npm - @memberjunction/core-entities - Versions diffs - 5.28.0 → 5.30.0 - Mend

@memberjunction/core-entities 5.28.0 → 5.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/custom/PermissionProviders/CollectionPermissionProvider.js ADDED Viewed

@@ -0,0 +1,220 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { PermissionProviderBase, } from '@memberjunction/core';
+import { RegisterClass, UUIDsEqual } from '@memberjunction/global';
+/**
+ * Wraps the `MJ: Collection Permissions` table behind the unified
+ * {@link PermissionProviderBase} contract. Collection permissions are user-only
+ * and cover Read / Update / Delete / Share.
+ *
+ * Collection-to-artifact cascade is handled by downstream consumers (the Sharing
+ * Center's Resource Access Report combines Collection + Artifact results); this
+ * provider only reports direct Collection grants.
+ *
+ * `resourceType` is `"Collections"`. `resourceId` is the collection ID.
+ */
+let CollectionPermissionProvider = class CollectionPermissionProvider extends PermissionProviderBase {
+    constructor() {
+        super(...arguments);
+        this.DomainName = 'Collection Permissions';
+        this.Description = 'User-level sharing permissions on artifact collections (Read/Update/Delete/Share)';
+        this.SupportedGranteeTypes = ['User'];
+        this.SupportedActions = ['Read', 'Update', 'Delete', 'Share'];
+        this.SupportsDeny = false;
+    }
+    GetResourceTypes() {
+        return ['Collections'];
+    }
+    async CheckPermission(user, _resourceType, resourceId, action) {
+        if (!resourceId) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: 'Collection permissions require a specific collection ID',
+            };
+        }
+        const collection = await this.fetchCollection(resourceId);
+        if (collection?.OwnerID && UUIDsEqual(collection.OwnerID, user.ID)) {
+            return {
+                Allowed: true,
+                DomainName: this.DomainName,
+                Reason: `User is the collection owner`,
+            };
+        }
+        const row = await this.fetchPermissionForUser(resourceId, user.ID);
+        const actions = this.toActions(row);
+        const allowed = actions.includes(action);
+        return {
+            Allowed: allowed,
+            DomainName: this.DomainName,
+            Reason: allowed
+                ? `User has ${action} via direct collection permission`
+                : `User has no ${action} permission on collection '${resourceId}'`,
+        };
+    }
+    async GetEffectivePermissions(user, _resourceType, resourceId) {
+        const collection = await this.fetchCollection(resourceId);
+        // Owner path — synthetic full-access row
+        if (collection?.OwnerID && UUIDsEqual(collection.OwnerID, user.ID)) {
+            return [this.buildNormalizedPermission({
+                    resourceType: 'Collections', resourceId, resourceName: collection.Name ?? undefined,
+                    granteeType: 'User', granteeId: user.ID, granteeName: user.Name,
+                    actions: ['Read', 'Update', 'Delete', 'Share'],
+                })];
+        }
+        const row = await this.fetchPermissionForUser(resourceId, user.ID);
+        if (!row)
+            return [];
+        const actions = this.toActions(row);
+        if (actions.length === 0)
+            return [];
+        return [this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId, resourceName: collection?.Name ?? undefined,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+                sourceRecordId: row.ID,
+            })];
+    }
+    async GetUserResources(user, resourceType) {
+        if (resourceType && resourceType !== 'Collections')
+            return [];
+        const directRows = await this.fetchRows('MJ: Collection Permissions', `UserID='${user.ID}'`, ['ID', 'CollectionID', 'UserID', 'CanRead', 'CanEdit', 'CanDelete', 'CanShare'], 'GetUserResources.direct');
+        const ownedRows = await this.fetchRows('MJ: Collections', `OwnerID='${user.ID}'`, ['ID', 'Name', 'OwnerID'], 'GetUserResources.owned');
+        const allCollectionIds = new Set([
+            ...directRows.map((r) => r.CollectionID),
+            ...ownedRows.map((c) => c.ID),
+        ]);
+        const nameMap = await this.bulkLookupNames('MJ: Collections', Array.from(allCollectionIds));
+        const results = [];
+        const ownedIds = new Set(ownedRows.map((c) => c.ID));
+        // Owner rows first (take priority — synthetic full permissions)
+        for (const c of ownedRows) {
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId: c.ID,
+                resourceName: c.Name ?? nameMap.get(c.ID),
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name,
+                actions: ['Read', 'Update', 'Delete', 'Share'],
+            }));
+        }
+        for (const row of directRows) {
+            if (ownedIds.has(row.CollectionID))
+                continue; // owner row supersedes direct grant
+            const actions = this.toActions(row);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId: row.CollectionID,
+                resourceName: nameMap.get(row.CollectionID),
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+                sourceRecordId: row.ID,
+            }));
+        }
+        return results;
+    }
+    /**
+     * CollectionPermission rows where this user is the grantee AND someone else is
+     * the grantor. Excludes collections the user owns and rows they created themselves.
