@liveblocks/core 3.20.0-perm6 → 3.20.0-perm8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -110,28 +110,38 @@ type PermissionMatrix = {
110
110
  personal: AccessLevel;
111
111
  };
112
112
  type PermissionResources = keyof PermissionMatrix;
113
- type RoomPermissionGrant = {
114
- resource: string;
115
- scopes: readonly Permission[];
116
- };
117
- type RoomPermission = Permission[];
118
- type RoomPermissionInput = readonly Permission[];
119
- type RoomAccesses = Record<string, RoomPermission>;
120
- type RoomAccessesInput = Record<string, RoomPermissionInput>;
121
- type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
122
- type RoomPermissionSources = {
123
- defaultAccesses: readonly Permission[];
124
- groupsAccesses: readonly (readonly Permission[])[];
125
- userAccesses?: readonly Permission[] | undefined;
126
- };
127
- declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
113
+ type RoomPermissions = Permission[];
114
+ type RoomAccesses = Record<string, RoomPermissions>;
115
+ type UpdateRoomAccesses = Record<string, RoomPermissions | null>;
116
+ declare function permissionMatrixFromScopes(scopes: RoomPermissions): PermissionMatrix;
128
117
  declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
129
- declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
130
- declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
131
- declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
132
- declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
133
- declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
134
- declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: RoomPermissionSources): Permission[];
118
+ declare function normalizeRoomPermissions(permissions: string[] | readonly string[]): RoomPermissions;
119
+ declare function normalizeRoomAccesses(accesses: RoomAccesses | undefined): RoomAccesses | undefined;
120
+ declare function normalizeUpdateRoomAccesses(accesses: UpdateRoomAccesses | undefined): UpdateRoomAccesses | undefined;
121
+ declare function mergePermissionMatrices(matrices: PermissionMatrix[]): PermissionMatrix;
122
+ declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermissions;
123
+ /**
124
+ * Merges permission scopes from multiple sources, by priority: explicit user
125
+ * accesses override group accesses, which override the room defaults. Groups
126
+ * all share the same priority, so they are first merged together by taking
127
+ * the highest access level per feature (and base).
128
+ */
129
+ declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: {
130
+ defaultAccesses: RoomPermissions;
131
+ groupsAccesses: RoomPermissions[];
132
+ userAccesses: RoomPermissions;
133
+ }): RoomPermissions;
134
+ /**
135
+ * Validates a set of permissions:
136
+ * - every scope must be a known permission scope,
137
+ * - exactly one base permission is required (*:read, *:write, or the legacy
138
+ * aliases room:read, room:write),
139
+ * - at most one scope per feature (storage, comments, feeds, ...),
140
+ * - room:presence:write is accepted as an extra legacy scope.
141
+ *
142
+ * Returns `true` when the set is valid, or an error message otherwise.
143
+ */
144
+ declare function validatePermissionsSet(scopes: readonly string[]): true | string;
135
145
 
136
146
  type CustomAuthenticationResult = Relax<{
137
147
  token: string;
@@ -1754,7 +1764,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
1754
1764
  subscriptions: SubscriptionData[];
1755
1765
  requestedAt: Date;
1756
1766
  nextCursor: string | null;
1757
- permissionHints: Record<string, Permission[]>;
1767
+ permissionHints: Record<string, RoomPermissions>;
1758
1768
  }>;
1759
1769
  getThreadsSince(options: {
1760
1770
  roomId: string;
@@ -1774,7 +1784,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
1774
1784
  deleted: SubscriptionDeleteInfo[];
1775
1785
  };
1776
1786
  requestedAt: Date;
1777
- permissionHints: Record<string, Permission[]>;
1787
+ permissionHints: Record<string, RoomPermissions>;
1778
1788
  }>;
1779
1789
  searchComments(options: {
1780
1790
  roomId: string;
@@ -2024,7 +2034,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
2024
2034
  subscriptions: SubscriptionData[];
2025
2035
  nextCursor: string | null;
2026
2036
  requestedAt: Date;
2027
- permissionHints: Record<string, Permission[]>;
2037
+ permissionHints: Record<string, RoomPermissions>;
2028
2038
  }>;
2029
2039
  getUserThreadsSince_experimental(options: {
2030
2040
  since: Date;
@@ -2043,7 +2053,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
2043
2053
  deleted: SubscriptionDeleteInfo[];
2044
2054
  };
2045
2055
  requestedAt: Date;
2046
- permissionHints: Record<string, Permission[]>;
2056
+ permissionHints: Record<string, RoomPermissions>;
2047
2057
  }>;
2048
2058
  groupsStore: BatchStore<GroupData | undefined, string>;
2049
2059
  getGroup(groupId: string): Promise<GroupData | undefined>;
@@ -3852,7 +3862,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
3852
3862
  subscriptions: SubscriptionData[];
3853
3863
  requestedAt: Date;
3854
3864
  nextCursor: string | null;
3855
- permissionHints: Record<string, Permission[]>;
3865
+ permissionHints: Record<string, RoomPermissions>;
3856
3866
  }>;
3857
3867
  /**
3858
3868
  * Returns the updated and deleted threads and their associated inbox notifications and subscriptions since the requested date.
