriptions: SubscriptionData[];
|
|
3853
3863
|
requestedAt: Date;
|
|
3854
3864
|
nextCursor: string | null;
|
|
3855
|
-
permissionHints: Record<string,
|
|
3865
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
3856
3866
|
}>;
|
|
3857
3867
|
/**
|
|
3858
3868
|
* Returns the updated and deleted threads and their associated inbox notifications and subscriptions since the requested date.
|
|
@@ -3876,7 +3886,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
|
|
|
3876
3886
|
deleted: SubscriptionDeleteInfo[];
|
|
3877
3887
|
};
|
|
3878
3888
|
requestedAt: Date;
|
|
3879
|
-
permissionHints: Record<string,
|
|
3889
|
+
permissionHints: Record<string, RoomPermissions>;
|
|
3880
3890
|
}>;
|
|
3881
3891
|
/**
|
|
3882
3892
|
* Returns a thread and the associated inbox notification and subscription if it exists.
|
|
@@ -5769,4 +5779,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
|
|
|
5769
5779
|
[K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
|
|
5770
5780
|
};
|
|
5771
5781
|
|
|
5772
|
-
export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type
|
|
5782
|
+
export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomEventMessage, type RoomPermissions, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateRoomAccesses, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccesses, normalizeRoomPermissions, normalizeUpdateRoomAccesses, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, validatePermissionsSet, wait, warnOnce, warnOnceIf, withTimeout };
|
package/dist/index.js
CHANGED
|
@@ -6,7 +6,7 @@ var __export = (target, all) => {
|
|
|
6
6
|
|
|
7
7
|
// src/version.ts
|
|
8
8
|
var PKG_NAME = "@liveblocks/core";
|
|
9
|
-
var PKG_VERSION = "3.20.0-
|
|
9
|
+
var PKG_VERSION = "3.20.0-perm8";
|
|
10
10
|
var PKG_FORMAT = "esm";
|
|
11
11
|
|
|
12
12
|
// src/dupe-detection.ts
|
|
@@ -5203,6 +5203,12 @@ var Permission = {
|
|
|
5203
5203
|
LegacyRoomPresenceWrite: "room:presence:write"
|
|
5204
5204
|
};
|
|
5205
5205
|
var ACCESS_LEVELS = ["none", "read", "write"];
|
|
5206
|
+
var basePermissionScopes = /* @__PURE__ */ new Set([
|
|
5207
|
+
Permission.Read,
|
|
5208
|
+
Permission.Write,
|
|
5209
|
+
Permission.RoomRead,
|
|
5210
|
+
Permission.RoomWrite
|
|
5211
|
+
]);
|
|
5206
5212
|
var ACCESS_LEVEL_RANKS = {
|
|
5207
5213
|
none: 0,
|
|
5208
5214
|
read: 1,
|
|
@@ -5246,6 +5252,9 @@ var ROOM_PERMISSION_RESOURCES = [
|
|
|
5246
5252
|
"feeds"
|
|
5247
5253
|
];
|
|
5248
5254
|
var VALID_PERMISSIONS = new Set(Object.values(Permission));
|
|
5255
|
+
function isPermission(permission) {
|
|
5256
|
+
return VALID_PERMISSIONS.has(permission);
|
|
5257
|
+
}
|
|
5249
5258
|
function resolveResourceAccess(scopes, resource) {
|
|
5250
5259
|
const permissions = PERMISSIONS_BY_RESOURCE[resource];
|
|
5251
5260
|
let resourceAccess;
|
|
@@ -5330,46 +5339,46 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
|
|
|
5330
5339
|
matrix: explicitMatrix
|
|
5331
5340
|
});
|
|
5332
5341
|
}
|
|
5333
|
-
function
|
|
5334
|
-
if (!Array.isArray(
|
|
5342
|
+
function normalizeRoomPermissions(permissions) {
|
|
5343
|
+
if (!Array.isArray(permissions)) {
|
|
5335
5344
|
throw new Error("Permission list must be an array");
|
|
5336
5345
|
}
|
|
5337
|
-
return
|
|
5338
|
-
if (!
