@liveblocks/core 3.21.0-private1 → 3.21.0-private3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -6,7 +6,7 @@ var __export = (target, all) => {
6
6
 
7
7
  // src/version.ts
8
8
  var PKG_NAME = "@liveblocks/core";
9
- var PKG_VERSION = "3.21.0-private1";
9
+ var PKG_VERSION = "3.21.0-private3";
10
10
  var PKG_FORMAT = "esm";
11
11
 
12
12
  // src/dupe-detection.ts
@@ -1718,7 +1718,7 @@ function createApiClient({
1718
1718
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}`,
1719
1719
  await authManager.getAuthValue({
1720
1720
  roomId: options.roomId,
1721
- resource: "comments",
1721
+ resource: commentsResourceForVisibility(options.visibility),
1722
1722
  access: "write"
1723
1723
  })
1724
1724
  );
@@ -1756,7 +1756,7 @@ function createApiClient({
1756
1756
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/metadata`,
1757
1757
  await authManager.getAuthValue({
1758
1758
  roomId: options.roomId,
1759
- resource: "comments",
1759
+ resource: commentsResourceForVisibility(options.visibility),
1760
1760
  access: "write"
1761
1761
  }),
1762
1762
  options.metadata
@@ -1767,7 +1767,7 @@ function createApiClient({
1767
1767
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments/${options.commentId}/metadata`,
1768
1768
  await authManager.getAuthValue({
1769
1769
  roomId: options.roomId,
1770
- resource: "comments",
1770
+ resource: commentsResourceForVisibility(options.visibility),
1771
1771
  access: "write"
1772
1772
  }),
1773
1773
  options.metadata
@@ -1779,7 +1779,7 @@ function createApiClient({
1779
1779
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments`,
1780
1780
  await authManager.getAuthValue({
1781
1781
  roomId: options.roomId,
1782
- resource: "comments",
1782
+ resource: commentsResourceForVisibility(options.visibility),
1783
1783
  access: "write"
1784
1784
  }),
1785
1785
  {
@@ -1796,7 +1796,7 @@ function createApiClient({
1796
1796
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments/${options.commentId}`,
1797
1797
  await authManager.getAuthValue({
1798
1798
  roomId: options.roomId,
1799
- resource: "comments",
1799
+ resource: commentsResourceForVisibility(options.visibility),
1800
1800
  access: "write"
1801
1801
  }),
1802
1802
  {
@@ -1812,7 +1812,7 @@ function createApiClient({
1812
1812
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments/${options.commentId}`,
1813
1813
  await authManager.getAuthValue({
1814
1814
  roomId: options.roomId,
1815
- resource: "comments",
1815
+ resource: commentsResourceForVisibility(options.visibility),
1816
1816
  access: "write"
1817
1817
  })
1818
1818
  );
@@ -1822,7 +1822,7 @@ function createApiClient({
1822
1822
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments/${options.commentId}/reactions`,
1823
1823
  await authManager.getAuthValue({
1824
1824
  roomId: options.roomId,
1825
- resource: "comments",
1825
+ resource: commentsResourceForVisibility(options.visibility),
1826
1826
  access: "write"
1827
1827
  }),
1828
1828
  { emoji: options.emoji }
@@ -1834,7 +1834,7 @@ function createApiClient({
1834
1834
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/comments/${options.commentId}/reactions/${options.emoji}`,
1835
1835
  await authManager.getAuthValue({
1836
1836
  roomId: options.roomId,
1837
- resource: "comments",
1837
+ resource: commentsResourceForVisibility(options.visibility),
1838
1838
  access: "write"
1839
1839
  })
1840
1840
  );
@@ -1844,7 +1844,7 @@ function createApiClient({
1844
1844