@@ -3876,7 +3886,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
3876
3886
  deleted: SubscriptionDeleteInfo[];
3877
3887
  };
3878
3888
  requestedAt: Date;
3879
- permissionHints: Record<string, Permission[]>;
3889
+ permissionHints: Record<string, RoomPermissions>;
3880
3890
  }>;
3881
3891
  /**
3882
3892
  * Returns a thread and the associated inbox notification and subscription if it exists.
@@ -5769,4 +5779,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5769
5779
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5770
5780
  };
5771
5781
 
5772
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionSources, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5782
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomEventMessage, type RoomPermissions, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateRoomAccesses, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccesses, normalizeRoomPermissions, normalizeUpdateRoomAccesses, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, validatePermissionsSet, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.d.ts CHANGED
@@ -110,28 +110,38 @@ type PermissionMatrix = {
110
110
  personal: AccessLevel;
111
111
  };
112
112
  type PermissionResources = keyof PermissionMatrix;
113
- type RoomPermissionGrant = {
114
- resource: string;
115
- scopes: readonly Permission[];
116
- };
117
- type RoomPermission = Permission[];
118
- type RoomPermissionInput = readonly Permission[];
119
- type RoomAccesses = Record<string, RoomPermission>;
120
- type RoomAccessesInput = Record<string, RoomPermissionInput>;
121
- type RoomAccessesUpdateInput = Record<string, RoomPermissionInput | null>;
122
- type RoomPermissionSources = {
123
- defaultAccesses: readonly Permission[];
124
- groupsAccesses: readonly (readonly Permission[])[];
125
- userAccesses?: readonly Permission[] | undefined;
126
- };
127
- declare function permissionMatrixFromScopes(scopes: readonly string[]): PermissionMatrix;
113
+ type RoomPermissions = Permission[];
114
+ type RoomAccesses = Record<string, RoomPermissions>;
115
+ type UpdateRoomAccesses = Record<string, RoomPermissions | null>;
116
+ declare function permissionMatrixFromScopes(scopes: RoomPermissions): PermissionMatrix;
128
117
  declare function hasPermissionAccess(matrix: Partial<PermissionMatrix>, resource: PermissionResources, requiredAccess: RequiredAccessLevel): boolean;
129
- declare function normalizeRoomPermissionInput(input: RoomPermissionInput): RoomPermission;
130
- declare function normalizeRoomAccessesInput(input: RoomAccessesInput | undefined): RoomAccesses | undefined;
131
- declare function normalizeRoomAccessesUpdateInput(input: RoomAccessesUpdateInput | undefined): Record<string, RoomPermission | null> | undefined;
132
- declare function mergePermissionMatrices(sources: readonly PermissionMatrix[]): PermissionMatrix;
133
- declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermission;
134
- declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: RoomPermissionSources): Permission[];
118
+ declare function normalizeRoomPermissions(permissions: string[] | readonly string[]): RoomPermissions;
119
+ declare function normalizeRoomAccesses(accesses: RoomAccesses | undefined): RoomAccesses | undefined;
120
+ declare function normalizeUpdateRoomAccesses(accesses: UpdateRoomAccesses | undefined): UpdateRoomAccesses | undefined;
121
+ declare function mergePermissionMatrices(matrices: PermissionMatrix[]): PermissionMatrix;
122
+ declare function permissionMatrixToScopes(matrix: PermissionMatrix): RoomPermissions;
123
+ /**
124
+ * Merges permission scopes from multiple sources, by priority: explicit user
125
+ * accesses override group accesses, which override the room defaults. Groups
126
+ * all share the same priority, so they are first merged together by taking
127
+ * the highest access level per feature (and base).
128
+ */
129
+ declare function mergeRoomPermissionScopes({ defaultAccesses, groupsAccesses, userAccesses, }: {
130
+ defaultAccesses: RoomPermissions;
131
+ groupsAccesses: RoomPermissions[];
132
+ userAccesses: RoomPermissions;
133
+ }): RoomPermissions;
134
+ /**
135
+ * Validates a set of permissions:
136
+ * - every scope must be a known permission scope,
137
+ * - exactly one base permission is required (*:read, *:write, or the legacy
138
+ * aliases room:read, room:write),
139
+ * - at most one scope per feature (storage, comments, feeds, ...),
140
+ * - room:presence:write is accepted as an extra legacy scope.