|
|
5346
|
+
return permissions.map((permission) => {
|
|
5347
|
+
if (!isPermission(permission)) {
|
|
5339
5348
|
throw new Error(`Not a valid permission: ${permission}`);
|
|
5340
5349
|
}
|
|
5341
5350
|
return permission;
|
|
5342
5351
|
});
|
|
5343
5352
|
}
|
|
5344
|
-
function
|
|
5345
|
-
if (
|
|
5353
|
+
function normalizeRoomAccesses(accesses) {
|
|
5354
|
+
if (accesses === void 0) {
|
|
5346
5355
|
return void 0;
|
|
5347
5356
|
}
|
|
5348
5357
|
return Object.fromEntries(
|
|
5349
|
-
Object.entries(
|
|
5358
|
+
Object.entries(accesses).map(([id, permissions]) => [
|
|
5350
5359
|
id,
|
|
5351
|
-
|
|
5360
|
+
normalizeRoomPermissions(permissions)
|
|
5352
5361
|
])
|
|
5353
5362
|
);
|
|
5354
5363
|
}
|
|
5355
|
-
function
|
|
5356
|
-
if (
|
|
5364
|
+
function normalizeUpdateRoomAccesses(accesses) {
|
|
5365
|
+
if (accesses === void 0) {
|
|
5357
5366
|
return void 0;
|
|
5358
5367
|
}
|
|
5359
5368
|
return Object.fromEntries(
|
|
5360
|
-
Object.entries(
|
|
5369
|
+
Object.entries(accesses).map(([id, permissions]) => [
|
|
5361
5370
|
id,
|
|
5362
|
-
permissions === null ? null :
|
|
5371
|
+
permissions === null ? null : normalizeRoomPermissions(permissions)
|
|
5363
5372
|
])
|
|
5364
5373
|
);
|
|
5365
5374
|
}
|
|
5366
|
-
function mergePermissionMatrices(
|
|
5375
|
+
function mergePermissionMatrices(matrices) {
|
|
5367
5376
|
return {
|
|
5368
|
-
room: strongestMatrixAccess(
|
|
5369
|
-
storage: strongestMatrixAccess(
|
|
5370
|
-
comments: strongestMatrixAccess(
|
|
5371
|
-
feeds: strongestMatrixAccess(
|
|
5372
|
-
personal: strongestMatrixAccess(
|
|
5377
|
+
room: strongestMatrixAccess(matrices, "room"),
|
|
5378
|
+
storage: strongestMatrixAccess(matrices, "storage"),
|
|
5379
|
+
comments: strongestMatrixAccess(matrices, "comments"),
|
|
5380
|
+
feeds: strongestMatrixAccess(matrices, "feeds"),
|
|
5381
|
+
personal: strongestMatrixAccess(matrices, "personal")
|
|
5373
5382
|
};
|
|
5374
5383
|
}
|
|
5375
5384
|
function permissionMatrixToScopes(matrix) {
|
|
@@ -5392,11 +5401,53 @@ function mergeRoomPermissionScopes({
|
|
|
5392
5401
|
userAccesses
|
|
5393
5402
|
}) {
|
|
5394
5403
|
const sources = [
|
|
5395
|
-
|
|
5396
|
-
|
|
5397
|
-
|
|
5404
|
+
resolvePermissionScopes(defaultAccesses),
|
|
5405
|
+
mergeResolvedScopesByHighestAccess(
|
|
5406
|
+
groupsAccesses.map(resolvePermissionScopes)
|
|
5407
|
+
),
|
|
5408
|
+
resolvePermissionScopes(userAccesses)
|
|
5398
5409
|
];
|
|
5399
|
-
|
|
5410
|
+
const merged = {
|
|
5411
|
+
hasDefaultPermission: false,
|
|
5412
|
+
baseAccess: "none",
|
|
5413
|
+