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/mark-as-resolved`,
1845
1845
  await authManager.getAuthValue({
1846
1846
  roomId: options.roomId,
1847
- resource: "comments",
1847
+ resource: commentsResourceForVisibility(options.visibility),
1848
1848
  access: "write"
1849
1849
  })
1850
1850
  );
@@ -1854,7 +1854,7 @@ function createApiClient({
1854
1854
  url`/v2/c/rooms/${options.roomId}/threads/${options.threadId}/mark-as-unresolved`,
1855
1855
  await authManager.getAuthValue({
1856
1856
  roomId: options.roomId,
1857
- resource: "comments",
1857
+ resource: commentsResourceForVisibility(options.visibility),
1858
1858
  access: "write"
1859
1859
  })
1860
1860
  );
@@ -5207,9 +5207,6 @@ var Permission = {
5207
5207
  CommentsPrivateWrite: "comments:private:write",
5208
5208
  CommentsPrivateRead: "comments:private:read",
5209
5209
  CommentsPrivateNone: "comments:private:none",
5210
- CommentsPersonalWrite: "comments:personal:write",
5211
- CommentsPersonalRead: "comments:personal:read",
5212
- CommentsPersonalNone: "comments:personal:none",
5213
5210
  /**
5214
5211
  * Feeds
5215
5212
  */
@@ -5227,75 +5224,11 @@ var ACCESS_LEVEL_RANKS = {
5227
5224
  read: 1,
5228
5225
  write: 2
5229
5226
  };
5230
- var BASE_PERMISSIONS_BY_ACCESS = {
5231
- read: [Permission.Read, Permission.RoomRead],
5232
- write: [Permission.Write, Permission.RoomWrite]
5233
- };
5234
- var NO_PERMISSION_MATRIX = {
5235
- room: "none",
5236
- storage: "none",
5237
- comments: "none",
5238
- "comments:public": "none",
5239
- "comments:private": "none",
5240
- "comments:personal": "none",
5241
- feeds: "none",
5242
- personal: "none"
5243
- };
5244
- var BASE_PERMISSION_RESOURCE = "room";
5245
- var basePermissionScopes = /* @__PURE__ */ new Set([
5246
- Permission.Read,
5247
- Permission.Write,
5248
- Permission.RoomRead,
5249
- Permission.RoomWrite
5250
- ]);
5251
- var ROOM_PERMISSION_RESOURCES = Object.freeze([
5252
- "storage",
5253
- "comments",
5254
- "comments:public",
5255
- "comments:private",
5256
- "comments:personal",
5257
- "feeds"
5258
- ]);
5259
- var CHILD_ROOM_PERMISSION_RESOURCES = (() => {
5260
- const result = /* @__PURE__ */ new Map();
5261
- for (const resource of ROOM_PERMISSION_RESOURCES) {
5262
- const childResourcePrefix = `${resource}:`;
5263
- result.set(
5264
- resource,
5265
- Object.freeze(
5266
- ROOM_PERMISSION_RESOURCES.filter((candidate) => {
5267
- if (!candidate.startsWith(childResourcePrefix)) {
5268
- return false;
5269
- }
5270
- return !candidate.slice(childResourcePrefix.length).includes(":");
5271
- })
5272
- )
5273
- );
5274
- }
5275
- return result;
5276
- })();
5277
- var LEAF_ROOM_PERMISSION_RESOURCES_BY_PARENT = (() => {
5278
- const result = /* @__PURE__ */ new Map();
5279
- for (const resource of ROOM_PERMISSION_RESOURCES) {
5280
- result.set(resource, Object.freeze(getLeafResources(resource)));
5281
- }
5282
- return result;
5283
- })();
5284
- var PARENT_ROOM_PERMISSION_RESOURCES = (() => {
5285
- const result = /* @__PURE__ */ new Map();
5286
- for (const parentResource of ROOM_PERMISSION_RESOURCES) {
5287
- for (const childResource of childResourcesOf(parentResource)) {
5288
- result.set(childResource, parentResource);
5289
- }
5290
- }
5291
- return result;
5292
- })();
5293
- var LEAF_ROOM_PERMISSION_RESOURCES = Object.freeze(
5294
- ROOM_PERMISSION_RESOURCES.filter(
5295
- (resource) => childResourcesOf(resource).length === 0
5296
- )
5297
- );
5298
- var PERMISSIONS_BY_ROOM_RESOURCE = {
5227
+ var PERMISSIONS_BY_RESOURCE = {
5228
+ room: {
5229