141
+ *
142
+ * Returns `true` when the set is valid, or an error message otherwise.
143
+ */
144
+ declare function validatePermissionsSet(scopes: readonly string[]): true | string;
135
145
 
136
146
  type CustomAuthenticationResult = Relax<{
137
147
  token: string;
@@ -1754,7 +1764,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
1754
1764
  subscriptions: SubscriptionData[];
1755
1765
  requestedAt: Date;
1756
1766
  nextCursor: string | null;
1757
- permissionHints: Record<string, Permission[]>;
1767
+ permissionHints: Record<string, RoomPermissions>;
1758
1768
  }>;
1759
1769
  getThreadsSince(options: {
1760
1770
  roomId: string;
@@ -1774,7 +1784,7 @@ interface RoomHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> {
1774
1784
  deleted: SubscriptionDeleteInfo[];
1775
1785
  };
1776
1786
  requestedAt: Date;
1777
- permissionHints: Record<string, Permission[]>;
1787
+ permissionHints: Record<string, RoomPermissions>;
1778
1788
  }>;
1779
1789
  searchComments(options: {
1780
1790
  roomId: string;
@@ -2024,7 +2034,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
2024
2034
  subscriptions: SubscriptionData[];
2025
2035
  nextCursor: string | null;
2026
2036
  requestedAt: Date;
2027
- permissionHints: Record<string, Permission[]>;
2037
+ permissionHints: Record<string, RoomPermissions>;
2028
2038
  }>;
2029
2039
  getUserThreadsSince_experimental(options: {
2030
2040
  since: Date;
@@ -2043,7 +2053,7 @@ interface LiveblocksHttpApi<TM extends BaseMetadata, CM extends BaseMetadata> ex
2043
2053
  deleted: SubscriptionDeleteInfo[];
2044
2054
  };
2045
2055
  requestedAt: Date;
2046
- permissionHints: Record<string, Permission[]>;
2056
+ permissionHints: Record<string, RoomPermissions>;
2047
2057
  }>;
2048
2058
  groupsStore: BatchStore<GroupData | undefined, string>;
2049
2059
  getGroup(groupId: string): Promise<GroupData | undefined>;
@@ -3852,7 +3862,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
3852
3862
  subscriptions: SubscriptionData[];
3853
3863
  requestedAt: Date;
3854
3864
  nextCursor: string | null;
3855
- permissionHints: Record<string, Permission[]>;
3865
+ permissionHints: Record<string, RoomPermissions>;
3856
3866
  }>;
3857
3867
  /**
3858
3868
  * Returns the updated and deleted threads and their associated inbox notifications and subscriptions since the requested date.
@@ -3876,7 +3886,7 @@ type Room<P extends JsonObject = DP, S extends LsonObject = DS, U extends BaseUs
3876
3886
  deleted: SubscriptionDeleteInfo[];
3877
3887
  };
3878
3888
  requestedAt: Date;
3879
- permissionHints: Record<string, Permission[]>;
3889
+ permissionHints: Record<string, RoomPermissions>;
3880
3890
  }>;
3881
3891
  /**
3882
3892
  * Returns a thread and the associated inbox notification and subscription if it exists.
@@ -5769,4 +5779,4 @@ type EnsureJson<T> = T extends Json ? T : T extends Array<infer I> ? (EnsureJson
5769
5779
  [K in keyof T as EnsureJson<T[K]> extends never ? never : K]: EnsureJson<T[K]>;
5770
5780
  };
5771
5781
 
5772
- export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomAccessesInput, type RoomAccessesUpdateInput, type RoomEventMessage, type RoomPermission, type RoomPermissionGrant, type RoomPermissionInput, type RoomPermissionSources, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccessesInput, normalizeRoomAccessesUpdateInput, normalizeRoomPermissionInput, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, wait, warnOnce, warnOnceIf, withTimeout };
5782
+ export { type AccessLevel, type ActivityData, type AiAssistantContentPart, type AiAssistantMessage, type AiChat, type AiChatMessage, type AiChatsQuery, type AiKnowledgeRetrievalPart, type AiKnowledgeSource, type AiOpaqueToolDefinition, type AiOpaqueToolInvocationProps, type AiReasoningPart, type AiRetrievalPart, type AiSourcesPart, type AiTextPart, type AiToolDefinition, type AiToolExecuteCallback, type AiToolExecuteContext, type AiToolInvocationPart, type AiToolInvocationProps, type AiToolTypePack, type AiUrlSource, type AiUserMessage, type AiWebRetrievalPart, type AsyncError, type AsyncLoading, type AsyncResult, type AsyncSuccess, type Awaitable, type BaseActivitiesData, type