matrix: {}
|
|
5414
|
+
};
|
|
5415
|
+
for (const source of sources) {
|
|
5416
|
+
if (source.hasDefaultPermission) {
|
|
5417
|
+
merged.hasDefaultPermission = true;
|
|
5418
|
+
merged.baseAccess = source.baseAccess;
|
|
5419
|
+
}
|
|
5420
|
+
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5421
|
+
const access = source.matrix[resource];
|
|
5422
|
+
if (access !== void 0) {
|
|
5423
|
+
merged.matrix[resource] = access;
|
|
5424
|
+
}
|
|
5425
|
+
}
|
|
5426
|
+
}
|
|
5427
|
+
return permissionMatrixToScopes(permissionMatrixFromResolvedScopes(merged));
|
|
5428
|
+
}
|
|
5429
|
+
function mergeResolvedScopesByHighestAccess(sources) {
|
|
5430
|
+
const merged = {
|
|
5431
|
+
hasDefaultPermission: false,
|
|
5432
|
+
baseAccess: "none",
|
|
5433
|
+
matrix: {}
|
|
5434
|
+
};
|
|
5435
|
+
for (const source of sources) {
|
|
5436
|
+
if (source.hasDefaultPermission) {
|
|
5437
|
+
merged.hasDefaultPermission = true;
|
|
5438
|
+
merged.baseAccess = strongestAccess(merged.baseAccess, source.baseAccess);
|
|
5439
|
+
}
|
|
5440
|
+
for (const resource of ROOM_PERMISSION_RESOURCES) {
|
|
5441
|
+
const access = source.matrix[resource];
|
|
5442
|
+
if (access !== void 0) {
|
|
5443
|
+
merged.matrix[resource] = strongestAccess(
|
|
5444
|
+
merged.matrix[resource] ?? "none",
|
|
5445
|
+
access
|
|
5446
|
+
);
|
|
5447
|
+
}
|
|
5448
|
+
}
|
|
5449
|
+
}
|
|
5450
|
+
return merged;
|
|
5400
5451
|
}
|
|
5401
5452
|
function permissionForAccessLevel(resource, access, field = resource) {
|
|
5402
5453
|
const levels = PERMISSIONS_BY_RESOURCE[resource];
|
|
@@ -5408,9 +5459,9 @@ function permissionForAccessLevel(resource, access, field = resource) {
|
|
|
5408
5459
|
}
|
|
5409
5460
|
return permissions[0];
|
|
5410
5461
|
}
|
|
5411
|
-
function strongestMatrixAccess(
|
|
5412
|
-
return
|
|
5413
|
-
(strongest,
|
|
5462
|
+
function strongestMatrixAccess(matrices, resource) {
|
|
5463
|
+
return matrices.reduce(
|
|
5464
|
+
(strongest, matrix) => strongestAccess(strongest, matrix[resource]),
|
|
5414
5465
|
"none"
|
|
5415
5466
|
);
|
|
5416
5467
|
}
|
|
@@ -5426,6 +5477,28 @@ function resourceMatchesRoomId(resource, roomId) {
|
|
|
5426
5477
|
function getResourceSpecificity(resource) {
|
|
5427
5478
|
return resource.replace("*", "").length;
|
|
5428
5479
|
}
|
|
5480
|
+
function validatePermissionsSet(scopes) {
|
|
5481
|
+
const unknownScopes = scopes.filter((scope) => !VALID_PERMISSIONS.has(scope));
|
|
5482
|
+
if (unknownScopes.length > 0) {
|
|
5483
|
+
return `Unknown permission scope(s): ${unknownScopes.join(", ")}`;
|
|
5484
|
+
}
|
|
5485
|
