npm - @lssm/lib.identity-rbac - Versions diffs - 0.0.0-canary-20251206160926 - Mend

@lssm/lib.identity-rbac 0.0.0-canary-20251206160926

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (128) hide show

package/dist/contracts/organization.js ADDED Viewed

@@ -0,0 +1 @@

+ import{l as e}from"../schema/dist/ScalarTypeEnum.js";import{t}from"../schema/dist/SchemaModel.js";import"../schema/dist/index.js";import{n,t as r}from"./dist/spec.js";import"./dist/index.js";import{SuccessResultModel as i}from"./user.js";const a=[`platform.identity-rbac`],o=new t({name:`Organization`,description:`Organization details`,fields:{id:{type:e.String_unsecure(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!1},slug:{type:e.String_unsecure(),isOptional:!0},logo:{type:e.URL(),isOptional:!0},description:{type:e.String_unsecure(),isOptional:!0},type:{type:e.String_unsecure(),isOptional:!1},onboardingCompleted:{type:e.Boolean(),isOptional:!1},createdAt:{type:e.DateTime(),isOptional:!1}}}),s=new t({name:`MemberUser`,description:`Basic user info within a member`,fields:{id:{type:e.String_unsecure(),isOptional:!1},email:{type:e.EmailAddress(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!0}}}),c=new t({name:`Member`,description:`Organization member`,fields:{id:{type:e.String_unsecure(),isOptional:!1},userId:{type:e.String_unsecure(),isOptional:!1},organizationId:{type:e.String_unsecure(),isOptional:!1},role:{type:e.String_unsecure(),isOptional:!1},createdAt:{type:e.DateTime(),isOptional:!1},user:{type:s,isOptional:!1}}}),l=new t({name:`Invitation`,description:`Organization invitation`,fields:{id:{type:e.String_unsecure(),isOptional:!1},email:{type:e.EmailAddress(),isOptional:!1},role:{type:e.String_unsecure(),isOptional:!0},status:{type:e.String_unsecure(),isOptional:!1},expiresAt:{type:e.DateTime(),isOptional:!0},createdAt:{type:e.DateTime(),isOptional:!1}}}),u=new t({name:`CreateOrgInput`,description:`Input for creating an organization`,fields:{name:{type:e.NonEmptyString(),isOptional:!1},slug:{type:e.String_unsecure(),isOptional:!0},description:{type:e.String_unsecure(),isOptional:!0},type:{type:e.String_unsecure(),isOptional:!0}}}),d=new t({name:`GetOrgInput`,description:`Input for getting an organization`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1}}}),f=new t({name:`UpdateOrgInput`,description:`Input for updating an organization`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!0},slug:{type:e.String_unsecure(),isOptional:!0},logo:{type:e.URL(),isOptional:!0},description:{type:e.String_unsecure(),isOptional:!0}}}),p=new t({name:`InviteMemberInput`,description:`Input for inviting a member`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1},email:{type:e.EmailAddress(),isOptional:!1},role:{type:e.String_unsecure(),isOptional:!1},teamId:{type:e.String_unsecure(),isOptional:!0}}}),m=new t({name:`AcceptInviteInput`,description:`Input for accepting an invitation`,fields:{invitationId:{type:e.String_unsecure(),isOptional:!1}}}),h=new t({name:`RemoveMemberInput`,description:`Input for removing a member`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1},userId:{type:e.String_unsecure(),isOptional:!1}}}),g=new t({name:`MemberRemovedPayload`,description:`Payload for member removed event`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1},userId:{type:e.String_unsecure(),isOptional:!1}}}),_=new t({name:`ListMembersInput`,description:`Input for listing members`,fields:{orgId:{type:e.String_unsecure(),isOptional:!1},limit:{type:e.Int_unsecure(),isOptional:!0},offset:{type:e.Int_unsecure(),isOptional:!0}}}),v=new t({name:`ListMembersOutput`,description:`Output for listing members`,fields:{members:{type:c,isOptional:!1,isArray:!0},total:{type:e.Int_unsecure(),isOptional:!1}}}),y=new t({name:`OrganizationWithRole`,description:`Organization with user role`,fields:{id:{type:e.String_unsecure(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!1},slug:{type:e.String_unsecure(),isOptional:!0},logo:{type:e.URL(),isOptional:!0},description:{type:e.String_unsecure(),isOptional:!0},type:{type:e.String_unsecure(),isOptional:!1},onboardingCompleted:{type:e.Boolean(),isOptional:!1},createdAt:{type:e.DateTime(),isOptional:!1},role:{type:e.String_unsecure(),isOptional:!1}}}),b=new t({name:`ListUserOrgsOutput`,description:`Output for listing user organizations`,fields:{organizations:{type:y,isOptional:!1,isArray:!0}}}),x=r({meta:{name:`identity.org.create`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`create`],description:`Create a new organization.