BaseAuthResult, type BaseGroupInfo, type BaseMetadata, type BaseRoomInfo, type BaseUserMeta, type Brand, type BroadcastEventClientMsg, type BroadcastOptions, type BroadcastedEventServerMsg, type ChildStorageNode, type Client, type ClientMsg, ClientMsgCode, type ClientOptions, type ClientWireOp, type CommentAttachment, type CommentBody, type CommentBodyBlockElement, type CommentBodyElement, type CommentBodyInlineElement, type CommentBodyLink, type CommentBodyLinkElementArgs, type CommentBodyMention, type CommentBodyMentionElementArgs, type CommentBodyParagraph, type CommentBodyParagraphElementArgs, type CommentBodyText, type CommentBodyTextElementArgs, type CommentData, type CommentDataPlain, type CommentLocalAttachment, type CommentMixedAttachment, type CommentReaction, type CommentUserReaction, type CommentUserReactionPlain, type CommentsEventServerMsg, type CompactChildNode, type CompactListNode, type CompactMapNode, type CompactNode, type CompactObjectNode, type CompactRegisterNode, type CompactRootNode, type ContextualPromptContext, type ContextualPromptResponse, type CopilotId, CrdtType, type CreateListOp, type CreateManagedPoolOptions, type CreateMapOp, type CreateObjectOp, type CreateOp, type CreateRegisterOp, type Cursor, type CustomAuthenticationResult, type DAD, type DCM, type DE, type DFM, type DFMD, type DGI, type DP, type DRI, type DS, type DTM, type DU, DefaultMap, type Delegates, type DeleteCrdtOp, type DeleteObjectKeyOp, Deque, DerivedSignal, DevToolsTreeNode as DevTools, protocol as DevToolsMsg, type DistributiveOmit, type EnsureJson, type EnterOptions, type EventSource, type Feed, type FeedCreateMetadata, type FeedDeletedServerMsg, type FeedFetchMetadataFilter, type FeedMessage, type FeedMessagesAddedServerMsg, type FeedMessagesDeletedServerMsg, type FeedMessagesListServerMsg, type FeedMessagesUpdatedServerMsg, type FeedRequestError, FeedRequestErrorCode, type FeedRequestFailedServerMsg, type FeedUpdateMetadata, type FeedsAddedServerMsg, type FeedsEventServerMsg, type FeedsListServerMsg, type FeedsUpdatedServerMsg, type FetchStorageClientMsg, type FetchYDocClientMsg, type GetThreadsOptions, type GroupData, type GroupDataPlain, type GroupMemberData, type GroupMentionData, type GroupScopes, type HasOpId, type History, type HistoryVersion, HttpError, type ISODateString, type ISignal, type IUserInfo, type IWebSocket, type IWebSocketCloseEvent, type IWebSocketEvent, type IWebSocketInstance, type IWebSocketMessageEvent, type IYjsProvider, type IgnoredOp, type Immutable, type InboxNotificationCustomData, type InboxNotificationCustomDataPlain, type InboxNotificationData, type InboxNotificationDataPlain, type InboxNotificationDeleteInfo, type InboxNotificationTextMentionData, type InboxNotificationTextMentionDataPlain, type InboxNotificationThreadData, type InboxNotificationThreadDataPlain, type InferFromSchema, type Json, type JsonArray, type JsonObject, type JsonScalar, type KDAD, type LayerKey, type ListStorageNode, LiveList, type LiveListUpdate, LiveMap, type LiveMapUpdate, type LiveNode, LiveObject, type LiveObjectUpdate, type LiveStructure, LiveblocksError, type LiveblocksErrorContext, type LostConnectionEvent, type Lson, type LsonObject, MENTION_CHARACTER, type ManagedPool, type MapStorageNode, type MentionData, type MessageId, MutableSignal, type NoInfr, type NodeMap, type NodeStream, type NotificationChannel, type NotificationChannelSettings, type NotificationKind, type NotificationSettings, type NotificationSettingsPlain, type ObjectStorageNode, type Observable, type Op, OpCode, type OpaqueClient, type OpaqueRoom, type OptionalTupleUnless, type OthersEvent, type ParentToChildNodeMap, type PartialNotificationSettings, type PartialUnless, type Patchable, Permission, type PermissionMatrix, type PermissionResources, type PlainLson, type PlainLsonFields, type PlainLsonList, type PlainLsonMap, type PlainLsonObject, type Poller, type PrivateClientApi, type PrivateRoomApi, Promise_withResolvers, type QueryMetadata, type QueryParams, type ReadonlyJson, type ReadonlyJsonObject, type RegisterStorageNode, type RejectedStorageOpServerMsg, type Relax, type RenderableToolResultResponse, type