+
const baseScopes = scopes.filter((scope) => basePermissionScopes.has(scope));
|
|
5486
|
+
if (baseScopes.length !== 1) {
|
|
5487
|
+
return `Permissions must include exactly one of ${Permission.Read}, ${Permission.Write} (or the legacy aliases ${Permission.RoomRead}, ${Permission.RoomWrite}), got ${baseScopes.length === 0 ? "none" : baseScopes.join(", ")}`;
|
|
5488
|
+
}
|
|
5489
|
+
const seenFeatures = /* @__PURE__ */ new Set();
|
|
5490
|
+
for (const scope of scopes) {
|
|
5491
|
+
if (basePermissionScopes.has(scope) || scope === Permission.LegacyRoomPresenceWrite) {
|
|
5492
|
+
continue;
|
|
5493
|
+
}
|
|
5494
|
+
const feature = scope.slice(0, scope.indexOf(":"));
|
|
5495
|
+
if (seenFeatures.has(feature)) {
|
|
5496
|
+
return `Permissions can include at most one scope per feature, got multiple "${feature}" scopes`;
|
|
5497
|
+
}
|
|
5498
|
+
seenFeatures.add(feature);
|
|
5499
|
+
}
|
|
5500
|
+
return true;
|
|
5501
|
+
}
|
|
5429
5502
|
|
|
5430
5503
|
// src/protocol/AuthToken.ts
|
|
5431
5504
|
function isValidAuthTokenPayload(data) {
|
|
@@ -5593,7 +5666,7 @@ function makeCachedToken(token, expiresAt) {
|
|
|
5593
5666
|
function getAuthTokenPermissionScopes(permissions) {
|
|
5594
5667
|
return Object.entries(permissions).map(([resource, scopes]) => ({
|
|
5595
5668
|
resource,
|
|
5596
|
-
scopes
|
|
5669
|
+
scopes: normalizeRoomPermissions(scopes)
|
|
5597
5670
|
}));
|
|
5598
5671
|
}
|
|
5599
5672
|
function cachedTokenSatisfiesRequest(cachedToken, request) {
|
|
@@ -9501,23 +9574,15 @@ var ClientMsgCode = Object.freeze({
|
|
|
9501
9574
|
|
|
9502
9575
|
// src/refs/ManagedOthers.ts
|
|
9503
9576
|
function makeUser(conn, presence) {
|
|
9504
|
-
const { connectionId, id, info } = conn;
|
|
9505
|
-
const canWrite =
|
|
9506
|
-
conn.permissionMatrix,
|
|
9507
|
-
"storage",
|
|
9508
|
-
"write"
|
|
9509
|
-
);
|
|
9577
|
+
const { connectionId, id, info, access } = conn;
|
|
9578
|
+
const { canWrite, canComment } = access;
|
|
9510
9579
|
return freeze(
|
|
9511
9580
|
compactObject({
|
|
9512
9581
|
connectionId,
|
|
9513
9582
|
id,
|
|
9514
9583
|
info,
|
|
9515
9584
|
canWrite,
|
|
9516
|
-
canComment
|
|
9517
|
-
conn.permissionMatrix,
|
|
9518
|
-
"comments",
|
|
9519
|
-
"write"
|
|
9520
|
-
),
|
|
9585
|
+
canComment,
|
|
9521
9586
|
isReadOnly: !canWrite,
|
|
9522
9587
|
// Deprecated, kept for backward-compatibility
|
|
9523
9588
|
presence
|
|
@@ -9588,7 +9653,7 @@ var ManagedOthers = class {
|
|
|
9588
9653
|
* Records a known connection. This records the connection ID and the
|
|
9589
9654
|
* associated metadata.