`,goal:`Allow users to create new organizations/workspaces.`,context:`Called during onboarding or when creating additional workspaces.`},io:{input:u,output:o,errors:{SLUG_EXISTS:{description:`An organization with this slug already exists`,http:409,gqlCode:`SLUG_EXISTS`,when:`Slug is already taken`}}},policy:{auth:`user`},sideEffects:{emits:[{name:`org.created`,version:1,when:`Organization is created`,payload:o}],audit:[`org.created`]}}),S=n({meta:{name:`identity.org.get`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`get`],description:`Get organization details.`,goal:`Retrieve organization information.`,context:`Called when viewing organization settings or dashboard.`},io:{input:d,output:o},policy:{auth:`user`}}),C=r({meta:{name:`identity.org.update`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`update`],description:`Update organization details.`,goal:`Allow org admins to update organization settings.`,context:`Organization settings page.`},io:{input:f,output:o},policy:{auth:`user`},sideEffects:{emits:[{name:`org.updated`,version:1,when:`Organization is updated`,payload:o}],audit:[`org.updated`]}}),w=r({meta:{name:`identity.org.invite`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`invite`,`member`],description:`Invite a user to join the organization.`,goal:`Allow org admins to invite new members.`,context:`Team management. Sends invitation email.`},io:{input:p,output:l,errors:{ALREADY_MEMBER:{description:`User is already a member of this organization`,http:409,gqlCode:`ALREADY_MEMBER`,when:`Invitee is already a member`},INVITE_PENDING:{description:`An invitation for this email is already pending`,http:409,gqlCode:`INVITE_PENDING`,when:`Active invitation exists`}}},policy:{auth:`user`},sideEffects:{emits:[{name:`org.invite.sent`,version:1,when:`Invitation is sent`,payload:l}],audit:[`org.invite.sent`]}}),T=r({meta:{name:`identity.org.invite.accept`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`invite`,`accept`],description:`Accept an organization invitation.`,goal:`Allow users to join organizations via invitation.`,context:`Called from invitation email link.`},io:{input:m,output:c,errors:{INVITE_EXPIRED:{description:`The invitation has expired`,http:410,gqlCode:`INVITE_EXPIRED`,when:`Invitation is past expiry date`},INVITE_USED:{description:`The invitation has already been used`,http:409,gqlCode:`INVITE_USED`,when:`Invitation was already accepted`}}},policy:{auth:`user`},sideEffects:{emits:[{name:`org.member.added`,version:1,when:`Member joins org`,payload:c}],audit:[`org.member.added`]}}),E=r({meta:{name:`identity.org.member.remove`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`member`,`remove`],description:`Remove a member from the organization.`,goal:`Allow org admins to remove members.`,context:`Team management.`},io:{input:h,output:i,errors:{CANNOT_REMOVE_OWNER:{description:`Cannot remove the organization owner`,http:403,gqlCode:`CANNOT_REMOVE_OWNER`,when:`Target is the org owner`}}},policy:{auth:`user`},sideEffects:{emits:[{name:`org.member.removed`,version:1,when:`Member is removed`,payload:g}],audit:[`org.member.removed`]}}),D=n({meta:{name:`identity.org.members.list`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`member`,`list`],description:`List organization members.`,goal:`View all members of an organization.`,context:`Team management page.`},io:{input:_,output:v},policy:{auth:`user`}}),O=n({meta:{name:`identity.org.list`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`org`,`list`],description:`List organizations the current user belongs to.`,goal:`Show user their organizations for workspace switching.`,context:`Workspace switcher, org selection.`},io:{input:null,output:b},policy:{auth:`user`}});export{T as AcceptInviteContract,m as AcceptInviteInputModel,x as CreateOrgContract,u as CreateOrgInputModel,S as GetOrgContract,d as GetOrgInputModel,l as InvitationModel,w as InviteMemberContract,p as InviteMemberInputModel,D as ListMembersContract,_ as ListMembersInputModel,v as ListMembersOutputModel,O as ListUserOrgsContract,b as ListUserOrgsOutputModel,c as MemberModel,g as MemberRemovedPayloadModel,s as MemberUserModel,o as OrganizationModel,y as OrganizationWithRoleModel,E as RemoveMemberContract,h as RemoveMemberInputModel,C as UpdateOrgContract,f as UpdateOrgInputModel};