+     */
+    async GetPermissionsSharedWithUser(grantee) {
+        // Which collections does the grantee own? We'll exclude those from the result.
+        const ownedRows = await this.fetchRows('MJ: Collections', `OwnerID='${grantee.ID}'`, ['ID', 'Name', 'OwnerID'], 'GetPermissionsSharedWithUser.owned');
+        const ownedIds = new Set(ownedRows.map((c) => c.ID));
+        const permRows = await this.fetchRows('MJ: Collection Permissions', `UserID='${grantee.ID}' AND (SharedByUserID IS NULL OR SharedByUserID <> '${grantee.ID}')`, ['ID', 'CollectionID', 'UserID', 'User', 'SharedByUserID', 'CanRead', 'CanEdit', 'CanDelete', 'CanShare'], 'GetPermissionsSharedWithUser');
+        const rows = permRows.filter((r) => !ownedIds.has(r.CollectionID));
+        if (rows.length === 0)
+            return [];
+        const nameMap = await this.bulkLookupNames('MJ: Collections', Array.from(new Set(rows.map((r) => r.CollectionID))));
+        const results = [];
+        for (const row of rows) {
+            const actions = this.toActions(row);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId: row.CollectionID,
+                resourceName: nameMap.get(row.CollectionID),
+                granteeType: 'User', granteeId: grantee.ID, granteeName: grantee.Name, actions,
+                sourceRecordId: row.ID,
+            }));
+        }
+        return results;
+    }
+    /**
+     * CollectionPermission rows this user **explicitly** granted (`SharedByUserID = grantor`).
+     * Implicit owner-shares (SharedByUserID IS NULL) are excluded because the Sharing
+     * Center's revoke flow can only delete rows where the current user is the explicit
+     * grantor.
+     */
+    async GetPermissionsGrantedByUser(grantor) {
+        const rows = await this.fetchRows('MJ: Collection Permissions', `SharedByUserID='${grantor.ID}'`, ['ID', 'CollectionID', 'UserID', 'User', 'SharedByUserID', 'CanRead', 'CanEdit', 'CanDelete', 'CanShare'], 'GetPermissionsGrantedByUser');
+        if (rows.length === 0)
+            return [];
+        const nameMap = await this.bulkLookupNames('MJ: Collections', Array.from(new Set(rows.map((r) => r.CollectionID))));
+        const results = [];
+        for (const row of rows) {
+            const actions = this.toActions(row);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId: row.CollectionID,
+                resourceName: nameMap.get(row.CollectionID),
+                granteeType: 'User', granteeId: row.UserID, granteeName: row.User ?? undefined,
+                actions, sourceRecordId: row.ID,
+            }));
+        }
+        return results;
+    }
+    async GetResourcePermissions(resourceType, resourceId) {
+        if (resourceType !== 'Collections')
+            return [];
+        const collection = await this.fetchCollection(resourceId);
+        const results = [];
+        if (collection?.OwnerID) {
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId, resourceName: collection.Name ?? undefined,
+                granteeType: 'User', granteeId: collection.OwnerID,
+                granteeName: collection.Owner ?? undefined,
+                actions: ['Read', 'Update', 'Delete', 'Share'],
+            }));
+        }
+        const rows = await this.fetchRows('MJ: Collection Permissions', `CollectionID='${resourceId}'`, ['ID', 'CollectionID', 'UserID', 'User', 'CanRead', 'CanEdit', 'CanDelete', 'CanShare'], 'GetResourcePermissions');
+        for (const row of rows) {
+            const actions = this.toActions(row);
+            if (actions.length === 0)
+                continue;
+            if (collection?.OwnerID && UUIDsEqual(collection.OwnerID, row.UserID))
+                continue; // already captured as owner
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Collections', resourceId, resourceName: collection?.Name ?? undefined,
+                granteeType: 'User', granteeId: row.UserID, granteeName: row.User ?? undefined,
+                actions, sourceRecordId: row.ID,
+            }));
+        }
+        return results;
+    }
+    async fetchPermissionForUser(collectionId, userId) {