|
|
9590
9655
|
*/
|
|
9591
|
-
setConnection(connectionId, metaUserId, metaUserInfo,
|
|
9656
|
+
setConnection(connectionId, metaUserId, metaUserInfo, access) {
|
|
9592
9657
|
this.#internal.mutate((state) => {
|
|
9593
9658
|
state.connections.set(
|
|
9594
9659
|
connectionId,
|
|
@@ -9596,7 +9661,7 @@ var ManagedOthers = class {
|
|
|
9596
9661
|
connectionId,
|
|
9597
9662
|
id: metaUserId,
|
|
9598
9663
|
info: metaUserInfo,
|
|
9599
|
-
|
|
9664
|
+
access
|
|
9600
9665
|
})
|
|
9601
9666
|
);
|
|
9602
9667
|
if (!state.presences.has(connectionId)) {
|
|
@@ -9749,6 +9814,14 @@ function defaultMessageFromContext(context) {
|
|
|
9749
9814
|
|
|
9750
9815
|
// src/room.ts
|
|
9751
9816
|
var FEEDS_TIMEOUT = 5e3;
|
|
9817
|
+
function connectionAccessFromScopes(scopes) {
|
|
9818
|
+
const roomPermissions = normalizeRoomPermissions(scopes);
|
|
9819
|
+
const matrix = permissionMatrixFromScopes(roomPermissions);
|
|
9820
|
+
return {
|
|
9821
|
+
canWrite: hasPermissionAccess(matrix, "storage", "write"),
|
|
9822
|
+
canComment: hasPermissionAccess(matrix, "comments", "write")
|
|
9823
|
+
};
|
|
9824
|
+
}
|
|
9752
9825
|
function makeIdFactory(connectionId) {
|
|
9753
9826
|
let count = 0;
|
|
9754
9827
|
return () => `${connectionId}:${count++}`;
|
|
@@ -10339,7 +10412,9 @@ function createRoom(options, config) {
|
|
|
10339
10412
|
context.dynamicSessionInfoSig.set({
|
|
10340
10413
|
actor: message.actor,
|
|
10341
10414
|
nonce: message.nonce,
|
|
10342
|
-
permissionMatrix: permissionMatrixFromScopes(
|
|
10415
|
+
permissionMatrix: permissionMatrixFromScopes(
|
|
10416
|
+
normalizeRoomPermissions(message.scopes)
|
|
10417
|
+
),
|
|
10343
10418
|
meta: message.meta
|
|
10344
10419
|
});
|
|
10345
10420
|
context.idFactory = makeIdFactory(message.actor);
|
|
@@ -10360,7 +10435,7 @@ function createRoom(options, config) {
|
|
|
10360
10435
|
connectionId,
|
|
10361
10436
|
user.id,
|
|
10362
10437
|
user.info,
|
|
10363
|
-
user.scopes
|
|
10438
|
+
connectionAccessFromScopes(user.scopes)
|
|
10364
10439
|
);
|
|
10365
10440
|
}
|
|
10366
10441
|
return { type: "reset" };
|
|
@@ -10380,7 +10455,7 @@ function createRoom(options, config) {
|
|
|
10380
10455
|
message.actor,
|
|
10381
10456
|
message.id,
|
|
10382
10457
|
message.info,
|
|
10383
|
-
message.scopes
|
|
10458
|
+
connectionAccessFromScopes(message.scopes)
|
|
10384
10459
|
);
|
|
10385
10460
|
context.buffer.messages.push({
|
|
10386
10461
|
type: ClientMsgCode.UPDATE_PRESENCE,
|
|
@@ -11746,7 +11821,6 @@ function createClient(options) {
|
|
|
11746
11821
|
),
|
|
11747
11822
|
authenticate: async () => {
|
|
11748
11823
|
const resp = await authManager.getAuthValue({
|
|
11749
|
-
// TODO: Should we have permissions for AI Copilots?
|
|
11750
11824
|
resource: "personal",
|
|
11751
11825
|
access: "write"
|
|
11752
11826
|
});
|
|
@@ -12690,9 +12764,9 @@ export {
|
|
|
12690
12764
|
nanoid,
|
|
12691
12765
|
nn,
|
|
12692
12766
|
nodeStreamToCompactNodes,
|
|
12693
|
-
|
|
12694
|
-
|
|
12695
|
-
|
|
12767
|
+
normalizeRoomAccesses,
|
|
12768
|
+
normalizeRoomPermissions,
|
|
12769
|
+
normalizeUpdateRoomAccesses,
|
|
12696
12770
|
objectToQuery,
|
|
12697
12771
|
patchNotificationSettings,
|
|
12698
12772
|
permissionMatrixFromScopes,
|
|
@@ -12709,6 +12783,7 @@ export {
|
|
|
12709
12783
|
tryParseJson,
|
|
12710
12784
|
url,
|
|
12711
12785
|
urljoin,
|
|
12786
|
+
validatePermissionsSet,
|
|
12712
12787
|
wait,
|
|
12713
12788
|
warnOnce,
|
|
12714
12789
|
warnOnceIf,
|