package/dist/contracts/rbac.d.ts ADDED Viewed

@@ -0,0 +1,611 @@
+import * as _lssm_lib_schema300 from "@lssm/lib.schema";
+import { SchemaModel } from "@lssm/lib.schema";
+import * as _lssm_lib_contracts29 from "@lssm/lib.contracts";
+//#region src/contracts/rbac.d.ts
+declare const RoleModel: SchemaModel<{
+  id: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+  createdAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: false;
+  };
+}>;
+declare const PolicyBindingModel: SchemaModel<{
+  id: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetType: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  expiresAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: true;
+  };
+  createdAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: false;
+  };
+  role: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+  };
+}>;
+declare const PermissionCheckResultModel: SchemaModel<{
+  allowed: {
+    type: _lssm_lib_schema300.FieldType<boolean, boolean>;
+    isOptional: false;
+  };
+  reason: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  matchedRole: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+}>;
+declare const CreateRoleInputModel: SchemaModel<{
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+}>;
+declare const UpdateRoleInputModel: SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+    isArray: true;
+  };
+}>;
+declare const DeleteRoleInputModel: SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>;
+declare const ListRolesOutputModel: SchemaModel<{
+  roles: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+    isArray: true;
+  };
+}>;
+declare const AssignRoleInputModel: SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetType: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  expiresAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: true;
+  };
+}>;
+declare const RevokeRoleInputModel: SchemaModel<{
+  bindingId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>;
+declare const BindingIdPayloadModel: SchemaModel<{
+  bindingId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>;
+declare const CheckPermissionInputModel: SchemaModel<{
+  userId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  orgId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permission: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>;
+declare const ListUserPermissionsInputModel: SchemaModel<{
+  userId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  orgId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+}>;
+declare const ListUserPermissionsOutputModel: SchemaModel<{
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+  roles: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+    isArray: true;
+  };
+}>;
+/**
+ * Create a new role.
+ */
+declare const CreateRoleContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+}>, SchemaModel<{
+  id: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+  createdAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: false;
+  };
+}>, undefined>;
+/**
+ * Update a role.
+ */
+declare const UpdateRoleContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+    isArray: true;
+  };
+}>, SchemaModel<{
+  id: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  name: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  description: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+  createdAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: false;
+  };
+}>, undefined>;
+/**
+ * Delete a role.
+ */
+declare const DeleteRoleContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>, SchemaModel<{
+  success: {
+    type: _lssm_lib_schema300.FieldType<boolean, boolean>;
+    isOptional: false;
+  };
+}>, undefined>;
+/**
+ * List all roles.
+ */
+declare const ListRolesContract: _lssm_lib_contracts29.ContractSpec<_lssm_lib_schema300.AnySchemaModel, SchemaModel<{
+  roles: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+    isArray: true;
+  };
+}>, undefined>;
+/**
+ * Assign a role to a user or organization.