+ read: [Permission.Read, Permission.RoomRead],
5230
+ write: [Permission.Write, Permission.RoomWrite]
5231
+ },
5299
5232
  storage: {
5300
5233
  write: [Permission.StorageWrite],
5301
5234
  read: [Permission.StorageRead],
@@ -5316,31 +5249,143 @@ var PERMISSIONS_BY_ROOM_RESOURCE = {
5316
5249
  read: [Permission.CommentsPrivateRead],
5317
5250
  none: [Permission.CommentsPrivateNone]
5318
5251
  },
5319
- "comments:personal": {
5320
- write: [Permission.CommentsPersonalWrite],
5321
- read: [Permission.CommentsPersonalRead],
5322
- none: [Permission.CommentsPersonalNone]
5323
- },
5324
5252
  feeds: {
5325
5253
  write: [Permission.FeedsWrite],
5326
5254
  read: [Permission.FeedsRead],
5327
5255
  none: [Permission.FeedsNone]
5328
5256
  }
5329
5257
  };
5258
+ var NO_PERMISSION_MATRIX = {
5259
+ room: "none",
5260
+ storage: "none",
5261
+ comments: "none",
5262
+ "comments:public": "none",
5263
+ "comments:private": "none",
5264
+ feeds: "none",
5265
+ personal: "none"
5266
+ };
5267
+ var BASE_PERMISSION_RESOURCE = "room";
5268
+ var ROOM_PERMISSION_RESOURCES = [
5269
+ "storage",
5270
+ "comments",
5271
+ "comments:public",
5272
+ "comments:private",
5273
+ "feeds"
5274
+ ];
5275
+ var COMMENT_VISIBILITY_RESOURCES = [
5276
+ "comments:public",
5277
+ "comments:private"
5278
+ ];
5279
+ var basePermissionScopes = /* @__PURE__ */ new Set([
5280
+ Permission.Read,
5281
+ Permission.Write,
5282
+ Permission.RoomRead,
5283
+ Permission.RoomWrite
5284
+ ]);
5330
5285
  var VALID_PERMISSIONS = new Set(Object.values(Permission));
5286
+ function isPermission(permission) {
5287
+ return VALID_PERMISSIONS.has(permission);
5288
+ }
5289
+ function resolveResourceAccess(scopes, resource) {
5290
+ const permissions = PERMISSIONS_BY_RESOURCE[resource];
5291
+ let resourceAccess;
5292
+ for (const access of ACCESS_LEVELS) {
5293
+ const scopedPermissions = permissions[access];
5294
+ if (scopedPermissions !== void 0 && scopedPermissions.some((permission) => scopes.includes(permission))) {
5295
+ resourceAccess = access;
5296
+ }
5297
+ }
5298
+ return resourceAccess;
5299
+ }
5300
+ function explicitPermissionMatrixFromScopes(scopes) {
5301
+ const matrix = {};
5302
+ const baseAccess = resolveResourceAccess(scopes, BASE_PERMISSION_RESOURCE);
5303
+ if (baseAccess !== void 0) {
5304
+ matrix.room = baseAccess;
5305
+ }
5306
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5307
+ const access = resolveResourceAccess(scopes, resource);
5308
+ if (access !== void 0) {
5309
+ matrix[resource] = access;
5310
+ }
5311
+ }
5312
+ return matrix;
5313
+ }
5314
+ function permissionMatrixFromExplicitPermissions(explicitMatrix) {
5315
+ const baseAccess = explicitMatrix.room;
5316
+ if (baseAccess === void 0) {
5317
+ return { ...NO_PERMISSION_MATRIX };
5318
+ }
5319
+ const commentsAccess = explicitMatrix.comments ?? baseAccess;
5320
+ return {
5321
+ room: baseAccess,
5322
+ storage: explicitMatrix.storage ?? baseAccess,
5323
+ comments: commentsAccess,
5324
+ "comments:public": explicitMatrix["comments:public"] ?? commentsAccess,
5325
+ "comments:private": explicitMatrix["comments:private"] ?? commentsAccess,
5326
+ feeds: explicitMatrix.feeds ?? baseAccess,
5327
+ personal: "write"
5328
+ };
5329
+ }
5330
+ function permissionMatrixFromScopes(scopes) {
5331
+ return permissionMatrixFromExplicitPermissions(
5332
+ explicitPermissionMatrixFromScopes(scopes)
5333
+ );
5334
+ }
5335
+ function hasPermissionAccess(matrix, resource, requiredAccess) {
5336