RequiredAccessLevel, type Resolve, type ResolveGroupsInfoArgs, type ResolveMentionSuggestionsArgs, type ResolveRoomsInfoArgs, type ResolveUsersArgs, type Room, type RoomAccesses, type RoomEventMessage, type RoomPermissions, type RoomStateServerMsg, type RoomSubscriptionSettings, type RootStorageNode, type SearchCommentsResult, type SerializedChild, type SerializedCrdt, type SerializedList, type SerializedMap, type SerializedObject, type SerializedRegister, type SerializedRootObject, type ServerMsg, ServerMsgCode, type ServerWireOp, type SetParentKeyOp, Signal, type SignalType, SortedList, type Status, type StorageChunkServerMsg, type StorageNode, type StorageStatus, type StorageUpdate, type StringifyCommentBodyElements, type StringifyCommentBodyOptions, type SubscriptionData, type SubscriptionDataPlain, type SubscriptionDeleteInfo, type SubscriptionDeleteInfoPlain, type SubscriptionKey, type SyncConfig, type SyncMode, type SyncSource, type SyncStatus, TextEditorType, type ThreadData, type ThreadDataPlain, type ThreadDataWithDeleteInfo, type ThreadDeleteInfo, type ToJson, type ToolResultResponse, type URLSafeString, type UnsubscribeCallback, type UpdateObjectOp, type UpdatePresenceClientMsg, type UpdatePresenceServerMsg, type UpdateRoomAccesses, type UpdateStorageClientMsg, type UpdateStorageServerMsg, type UpdateYDocClientMsg, type UploadAttachmentOptions, type UrlMetadata, type User, type UserJoinServerMsg, type UserLeftServerMsg, type UserMentionData, type UserRoomSubscriptionSettings, type UserSubscriptionData, type UserSubscriptionDataPlain, WebsocketCloseCodes, type WithNavigation, type WithOptional, type WithRequired, type YDocUpdateServerMsg, type YjsSyncStatus, asPos, assert, assertNever, autoRetry, b64decode, batch, checkBounds, chunk, cloneLson, compactNodesToNodeStream, compactObject, fancyConsole as console, convertToCommentData, convertToCommentUserReaction, convertToGroupData, convertToInboxNotificationData, convertToSubscriptionData, convertToThreadData, convertToUserSubscriptionData, createClient, createCommentAttachmentId, createCommentId, createInboxNotificationId, createManagedPool, createNotificationSettings, createThreadId, deepLiveify, defineAiTool, deprecate, deprecateIf, detectDupes, entries, errorIf, findLastIndex, freeze, generateUrl, getMentionsFromCommentBody, getSubscriptionKey, hasPermissionAccess, html, htmlSafe, isCommentBodyLink, isCommentBodyMention, isCommentBodyText, isJsonArray, isJsonObject, isJsonScalar, isListStorageNode, isLiveNode, isMapStorageNode, isNotificationChannelEnabled, isNumberOperator, isObjectStorageNode, isPlainObject, isRegisterStorageNode, isRootStorageNode, isStartsWithOperator, isUrl, kInternal, keys, makeAbortController, makeEventSource, makePoller, makePosition, mapValues, memoizeOnSuccess, mergePermissionMatrices, mergeRoomPermissionScopes, nanoid, nn, nodeStreamToCompactNodes, normalizeRoomAccesses, normalizeRoomPermissions, normalizeUpdateRoomAccesses, objectToQuery, patchNotificationSettings, permissionMatrixFromScopes, permissionMatrixToScopes, raise, resolveMentionsInCommentBody, sanitizeUrl, shallow, shallow2, stableStringify, stringifyCommentBody, throwUsageError, toPlainLson, tryParseJson, url, urljoin, validatePermissionsSet, wait, warnOnce, warnOnceIf, withTimeout };
package/dist/index.js CHANGED
@@ -6,7 +6,7 @@ var __export = (target, all) => {
6
6
 
7
7
  // src/version.ts
8
8
  var PKG_NAME = "@liveblocks/core";
9
- var PKG_VERSION = "3.20.0-perm6";
9
+ var PKG_VERSION = "3.20.0-perm8";
10
10
  var PKG_FORMAT = "esm";
11
11
 
12
12
  // src/dupe-detection.ts
@@ -5203,6 +5203,12 @@ var Permission = {
5203
5203
  LegacyRoomPresenceWrite: "room:presence:write"
5204
5204
  };
5205
5205
  var ACCESS_LEVELS = ["none", "read", "write"];
5206
+ var basePermissionScopes = /* @__PURE__ */ new Set([
5207
+ Permission.Read,
5208
+ Permission.Write,
5209
+ Permission.RoomRead,
5210
+ Permission.RoomWrite
5211
+ ]);
5206
5212
  var ACCESS_LEVEL_RANKS = {
5207
5213
  none: 0,
5208
5214
  read: 1,
@@ -5246,6 +5252,9 @@ var ROOM_PERMISSION_RESOURCES = [
5246
5252
  "feeds"
5247
5253
  ];
5248
5254
  var VALID_PERMISSIONS = new Set(Object.values(Permission));