+ */
+declare const AssignRoleContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetType: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  expiresAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: true;
+  };
+}>, SchemaModel<{
+  id: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  roleId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetType: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  targetId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  expiresAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: true;
+  };
+  createdAt: {
+    type: _lssm_lib_schema300.FieldType<Date, string>;
+    isOptional: false;
+  };
+  role: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+  };
+}>, {
+  name: string;
+  version: number;
+  when: string;
+  payload: SchemaModel<{
+    id: {
+      type: _lssm_lib_schema300.FieldType<string, string>;
+      isOptional: false;
+    };
+    roleId: {
+      type: _lssm_lib_schema300.FieldType<string, string>;
+      isOptional: false;
+    };
+    targetType: {
+      type: _lssm_lib_schema300.FieldType<string, string>;
+      isOptional: false;
+    };
+    targetId: {
+      type: _lssm_lib_schema300.FieldType<string, string>;
+      isOptional: false;
+    };
+    expiresAt: {
+      type: _lssm_lib_schema300.FieldType<Date, string>;
+      isOptional: true;
+    };
+    createdAt: {
+      type: _lssm_lib_schema300.FieldType<Date, string>;
+      isOptional: false;
+    };
+    role: {
+      type: SchemaModel<{
+        id: {
+          type: _lssm_lib_schema300.FieldType<string, string>;
+          isOptional: false;
+        };
+        name: {
+          type: _lssm_lib_schema300.FieldType<string, string>;
+          isOptional: false;
+        };
+        description: {
+          type: _lssm_lib_schema300.FieldType<string, string>;
+          isOptional: true;
+        };
+        permissions: {
+          type: _lssm_lib_schema300.FieldType<string, string>;
+          isOptional: false;
+          isArray: true;
+        };
+        createdAt: {
+          type: _lssm_lib_schema300.FieldType<Date, string>;
+          isOptional: false;
+        };
+      }>;
+      isOptional: false;
+    };
+  }>;
+}[]>;
+/**
+ * Revoke a role from a user or organization.
+ */
+declare const RevokeRoleContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  bindingId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>, SchemaModel<{
+  success: {
+    type: _lssm_lib_schema300.FieldType<boolean, boolean>;
+    isOptional: false;
+  };
+}>, {
+  name: string;
+  version: number;
+  when: string;
+  payload: SchemaModel<{
+    bindingId: {
+      type: _lssm_lib_schema300.FieldType<string, string>;
+      isOptional: false;
+    };
+  }>;
+}[]>;
+/**
+ * Check if a user has a specific permission.
+ */
+declare const CheckPermissionContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  userId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  orgId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  permission: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+}>, SchemaModel<{
+  allowed: {
+    type: _lssm_lib_schema300.FieldType<boolean, boolean>;
+    isOptional: false;
+  };
+  reason: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+  matchedRole: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+}>, undefined>;
+/**
+ * List permissions for a user.
+ */
+declare const ListUserPermissionsContract: _lssm_lib_contracts29.ContractSpec<SchemaModel<{
+  userId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+  };
+  orgId: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: true;
+  };
+}>, SchemaModel<{
+  permissions: {
+    type: _lssm_lib_schema300.FieldType<string, string>;
+    isOptional: false;
+    isArray: true;
+  };
+  roles: {
+    type: SchemaModel<{
+      id: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      name: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+      };
+      description: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: true;
+      };