+ const requiredRank = ACCESS_LEVEL_RANKS[requiredAccess];
5337
+ if (resource === "comments") {
5338
+ const commentsRank = Math.max(
5339
+ ACCESS_LEVEL_RANKS[matrix.comments ?? "none"],
5340
+ ACCESS_LEVEL_RANKS[matrix["comments:public"] ?? "none"],
5341
+ ACCESS_LEVEL_RANKS[matrix["comments:private"] ?? "none"]
5342
+ );
5343
+ return commentsRank >= requiredRank;
5344
+ }
5345
+ const access = matrix[resource] ?? "none";
5346
+ return ACCESS_LEVEL_RANKS[access] >= requiredRank;
5347
+ }
5348
+ function resolveRoomPermissionMatrix(permissions, roomId) {
5349
+ const matchedPermissions = permissions.filter(
5350
+ (entry) => roomPatternMatches(entry.pattern, roomId)
5351
+ );
5352
+ if (matchedPermissions.length === 0) {
5353
+ return void 0;
5354
+ }
5355
+ const matrix = {};
5356
+ const specificityByResource = {};
5357
+ for (const entry of matchedPermissions) {
5358
+ const explicitMatrix = explicitPermissionMatrixFromScopes(entry.scopes);
5359
+ const specificity = roomPatternSpecificity(entry.pattern);
5360
+ if (explicitMatrix.room !== void 0) {
5361
+ matrix.room = strongestAccess(matrix.room ?? "none", explicitMatrix.room);
5362
+ }
5363
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5364
+ const access = explicitAccessForResource(explicitMatrix, resource);
5365
+ if (access === void 0) {
5366
+ continue;
5367
+ }
5368
+ const currentSpecificity = specificityByResource[resource] ?? -1;
5369
+ if (specificity > currentSpecificity) {
5370
+ matrix[resource] = access;
5371
+ specificityByResource[resource] = specificity;
5372
+ } else if (specificity === currentSpecificity) {
5373
+ matrix[resource] = strongestAccess(matrix[resource] ?? "none", access);
5374
+ }
5375
+ }
5376
+ }
5377
+ return permissionMatrixFromExplicitPermissions(matrix);
5378
+ }
5331
5379
  function normalizeRoomPermissions(permissions) {
5332
5380
  if (!Array.isArray(permissions)) {
5333
5381
  throw new Error("Permission list must be an array");
5334
5382
  }
5335
5383
  const result = [];
5336
5384
  for (const permission of permissions) {
5337
- const knownPermission = Object.values(Permission).find(
5338
- (value) => value === permission
5339
- );
5340
- if (knownPermission === void 0) {
5385
+ if (!isPermission(permission)) {
5341
5386
  throw new Error(`Not a valid permission: ${permission}`);
5342
5387
  }
5343
- result.push(knownPermission);
5388
+ result.push(permission);
5344
5389
  }
5345
5390
  return result;
5346
5391
  }
@@ -5366,90 +5411,28 @@ function normalizeUpdateRoomAccesses(accesses) {
5366
5411
  ])
5367
5412
  );
5368
5413
  }
5369
- function validatePermissionsSet(scopes) {
5370
- const unknownScopes = scopes.filter((scope) => !VALID_PERMISSIONS.has(scope));
5371
- if (unknownScopes.length > 0) {
5372
- return `Unknown permission scope(s): ${unknownScopes.join(", ")}`;
5373
- }
5374
- const baseScopes = scopes.filter((scope) => basePermissionScopes.has(scope));
5375
- if (baseScopes.length !== 1) {
5376
- return `Permissions must include exactly one of ${Permission.Read}, ${Permission.Write} (or the legacy aliases ${Permission.RoomRead}, ${Permission.RoomWrite}), got ${baseScopes.length === 0 ? "none" : baseScopes.join(", ")}`;
5377
- }
5378
- const seenFeatures = /* @__PURE__ */ new Set();
5379
- for (const scope of scopes) {
5380
- if (basePermissionScopes.has(scope) || scope === Permission.LegacyRoomPresenceWrite) {
5381
- continue;
5382
- }
5383
- const feature = scope.split(":").slice(0, -1).join(":");
5384
- if (seenFeatures.has(feature)) {
5385