+        const rows = await this.fetchRows('MJ: Collection Permissions', `CollectionID='${collectionId}' AND UserID='${userId}'`, ['ID', 'CollectionID', 'UserID', 'CanRead', 'CanEdit', 'CanDelete', 'CanShare'], 'fetchPermissionForUser');
+        return rows[0] ?? null;
+    }
+    async fetchCollection(collectionId) {
+        const rows = await this.fetchRows('MJ: Collections', `ID='${collectionId}'`, ['ID', 'Name', 'OwnerID', 'Owner'], 'fetchCollection');
+        return rows[0] ?? null;
+    }
+    toActions(row) {
+        if (!row)
+            return [];
+        return this.boolsToActions({
+            Read: row.CanRead,
+            Update: row.CanEdit,
+            Delete: row.CanDelete,
+            Share: row.CanShare,
+        });
+    }
+};
+CollectionPermissionProvider = __decorate([
+    RegisterClass(PermissionProviderBase, 'MJCollectionPermissionProvider')
+], CollectionPermissionProvider);
+export { CollectionPermissionProvider };
+//# sourceMappingURL=CollectionPermissionProvider.js.map

package/dist/custom/PermissionProviders/CollectionPermissionProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CollectionPermissionProvider.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/CollectionPermissionProvider.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAKH,sBAAsB,GAEzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAqBnE;;;;;;;;;;GAUG;AAEI,IAAM,4BAA4B,GAAlC,MAAM,4BAA6B,SAAQ,sBAAsB;IAAjE;;QACM,eAAU,GAAG,wBAAwB,CAAC;QACtC,gBAAW,GAAG,mFAAmF,CAAC;QAClG,0BAAqB,GAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,qBAAgB,GAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7E,iBAAY,GAAG,KAAK,CAAC;IA8PlC,CAAC;IA5PY,gBAAgB;QACrB,OAAO,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,eAAe,CACjB,IAAc,EACd,aAAqB,EACrB,UAAyB,EACzB,MAAwB;QAExB,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,yDAAyD;aACpE,CAAC;QACN,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC1D,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACjE,OAAO;gBACH,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,8BAA8B;aACzC,CAAC;QACN,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO;YACH,OAAO,EAAE,OAAO;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,OAAO;gBACX,CAAC,CAAC,YAAY,MAAM,mCAAmC;gBACvD,CAAC,CAAC,eAAe,MAAM,8BAA8B,UAAU,GAAG;SACzE,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAc,EAAE,aAAqB,EAAE,UAAkB;QACnF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAE1D,yCAAyC;QACzC,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC;oBACnC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,CAAC,IAAI,IAAI,SAAS;oBACnF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI;oBAC/D,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;iBACjD,CAAC,CAAC,CAAC;QACR,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACnE,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACnC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,IAAI,SAAS;gBACpF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;gBACxE,cAAc,EAAE,GAAG,CAAC,EAAE;aACzB,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAc,EAAE,YAAqB;QACxD,IAAI,YAAY,IAAI,YAAY,KAAK,aAAa;YAAE,OAAO,EAAE,CAAC;QAE9D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,SAAS,CACnC,4BAA4B,EAC5B,WAAW,IAAI,CAAC,EAAE,GAAG,EACrB,CAAC,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,EAC/E,yBAAyB,CAC5B,CAAC;QACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAClC,iBAAiB,EACjB,YAAY,IAAI,CAAC,EAAE,GAAG,EACtB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EACzB,wBAAwB,CAC3B,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAS;YACrC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC;YACxC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChC,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAE5F,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAErD,gEAAgE;QAChE,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC,EAAE;gBAC7C,YAAY,EAAE,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI;gBAC/D,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;aACjD,CAAC,CAAC,CAAC;QACR,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;gBAAE,SAAS,CAAC,oCAAoC;YAClF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,CAAC,YAAY;gBACzD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;gBAC3C,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