+      permissions: {
+        type: _lssm_lib_schema300.FieldType<string, string>;
+        isOptional: false;
+        isArray: true;
+      };
+      createdAt: {
+        type: _lssm_lib_schema300.FieldType<Date, string>;
+        isOptional: false;
+      };
+    }>;
+    isOptional: false;
+    isArray: true;
+  };
+}>, undefined>;
+//#endregion
+export { AssignRoleContract, AssignRoleInputModel, BindingIdPayloadModel, CheckPermissionContract, CheckPermissionInputModel, CreateRoleContract, CreateRoleInputModel, DeleteRoleContract, DeleteRoleInputModel, ListRolesContract, ListRolesOutputModel, ListUserPermissionsContract, ListUserPermissionsInputModel, ListUserPermissionsOutputModel, PermissionCheckResultModel, PolicyBindingModel, RevokeRoleContract, RevokeRoleInputModel, RoleModel, UpdateRoleContract, UpdateRoleInputModel };

package/dist/contracts/rbac.js ADDED Viewed

@@ -0,0 +1 @@

+ import{l as e}from"../schema/dist/ScalarTypeEnum.js";import{t}from"../schema/dist/SchemaModel.js";import"../schema/dist/index.js";import{n,t as r}from"./dist/spec.js";import"./dist/index.js";import{SuccessResultModel as i}from"./user.js";const a=[`platform.identity-rbac`],o=new t({name:`Role`,description:`RBAC role definition`,fields:{id:{type:e.String_unsecure(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!1},description:{type:e.String_unsecure(),isOptional:!0},permissions:{type:e.String_unsecure(),isOptional:!1,isArray:!0},createdAt:{type:e.DateTime(),isOptional:!1}}}),s=new t({name:`PolicyBinding`,description:`Role assignment to a target`,fields:{id:{type:e.String_unsecure(),isOptional:!1},roleId:{type:e.String_unsecure(),isOptional:!1},targetType:{type:e.String_unsecure(),isOptional:!1},targetId:{type:e.String_unsecure(),isOptional:!1},expiresAt:{type:e.DateTime(),isOptional:!0},createdAt:{type:e.DateTime(),isOptional:!1},role:{type:o,isOptional:!1}}}),c=new t({name:`PermissionCheckResult`,description:`Result of a permission check`,fields:{allowed:{type:e.Boolean(),isOptional:!1},reason:{type:e.String_unsecure(),isOptional:!0},matchedRole:{type:e.String_unsecure(),isOptional:!0}}}),l=new t({name:`CreateRoleInput`,description:`Input for creating a role`,fields:{name:{type:e.NonEmptyString(),isOptional:!1},description:{type:e.String_unsecure(),isOptional:!0},permissions:{type:e.String_unsecure(),isOptional:!1,isArray:!0}}}),u=new t({name:`UpdateRoleInput`,description:`Input for updating a role`,fields:{roleId:{type:e.String_unsecure(),isOptional:!1},name:{type:e.String_unsecure(),isOptional:!0},description:{type:e.String_unsecure(),isOptional:!0},permissions:{type:e.String_unsecure(),isOptional:!0,isArray:!0}}}),d=new t({name:`DeleteRoleInput`,description:`Input for deleting a role`,fields:{roleId:{type:e.String_unsecure(),isOptional:!1}}}),f=new t({name:`ListRolesOutput`,description:`Output for listing roles`,fields:{roles:{type:o,isOptional:!1,isArray:!0}}}),p=new t({name:`AssignRoleInput`,description:`Input for assigning a role`,fields:{roleId:{type:e.String_unsecure(),isOptional:!1},targetType:{type:e.String_unsecure(),isOptional:!1},targetId:{type:e.String_unsecure(),isOptional:!1},expiresAt:{type:e.DateTime(),isOptional:!0}}}),m=new t({name:`RevokeRoleInput`,description:`Input for revoking a role`,fields:{bindingId:{type:e.String_unsecure(),isOptional:!1}}}),h=new t({name:`BindingIdPayload`,description:`Payload with binding ID`,fields:{bindingId:{type:e.String_unsecure(),isOptional:!1}}}),g=new t({name:`CheckPermissionInput`,description:`Input for checking a permission`,fields:{userId:{type:e.String_unsecure(),isOptional:!1},orgId:{type:e.String_unsecure(),isOptional:!0},permission:{type:e.String_unsecure(),isOptional:!1}}}),_=new t({name:`ListUserPermissionsInput`,description:`Input for listing user permissions`,fields:{userId:{type:e.String_unsecure(),isOptional:!1},orgId:{type:e.String_unsecure(),isOptional:!0}}}),v=new t({name:`ListUserPermissionsOutput`,description:`Output for listing user permissions`,fields:{permissions:{type:e.String_unsecure(),isOptional:!1,isArray:!0},roles:{type:o,isOptional:!1,isArray:!0}}}),y=r({meta:{name:`identity.rbac.role.create`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`role`,`create`],description:`Create a new role with permissions.