- return `Permissions can include at most one scope per feature, got multiple "${feature}" scopes`;
5386
- }
5387
- seenFeatures.add(feature);
5388
- }
5389
- return true;
5390
- }
5391
- function permissionMatrixFromScopes(scopes) {
5392
- return permissionMatrixFromResolvedScopes(resolvePermissionScopes(scopes));
5393
- }
5394
5414
  function permissionMatrixToScopes(matrix) {
5395
5415
  const scopes = [];
5396
5416
  const baseAccess = matrix.room;
5397
5417
  if (baseAccess !== "none") {
5398
5418
  scopes.push(permissionForAccessLevel(BASE_PERMISSION_RESOURCE, baseAccess));
5399
5419
  }
5400
- for (const resource of ROOM_PERMISSION_RESOURCES) {
5401
- if (parentResourceOf(resource) === void 0) {
5402
- pushResourcePermissions(scopes, matrix, resource, baseAccess);
5403
- }
5420
+ if (matrix.storage !== baseAccess) {
5421
+ scopes.push(permissionForAccessLevel("storage", matrix.storage));
5404
5422
  }
5405
- return scopes;
5406
- }
5407
- function hasPermissionAccess(matrix, resource, requiredAccess) {
5408
- const access = matrix[resource] ?? "none";
5409
- return ACCESS_LEVEL_RANKS[access] >= ACCESS_LEVEL_RANKS[requiredAccess];
5410
- }
5411
- function resolveRoomPermissionMatrix(permissions, roomId) {
5412
- const matchedPermissions = permissions.filter((entry) => {
5413
- if (entry.pattern.includes("*")) {
5414
- return roomId.startsWith(entry.pattern.replace("*", ""));
5415
- }
5416
- return entry.pattern === roomId;
5417
- });
5418
- if (matchedPermissions.length === 0) {
5419
- return void 0;
5423
+ const commentsAccess = matrix.comments;
5424
+ if (commentsAccess !== baseAccess) {
5425
+ scopes.push(permissionForAccessLevel("comments", commentsAccess));
5420
5426
  }
5421
- let hasDefaultPermission = false;
5422
- let baseAccess = "none";
5423
- const leafAccesses = {};
5424
- const leafSpecificity = {};
5425
- for (const entry of matchedPermissions) {
5426
- const resolved = resolvePermissionScopes(entry.scopes);
5427
- const specificity = entry.pattern.replace("*", "").length;
5428
- if (resolved.baseAccess !== void 0) {
5429
- hasDefaultPermission = true;
5430
- baseAccess = strongestAccess(baseAccess, resolved.baseAccess);
5431
- }
5432
- for (const resource of LEAF_ROOM_PERMISSION_RESOURCES) {
5433
- if (resolved.leafAccesses[resource] === void 0) {
5434
- continue;
5435
- }
5436
- const access = resolveLeafAccessFromSource(resolved, resource);
5437
- const currentSpecificity = leafSpecificity[resource] ?? -1;
5438
- if (specificity > currentSpecificity) {
5439
- leafAccesses[resource] = access;
5440
- leafSpecificity[resource] = specificity;
5441
- } else if (specificity === currentSpecificity) {
5442
- leafAccesses[resource] = strongestAccess(
5443
- leafAccesses[resource] ?? "none",
5444
- access
5445
- );
5446
- }
5427
+ for (const resource of COMMENT_VISIBILITY_RESOURCES) {
5428
+ if (matrix[resource] !== commentsAccess) {
5429
+ scopes.push(permissionForAccessLevel(resource, matrix[resource]));
5447
5430
  }
5448
5431
  }
5449
- return permissionMatrixFromResolvedScopes({
5450
- baseAccess: hasDefaultPermission ? baseAccess : void 0,
5451
- leafAccesses
5452
- });
5432
+ if (matrix.feeds !== baseAccess) {
5433
+ scopes.push(permissionForAccessLevel("feeds", matrix.feeds));
5434
+ }
5435
+ return scopes;
5453
5436
  }
5454
5437
  function mergeRoomPermissionScopes({
5455
5438
  defaultAccesses,
@@ -5457,139 +5440,48 @@ function mergeRoomPermissionScopes({
5457
5440
  userAccesses
5458
5441
  }) {
5459
5442
  const sources = [
5460