;gBACxE,cAAc,EAAE,GAAG,CAAC,EAAE;aACzB,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;OAGG;IACM,KAAK,CAAC,4BAA4B,CAAC,OAAiB;QACzD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAClC,iBAAiB,EACjB,YAAY,OAAO,CAAC,EAAE,GAAG,EACzB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EACzB,oCAAoC,CACvC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAErD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CACjC,4BAA4B,EAC5B,WAAW,OAAO,CAAC,EAAE,uDAAuD,OAAO,CAAC,EAAE,IAAI,EAC1F,CAAC,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,EACzG,8BAA8B,CACjC,CAAC;QACF,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACnE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CACtC,iBAAiB,EACjB,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CACvD,CAAC;QAEF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,CAAC,YAAY;gBACzD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;gBAC3C,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO;gBAC9E,cAAc,EAAE,GAAG,CAAC,EAAE;aACzB,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACM,KAAK,CAAC,2BAA2B,CAAC,OAAiB;QACxD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,4BAA4B,EAC5B,mBAAmB,OAAO,CAAC,EAAE,GAAG,EAChC,CAAC,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,EACzG,6BAA6B,CAChC,CAAC;QACF,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CACtC,iBAAiB,EACjB,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CACvD,CAAC;QAEF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,CAAC,YAAY;gBACzD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;gBAC3C,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,IAAI,IAAI,SAAS;gBAC9E,OAAO,EAAE,cAAc,EAAE,GAAG,CAAC,EAAE;aAClC,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,UAAkB;QACjE,IAAI,YAAY,KAAK,aAAa;YAAE,OAAO,EAAE,CAAC;QAE9C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QAC1D,MAAM,OAAO,GAA2B,EAAE,CAAC;QAE3C,IAAI,UAAU,EAAE,OAAO,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,CAAC,IAAI,IAAI,SAAS;gBACnF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,OAAO;gBAClD,WAAW,EAAE,UAAU,CAAC,KAAK,IAAI,SAAS;gBAC1C,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;aACjD,CAAC,CAAC,CAAC;QACR,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,4BAA4B,EAC5B,iBAAiB,UAAU,GAAG,EAC9B,CAAC,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,EACvF,wBAAwB,CAC3B,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,IAAI,UAAU,EAAE,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS,CAAC,4BAA4B;YAC7G,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,IAAI,SAAS;gBACpF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,IAAI,IAAI,SAAS;gBAC9E,OAAO,EAAE,cAAc,EAAE,GAAG,CAAC,EAAE;aAClC,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,MAAc;QACrE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,4BAA4B,EAC5B,iBAAiB,YAAY,iBAAiB,MAAM,GAAG,EACvD,CAAC,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,EAC/E,wBAAwB,CAC3B,CAAC;QACF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,YAAoB;QAC9C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,iBAAiB,EACjB,OAAO,YAAY,GAAG,EACtB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,EAClC,iBAAiB,CACpB,CAAC;QACF,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC3B,CAAC;IAEO,SAAS,CAAC,GAA+C;QAC7D,IAAI,CAAC,GAAG;YAAE,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,cAAc,CAAC;YACvB,IAAI,EAAE,GAAG,CAAC,OAAO;YACjB,MAAM,EAAE,GAAG,CAAC,OAAO;YACnB,MAAM,EAAE,GAAG,CAAC,SAAS;YACrB,KAAK,EAAE,GAAG,CAAC,QAAQ;SACtB,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AAnQY,4BAA4B;IADxC,aAAa,CAAC,sBAAsB,EAAE,gCAAgC,CAAC;GAC3D,4BAA4B,CAmQxC"}

package/dist/custom/PermissionProviders/DashboardPermissionProvider.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { GranteeType, NormalizedPermission, PermissionAction, PermissionCheckResult, PermissionProviderBase, UserInfo } from '@memberjunction/core';
+/**
+ * Wraps {@link DashboardEngine.GetDashboardPermissions} behind the unified
+ * {@link PermissionProviderBase} contract. Dashboard permissions are user-only
+ * (no role grants), support Owner / direct / category-inherited sources, and
+ * cover Read / Update / Delete / Share.
+ *
+ * `resourceType` is always `"Dashboards"` (the entity name).