5255
+ function isPermission(permission) {
5256
+ return VALID_PERMISSIONS.has(permission);
5257
+ }
5249
5258
  function resolveResourceAccess(scopes, resource) {
5250
5259
  const permissions = PERMISSIONS_BY_RESOURCE[resource];
5251
5260
  let resourceAccess;
@@ -5330,46 +5339,46 @@ function resolveRoomPermissionMatrix(permissions, roomId) {
5330
5339
  matrix: explicitMatrix
5331
5340
  });
5332
5341
  }
5333
- function normalizeRoomPermissionInput(input) {
5334
- if (!Array.isArray(input)) {
5342
+ function normalizeRoomPermissions(permissions) {
5343
+ if (!Array.isArray(permissions)) {
5335
5344
  throw new Error("Permission list must be an array");
5336
5345
  }
5337
- return input.map((permission) => {
5338
- if (!VALID_PERMISSIONS.has(permission)) {
5346
+ return permissions.map((permission) => {
5347
+ if (!isPermission(permission)) {
5339
5348
  throw new Error(`Not a valid permission: ${permission}`);
5340
5349
  }
5341
5350
  return permission;
5342
5351
  });
5343
5352
  }
5344
- function normalizeRoomAccessesInput(input) {
5345
- if (input === void 0) {
5353
+ function normalizeRoomAccesses(accesses) {
5354
+ if (accesses === void 0) {
5346
5355
  return void 0;
5347
5356
  }
5348
5357
  return Object.fromEntries(
5349
- Object.entries(input).map(([id, permissions]) => [
5358
+ Object.entries(accesses).map(([id, permissions]) => [
5350
5359
  id,
5351
- normalizeRoomPermissionInput(permissions)
5360
+ normalizeRoomPermissions(permissions)
5352
5361
  ])
5353
5362
  );
5354
5363
  }
5355
- function normalizeRoomAccessesUpdateInput(input) {
5356
- if (input === void 0) {
5364
+ function normalizeUpdateRoomAccesses(accesses) {
5365
+ if (accesses === void 0) {
5357
5366
  return void 0;
5358
5367
  }
5359
5368
  return Object.fromEntries(
5360
- Object.entries(input).map(([id, permissions]) => [
5369
+ Object.entries(accesses).map(([id, permissions]) => [
5361
5370
  id,
5362
- permissions === null ? null : normalizeRoomPermissionInput(permissions)
5371
+ permissions === null ? null : normalizeRoomPermissions(permissions)
5363
5372
  ])
5364
5373
  );
5365
5374
  }
5366
- function mergePermissionMatrices(sources) {
5375
+ function mergePermissionMatrices(matrices) {
5367
5376
  return {
5368
- room: strongestMatrixAccess(sources, "room"),
5369
- storage: strongestMatrixAccess(sources, "storage"),
5370
- comments: strongestMatrixAccess(sources, "comments"),
5371
- feeds: strongestMatrixAccess(sources, "feeds"),
5372
- personal: strongestMatrixAccess(sources, "personal")
5377
+ room: strongestMatrixAccess(matrices, "room"),
5378
+ storage: strongestMatrixAccess(matrices, "storage"),
5379
+ comments: strongestMatrixAccess(matrices, "comments"),
5380
+ feeds: strongestMatrixAccess(matrices, "feeds"),
5381
+ personal: strongestMatrixAccess(matrices, "personal")
5373
5382
  };
5374
5383
  }
5375
5384
  function permissionMatrixToScopes(matrix) {
@@ -5392,11 +5401,53 @@ function mergeRoomPermissionScopes({
5392
5401
  userAccesses
5393
5402
  }) {
5394
5403
  const sources = [
5395
- permissionMatrixFromScopes(defaultAccesses),
5396
- ...groupsAccesses.map((scopes) => permissionMatrixFromScopes(scopes)),
5397
- ...userAccesses !== void 0 ? [permissionMatrixFromScopes(userAccesses)] : []
5404
+ resolvePermissionScopes(defaultAccesses),
5405
+ mergeResolvedScopesByHighestAccess(
5406
+ groupsAccesses.map(resolvePermissionScopes)
5407
+ ),
5408
+ resolvePermissionScopes(userAccesses)
5398
5409
  ];
5399
- return permissionMatrixToScopes(mergePermissionMatrices(sources));
5410
+ const merged = {
5411
+ hasDefaultPermission: false,
5412
+ baseAccess: "none",
5413
+ matrix: {}
5414
+ };
5415
+ for (const source of sources) {
5416
+ if (source.hasDefaultPermission) {
5417
+ merged.hasDefaultPermission = true;
5418
+ merged.baseAccess = source.baseAccess;
5419
+ }
5420
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5421
+ const access = source.matrix[resource];
5422
+ if (access !== void 0) {
5423
+ merged.matrix[resource] = access;
5424
+ }
5425
+ }
5426
+ }
5427
+ return permissionMatrixToScopes(permissionMatrixFromResolvedScopes(merged));
5428
+ }
5429