- resolvePermissionScopes(defaultAccesses),
5461
- mergeResolvedScopesByHighestAccess(
5462
- groupsAccesses.map(resolvePermissionScopes)
5443
+ explicitPermissionMatrixFromScopes(defaultAccesses),
5444
+ mergeExplicitPermissionMatricesByHighestAccess(
5445
+ groupsAccesses.map(explicitPermissionMatrixFromScopes)
5463
5446
  ),
5464
- resolvePermissionScopes(userAccesses)
5447
+ explicitPermissionMatrixFromScopes(userAccesses)
5465
5448
  ];
5466
- const merged = {
5467
- leafAccesses: {}
5468
- };
5449
+ const merged = {};
5469
5450
  for (const source of sources) {
5470
- if (source.baseAccess !== void 0) {
5471
- merged.baseAccess = source.baseAccess;
5451
+ if (source.room !== void 0) {
5452
+ merged.room = source.room;
5472
5453
  }
5473
- for (const resource of LEAF_ROOM_PERMISSION_RESOURCES) {
5474
- const sourceAccess = source.leafAccesses[resource];
5475
- if (sourceAccess === void 0) {
5476
- continue;
5454
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5455
+ const access = explicitAccessForResource(source, resource);
5456
+ if (access !== void 0) {
5457
+ merged[resource] = access;
5477
5458
  }
5478
- merged.leafAccesses[resource] = sourceAccess;
5479
5459
  }
5480
5460
  }
5481
- return permissionMatrixToScopes(permissionMatrixFromResolvedScopes(merged));
5482
- }
5483
- function resolvePermissionScopes(scopes) {
5484
- const baseAccess = resolveAccess(scopes, BASE_PERMISSIONS_BY_ACCESS);
5485
- const leafAccesses = {};
5486
- for (const resource of ROOM_PERMISSION_RESOURCES) {
5487
- const access = resolveResourceAccess(scopes, resource);
5488
- if (access !== void 0) {
5489
- for (const leafResource of leafResourcesOf(resource)) {
5490
- leafAccesses[leafResource] = access;
5491
- }
5492
- }
5493
- }
5494
- return { baseAccess, leafAccesses };
5495
- }
5496
- function resolveResourceAccess(scopes, resource) {
5497
- return resolveAccess(scopes, PERMISSIONS_BY_ROOM_RESOURCE[resource]);
5498
- }
5499
- function resolveAccess(scopes, permissions) {
5500
- let resourceAccess;
5501
- for (const access of ACCESS_LEVELS) {
5502
- const scopedPermissions = permissions[access];
5503
- if (scopedPermissions !== void 0 && scopedPermissions.some((permission) => scopes.includes(permission))) {
5504
- resourceAccess = access;
5505
- }
5506
- }
5507
- return resourceAccess;
5508
- }
5509
- function permissionMatrixFromResolvedScopes(resolved) {
5510
- if (resolved.baseAccess === void 0) {
5511
- return { ...NO_PERMISSION_MATRIX };
5512
- }
5513
- const matrix = {
5514
- ...NO_PERMISSION_MATRIX,
5515
- [BASE_PERMISSION_RESOURCE]: resolved.baseAccess,
5516
- personal: "write"
5517
- };
5518
- for (const resource of LEAF_ROOM_PERMISSION_RESOURCES) {
5519
- matrix[resource] = resolveLeafAccessFromSource(resolved, resource);
5520
- }
5521
- for (const resource of ROOM_PERMISSION_RESOURCES) {
5522
- if (childResourcesOf(resource).length > 0) {
5523
- let strongest = "none";
5524
- for (const leafResource of leafResourcesOf(resource)) {
5525
- strongest = strongestAccess(strongest, matrix[leafResource]);
5526
- }
5527
- matrix[resource] = strongest;
5528
- }
5529
- }
5530
- return matrix;
5531
- }
5532
- function resolveLeafAccessFromSource(source, resource) {
5533
- const access = source.leafAccesses[resource];
5534
- if (access !== void 0) {
5535
- return access;
5536
- }
5537
- return source.baseAccess ?? "none";
5538
- }
5539
- function pushResourcePermissions(scopes, matrix, resource, baseAccess) {
5540
- const childResources = childResourcesOf(resource);
5541