`,goal:`Allow admins to define custom roles.`,context:`Role management in admin settings.`},io:{input:l,output:o,errors:{ROLE_EXISTS:{description:`A role with this name already exists`,http:409,gqlCode:`ROLE_EXISTS`,when:`Role name is taken`}}},policy:{auth:`admin`},sideEffects:{audit:[`role.created`]}}),b=r({meta:{name:`identity.rbac.role.update`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`role`,`update`],description:`Update an existing role.`,goal:`Allow admins to modify role permissions.`,context:`Role management in admin settings.`},io:{input:u,output:o},policy:{auth:`admin`},sideEffects:{audit:[`role.updated`]}}),x=r({meta:{name:`identity.rbac.role.delete`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`role`,`delete`],description:`Delete an existing role.`,goal:`Allow admins to remove unused roles.`,context:`Role management. Removes all policy bindings using this role.`},io:{input:d,output:i,errors:{ROLE_IN_USE:{description:`Role is still assigned to users or organizations`,http:409,gqlCode:`ROLE_IN_USE`,when:`Role has active bindings`}}},policy:{auth:`admin`},sideEffects:{audit:[`role.deleted`]}}),S=n({meta:{name:`identity.rbac.role.list`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`role`,`list`],description:`List all available roles.`,goal:`Show available roles for assignment.`,context:`Role assignment UI.`},io:{input:null,output:f},policy:{auth:`user`}}),C=r({meta:{name:`identity.rbac.assign`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`assign`],description:`Assign a role to a user or organization.`,goal:`Grant permissions via role assignment.`,context:`User/org permission management.`},io:{input:p,output:s,errors:{ROLE_NOT_FOUND:{description:`The specified role does not exist`,http:404,gqlCode:`ROLE_NOT_FOUND`,when:`Role ID is invalid`},ALREADY_ASSIGNED:{description:`This role is already assigned to the target`,http:409,gqlCode:`ALREADY_ASSIGNED`,when:`Binding already exists`}}},policy:{auth:`admin`},sideEffects:{emits:[{name:`role.assigned`,version:1,when:`Role is assigned`,payload:s}],audit:[`role.assigned`]}}),w=r({meta:{name:`identity.rbac.revoke`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`revoke`],description:`Revoke a role from a user or organization.`,goal:`Remove permissions via role revocation.`,context:`User/org permission management.`},io:{input:m,output:i,errors:{BINDING_NOT_FOUND:{description:`The policy binding does not exist`,http:404,gqlCode:`BINDING_NOT_FOUND`,when:`Binding ID is invalid`}}},policy:{auth:`admin`},sideEffects:{emits:[{name:`role.revoked`,version:1,when:`Role is revoked`,payload:h}],audit:[`role.revoked`]}}),T=n({meta:{name:`identity.rbac.check`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`check`,`permission`],description:`Check if a user has a specific permission.`,goal:`Authorization check before sensitive operations.`,context:`Called by other services to verify permissions.`},io:{input:g,output:c},policy:{auth:`user`}}),E=n({meta:{name:`identity.rbac.permissions`,version:1,stability:`stable`,owners:[...a],tags:[`identity`,`rbac`,`permissions`,`user`],description:`List all permissions for a user in a context.`,goal:`Show what a user can do in an org.`,context:`UI permission display, debugging.`},io:{input:_,output:v},policy:{auth:`user`}});export{C as AssignRoleContract,p as AssignRoleInputModel,h as BindingIdPayloadModel,T as CheckPermissionContract,g as CheckPermissionInputModel,y as CreateRoleContract,l as CreateRoleInputModel,x as DeleteRoleContract,d as DeleteRoleInputModel,S as ListRolesContract,f as ListRolesOutputModel,E as ListUserPermissionsContract,_ as ListUserPermissionsInputModel,v as ListUserPermissionsOutputModel,c as PermissionCheckResultModel,s as PolicyBindingModel,w as RevokeRoleContract,m as RevokeRoleInputModel,o as RoleModel,b as UpdateRoleContract,u as UpdateRoleInputModel};