+ function mergeResolvedScopesByHighestAccess(sources) {
5430
+ const merged = {
5431
+ hasDefaultPermission: false,
5432
+ baseAccess: "none",
5433
+ matrix: {}
5434
+ };
5435
+ for (const source of sources) {
5436
+ if (source.hasDefaultPermission) {
5437
+ merged.hasDefaultPermission = true;
5438
+ merged.baseAccess = strongestAccess(merged.baseAccess, source.baseAccess);
5439
+ }
5440
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5441
+ const access = source.matrix[resource];
5442
+ if (access !== void 0) {
5443
+ merged.matrix[resource] = strongestAccess(
5444
+ merged.matrix[resource] ?? "none",
5445
+ access
5446
+ );
5447
+ }
5448
+ }
5449
+ }
5450
+ return merged;
5400
5451
  }
5401
5452
  function permissionForAccessLevel(resource, access, field = resource) {
5402
5453
  const levels = PERMISSIONS_BY_RESOURCE[resource];
@@ -5408,9 +5459,9 @@ function permissionForAccessLevel(resource, access, field = resource) {
5408
5459
  }
5409
5460
  return permissions[0];
5410
5461
  }
5411
- function strongestMatrixAccess(sources, resource) {
5412
- return sources.reduce(
5413
- (strongest, source) => strongestAccess(strongest, source[resource]),
5462
+ function strongestMatrixAccess(matrices, resource) {
5463
+ return matrices.reduce(
5464
+ (strongest, matrix) => strongestAccess(strongest, matrix[resource]),
5414
5465
  "none"
5415
5466
  );
5416
5467
  }
@@ -5426,6 +5477,28 @@ function resourceMatchesRoomId(resource, roomId) {
5426
5477
  function getResourceSpecificity(resource) {
5427
5478
  return resource.replace("*", "").length;
5428
5479
  }
5480
+ function validatePermissionsSet(scopes) {
5481
+ const unknownScopes = scopes.filter((scope) => !VALID_PERMISSIONS.has(scope));
5482
+ if (unknownScopes.length > 0) {
5483
+ return `Unknown permission scope(s): ${unknownScopes.join(", ")}`;
5484
+ }
5485
+ const baseScopes = scopes.filter((scope) => basePermissionScopes.has(scope));
5486
+ if (baseScopes.length !== 1) {
5487
+ return `Permissions must include exactly one of ${Permission.Read}, ${Permission.Write} (or the legacy aliases ${Permission.RoomRead}, ${Permission.RoomWrite}), got ${baseScopes.length === 0 ? "none" : baseScopes.join(", ")}`;
5488
+ }
5489
+ const seenFeatures = /* @__PURE__ */ new Set();
5490
+ for (const scope of scopes) {
5491
+ if (basePermissionScopes.has(scope) || scope === Permission.LegacyRoomPresenceWrite) {
5492
+ continue;
5493
+ }
5494
+ const feature = scope.slice(0, scope.indexOf(":"));
5495
+ if (seenFeatures.has(feature)) {
5496
+ return `Permissions can include at most one scope per feature, got multiple "${feature}" scopes`;
5497
+ }
5498
+ seenFeatures.add(feature);
5499
+ }
5500
+ return true;
5501
+ }
5429
5502
 
5430
5503
  // src/protocol/AuthToken.ts
5431
5504
  function isValidAuthTokenPayload(data) {
@@ -5593,7 +5666,7 @@ function makeCachedToken(token, expiresAt) {
5593
5666
  function getAuthTokenPermissionScopes(permissions) {
5594
5667
  return Object.entries(permissions).map(([resource, scopes]) => ({
5595
5668
  resource,
5596
- scopes
5669
+ scopes: normalizeRoomPermissions(scopes)
5597
5670
  }));
5598
5671
  }
5599
5672
  function cachedTokenSatisfiesRequest(cachedToken, request) {
@@ -9501,23 +9574,15 @@ var ClientMsgCode = Object.freeze({
9501
9574
 
9502
9575
  // src/refs/ManagedOthers.ts
9503
9576
  function makeUser(conn, presence) {
9504
- const { connectionId, id, info } = conn;
9505
- const canWrite = hasPermissionAccess(
9506
- conn.permissionMatrix,
9507
- "storage",
9508
- "write"
9509
- );
9577
+ const { connectionId, id, info, access } = conn;
9578
+ const { canWrite, canComment } = access;
9510
9579
  return freeze(
9511
9580
  compactObject({
9512
9581
  connectionId,
9513
9582
  id,
9514
9583
  info,
9515
9584
  canWrite,
9516
- canComment: hasPermissionAccess(
9517
- conn.permissionMatrix,
9518
- "comments",
9519
- "write"
9520
- ),
9585
+ canComment,
9521
9586
  isReadOnly: !canWrite,
9522
9587
  // Deprecated, kept for backward-compatibility
9523
9588
  presence
@@ -9588,7 +9653,7 @@ var ManagedOthers = class {
9588
9653
  * Records a known connection. This records the connection ID and the
9589
9654
  * associated metadata.