- if (childResources.length === 0) {
5542
- const access = matrix[resource];
5543
- if (access !== baseAccess) {
5544
- scopes.push(permissionForAccessLevel(resource, access));
5545
- }
5546
- return;
5547
- }
5548
- const leafResources = leafResourcesOf(resource);
5549
- let sharedAccess;
5550
- let allLeavesShareAccess = true;
5551
- for (const leafResource of leafResources) {
5552
- const access = matrix[leafResource];
5553
- sharedAccess ??= access;
5554
- if (access !== sharedAccess) {
5555
- allLeavesShareAccess = false;
5556
- break;
5557
- }
5558
- }
5559
- if (sharedAccess !== void 0 && sharedAccess !== baseAccess && allLeavesShareAccess) {
5560
- scopes.push(permissionForAccessLevel(resource, sharedAccess));
5561
- return;
5562
- }
5563
- for (const childResource of childResources) {
5564
- pushResourcePermissions(scopes, matrix, childResource, baseAccess);
5565
- }
5461
+ return permissionMatrixToScopes(
5462
+ permissionMatrixFromExplicitPermissions(merged)
5463
+ );
5566
5464
  }
5567
- function mergeResolvedScopesByHighestAccess(sources) {
5568
- const merged = {
5569
- leafAccesses: {}
5570
- };
5465
+ function mergeExplicitPermissionMatricesByHighestAccess(sources) {
5466
+ const merged = {};
5571
5467
  for (const source of sources) {
5572
- if (source.baseAccess !== void 0) {
5573
- merged.baseAccess = strongestAccess(
5574
- merged.baseAccess ?? "none",
5575
- source.baseAccess
5576
- );
5468
+ if (source.room !== void 0) {
5469
+ merged.room = strongestAccess(merged.room ?? "none", source.room);
5577
5470
  }
5578
- for (const resource of LEAF_ROOM_PERMISSION_RESOURCES) {
5579
- const sourceAccess = source.leafAccesses[resource];
5580
- if (sourceAccess === void 0) {
5581
- continue;
5471
+ for (const resource of ROOM_PERMISSION_RESOURCES) {
5472
+ const access = explicitAccessForResource(source, resource);
5473
+ if (access !== void 0) {
5474
+ merged[resource] = strongestAccess(merged[resource] ?? "none", access);
5582
5475
  }
5583
- merged.leafAccesses[resource] = strongestAccess(
5584
- merged.leafAccesses[resource] ?? "none",
5585
- sourceAccess
5586
- );
5587
5476
  }
5588
5477
  }
5589
5478
  return merged;
5590
5479
  }
5480
+ function explicitAccessForResource(source, resource) {
5481
+ return source[resource] ?? (isCommentVisibilityResource(resource) ? source.comments : void 0);
5482
+ }
5591
5483
  function permissionForAccessLevel(resource, access, field = resource) {
5592
- const permissions = resource === "room" ? BASE_PERMISSIONS_BY_ACCESS[access] : resource === "personal" ? void 0 : PERMISSIONS_BY_ROOM_RESOURCE[resource][access];
5484
+ const permissions = PERMISSIONS_BY_RESOURCE[resource][access];
5593
5485
  const permission = permissions?.[0];
5594
5486
  if (permission !== void 0) {
5595
5487
  return permission;
@@ -5601,21 +5493,43 @@ function permissionForAccessLevel(resource, access, field = resource) {
5601
5493
  function strongestAccess(left, right) {
5602
5494
  return ACCESS_LEVEL_RANKS[right] > ACCESS_LEVEL_RANKS[left] ? right : left;
5603
5495
  }
5604
- function leafResourcesOf(resource) {
5605
- return LEAF_ROOM_PERMISSION_RESOURCES_BY_PARENT.get(resource) ?? [];
5606
- }
5607
- function childResourcesOf(resource) {
5608
- return CHILD_ROOM_PERMISSION_RESOURCES.get(resource) ?? [];
5496
+ function roomPatternMatches(pattern, roomId) {
5497
+ if (pattern.includes("*")) {
5498
+ return roomId.startsWith(pattern.replace("*", ""));
5499
+ }
5500
+ return pattern === roomId;
5609
5501
  }
5610
- function parentResourceOf(resource) {