9590
9655
  */
9591
- setConnection(connectionId, metaUserId, metaUserInfo, scopes) {
9656
+ setConnection(connectionId, metaUserId, metaUserInfo, access) {
9592
9657
  this.#internal.mutate((state) => {
9593
9658
  state.connections.set(
9594
9659
  connectionId,
@@ -9596,7 +9661,7 @@ var ManagedOthers = class {
9596
9661
  connectionId,
9597
9662
  id: metaUserId,
9598
9663
  info: metaUserInfo,
9599
- permissionMatrix: permissionMatrixFromScopes(scopes)
9664
+ access
9600
9665
  })
9601
9666
  );
9602
9667
  if (!state.presences.has(connectionId)) {
@@ -9749,6 +9814,14 @@ function defaultMessageFromContext(context) {
9749
9814
 
9750
9815
  // src/room.ts
9751
9816
  var FEEDS_TIMEOUT = 5e3;
9817
+ function connectionAccessFromScopes(scopes) {
9818
+ const roomPermissions = normalizeRoomPermissions(scopes);
9819
+ const matrix = permissionMatrixFromScopes(roomPermissions);
9820
+ return {
9821
+ canWrite: hasPermissionAccess(matrix, "storage", "write"),
9822
+ canComment: hasPermissionAccess(matrix, "comments", "write")
9823
+ };
9824
+ }
9752
9825
  function makeIdFactory(connectionId) {
9753
9826
  let count = 0;
9754
9827
  return () => `${connectionId}:${count++}`;
@@ -10339,7 +10412,9 @@ function createRoom(options, config) {
10339
10412
  context.dynamicSessionInfoSig.set({
10340
10413
  actor: message.actor,
10341
10414
  nonce: message.nonce,
10342
- permissionMatrix: permissionMatrixFromScopes(message.scopes),
10415
+ permissionMatrix: permissionMatrixFromScopes(
10416
+ normalizeRoomPermissions(message.scopes)
10417
+ ),
10343
10418
  meta: message.meta
10344
10419
  });
10345
10420
  context.idFactory = makeIdFactory(message.actor);
@@ -10360,7 +10435,7 @@ function createRoom(options, config) {
10360
10435
  connectionId,
10361
10436
  user.id,
10362
10437
  user.info,
10363
- user.scopes
10438
+ connectionAccessFromScopes(user.scopes)
10364
10439
  );
10365
10440
  }
10366
10441
  return { type: "reset" };
@@ -10380,7 +10455,7 @@ function createRoom(options, config) {
10380
10455
  message.actor,
10381
10456
  message.id,
10382
10457
  message.info,
10383
- message.scopes
10458
+ connectionAccessFromScopes(message.scopes)
10384
10459
  );
10385
10460
  context.buffer.messages.push({
10386
10461
  type: ClientMsgCode.UPDATE_PRESENCE,
@@ -11746,7 +11821,6 @@ function createClient(options) {
11746
11821
  ),
11747
11822
  authenticate: async () => {
11748
11823
  const resp = await authManager.getAuthValue({
11749
- // TODO: Should we have permissions for AI Copilots?
11750
11824
  resource: "personal",
11751
11825
  access: "write"
11752
11826
  });
@@ -12690,9 +12764,9 @@ export {
12690
12764
  nanoid,
12691
12765
  nn,
12692
12766
  nodeStreamToCompactNodes,
12693
- normalizeRoomAccessesInput,
12694
- normalizeRoomAccessesUpdateInput,
12695
- normalizeRoomPermissionInput,
12767
+ normalizeRoomAccesses,
12768
+ normalizeRoomPermissions,
12769
+ normalizeUpdateRoomAccesses,
12696
12770
  objectToQuery,
12697
12771
  patchNotificationSettings,
12698
12772
  permissionMatrixFromScopes,
@@ -12709,6 +12783,7 @@ export {
12709
12783
  tryParseJson,
12710
12784
  url,
12711
12785
  urljoin,
12786
+ validatePermissionsSet,
12712
12787
  wait,
12713
12788
  warnOnce,
12714
12789
  warnOnceIf,