5611
- return PARENT_ROOM_PERMISSION_RESOURCES.get(resource);
5502
+ function roomPatternSpecificity(pattern) {
5503
+ return pattern.replace("*", "").length;
5612
5504
  }
5613
- function getLeafResources(resource) {
5614
- const childResources = childResourcesOf(resource);
5615
- if (childResources.length === 0) {
5616
- return [resource];
5505
+ function validatePermissionsSet(scopes) {
5506
+ const unknownScopes = scopes.filter((scope) => !VALID_PERMISSIONS.has(scope));
5507
+ if (unknownScopes.length > 0) {
5508
+ return `Unknown permission scope(s): ${unknownScopes.join(", ")}`;
5509
+ }
5510
+ const baseScopes = scopes.filter((scope) => basePermissionScopes.has(scope));
5511
+ if (baseScopes.length !== 1) {
5512
+ return `Permissions must include exactly one of ${Permission.Read}, ${Permission.Write} (or the legacy aliases ${Permission.RoomRead}, ${Permission.RoomWrite}), got ${baseScopes.length === 0 ? "none" : baseScopes.join(", ")}`;
5617
5513
  }
5618
- return childResources.flatMap(getLeafResources);
5514
+ const seenFeatures = /* @__PURE__ */ new Set();
5515
+ for (const scope of scopes) {
5516
+ if (basePermissionScopes.has(scope) || scope === Permission.LegacyRoomPresenceWrite) {
5517
+ continue;
5518
+ }
5519
+ const feature = permissionFeature(scope);
5520
+ if (seenFeatures.has(feature)) {
5521
+ return `Permissions can include at most one scope per feature, got multiple "${feature}" scopes`;
5522
+ }
5523
+ seenFeatures.add(feature);
5524
+ }
5525
+ return true;
5526
+ }
5527
+ function permissionFeature(scope) {
5528
+ const accessSeparatorIndex = scope.lastIndexOf(":");
5529
+ return accessSeparatorIndex === -1 ? scope : scope.slice(0, accessSeparatorIndex);
5530
+ }
5531
+ function isCommentVisibilityResource(resource) {
5532
+ return resource.startsWith("comments:");
5619
5533
  }
5620
5534
 
5621
5535
  // src/protocol/AuthToken.ts
@@ -5804,7 +5718,10 @@ function cachedTokenSatisfiesRequest(cachedToken, request) {
5804
5718
  cachedToken.permissions ?? [],
5805
5719
  request.roomId
5806
5720
  );
5807
- return matrix !== void 0 && hasPermissionAccess(matrix, request.resource, request.access);
5721
+ if (matrix === void 0) {
5722
+ return false;
5723
+ }
5724
+ return hasPermissionAccess(matrix, request.resource, request.access);
5808
5725
  }
5809
5726
  function prepareAuthentication(authOptions) {
5810
5727
  const { publicApiKey, authEndpoint } = authOptions;
@@ -8662,7 +8579,7 @@ var LiveObject = class _LiveObject extends AbstractCrdt {
8662
8579
  const preciseSize = new TextEncoder().encode(jsonString).length;
8663
8580
  if (preciseSize > MAX_LIVE_OBJECT_SIZE) {
8664
8581
  throw new Error(
8665
- `LiveObject size exceeded limit: ${preciseSize} bytes > ${MAX_LIVE_OBJECT_SIZE} bytes. See https://liveblocks.io/docs/platform/limits#Liveblocks-Storage-limits`
8582
+ `LiveObject size exceeded limit: ${preciseSize} bytes > ${MAX_LIVE_OBJECT_SIZE} bytes. See https://liveblocks.io/docs/pricing/limits#Other-limits`
8666
8583
  );
8667
8584
  }
8668
8585
  }
@@ -11605,6 +11522,7 @@ function createRoom(options, config) {
11605
11522
  yjsProviderDidChange: context.yjsProviderDidChange.observable,
11606
11523
  // send metadata when using a text editor
11607
11524
  reportTextEditor,
11525
+ getPermissionMatrix: () => context.dynamicSessionInfoSig.get()?.permissionMatrix,
11608
11526
  // create a text mention when using a text editor
11609
11527
  createTextMention,
11610
11528
  // delete a text mention when using a text editor