+ * `resourceId` is the dashboard ID.
+ *
+ * The backing {@link DashboardEngine} lazy-initializes via its own `@RegisterForStartup`
+ * decorator; this provider reads from it on demand so startup ordering between
+ * PermissionEngine and DashboardEngine doesn't matter — whichever configures last wins.
+ */
+export declare class DashboardPermissionProvider extends PermissionProviderBase {
+    readonly DomainName = "Dashboard Permissions";
+    readonly Description = "User-level sharing permissions on MJ dashboards; includes category-level inheritance and owner semantics";
+    readonly SupportedGranteeTypes: GranteeType[];
+    readonly SupportedActions: PermissionAction[];
+    readonly SupportsDeny = false;
+    GetResourceTypes(): string[];
+    CheckPermission(user: UserInfo, _resourceType: string, resourceId: string | null, action: PermissionAction): Promise<PermissionCheckResult>;
+    GetEffectivePermissions(user: UserInfo, _resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    GetUserResources(user: UserInfo, resourceType?: string): Promise<NormalizedPermission[]>;
+    /**
+     * Dashboards shared with `grantee` by someone else. Excludes dashboards the
+     * user owns and excludes permission rows the user created themselves.
+     *
+     * Permission rows whose dashboard no longer exists in the engine cache are
+     * skipped — covers the window between a DB cascade delete (cleaning up
+     * DashboardPermission rows) and the engine cache being refreshed.
+     */
+    GetPermissionsSharedWithUser(grantee: UserInfo): Promise<NormalizedPermission[]>;
+    /**
+     * Every DashboardPermission row where this user is the effective grantor —
+     * either explicitly (`SharedByUserID === grantor.ID`) or implicitly (the user
+     * owns the dashboard and `SharedByUserID` is NULL — legacy shape from before
+     * the grantor column was captured).
+     */
+    GetPermissionsGrantedByUser(grantor: UserInfo): Promise<NormalizedPermission[]>;
+    GetResourcePermissions(resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    private checkActionOnPermission;
+    private resolveActions;
+    private permRowActions;
+    private buildDashboardPermission;
+}
+//# sourceMappingURL=DashboardPermissionProvider.d.ts.map

package/dist/custom/PermissionProviders/DashboardPermissionProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"DashboardPermissionProvider.d.ts","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/DashboardPermissionProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,WAAW,EACX,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,sBAAsB,EACtB,QAAQ,EACX,MAAM,sBAAsB,CAAC;AAK9B;;;;;;;;;;;;GAYG;AACH,qBACa,2BAA4B,SAAQ,sBAAsB;IACnE,QAAQ,CAAC,UAAU,2BAA2B;IAC9C,QAAQ,CAAC,WAAW,8GAC2F;IAC/G,QAAQ,CAAC,qBAAqB,EAAE,WAAW,EAAE,CAAY;IACzD,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,CAAyC;IACtF,QAAQ,CAAC,YAAY,SAAS;IAErB,gBAAgB,IAAI,MAAM,EAAE;IAI/B,eAAe,CACjB,IAAI,EAAE,QAAQ,EACd,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,gBAAgB,GACzB,OAAO,CAAC,qBAAqB,CAAC;IAoB3B,uBAAuB,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IASnH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAkB9F;;;;;;;OAOG;IACY,4BAA4B,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA4B/F;;;;;OAKG;IACY,2BAA2B,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA6BxF,sBAAsB,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA6BvG,OAAO,CAAC,uBAAuB;IAe/B,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,cAAc;IAStB,OAAO,CAAC,wBAAwB;CAUnC"}

package/dist/custom/PermissionProviders/DashboardPermissionProvider.js ADDED Viewed

@@ -0,0 +1,218 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { PermissionProviderBase, } from '@memberjunction/core';
+import { RegisterClass, UUIDsEqual } from '@memberjunction/global';
+import { DashboardEngine } from '../../engines/dashboards.js';
+/**
+ * Wraps {@link DashboardEngine.GetDashboardPermissions} behind the unified
+ * {@link PermissionProviderBase} contract. Dashboard permissions are user-only
+ * (no role grants), support Owner / direct / category-inherited sources, and
+ * cover Read / Update / Delete / Share.
+ *
+ * `resourceType` is always `"Dashboards"` (the entity name).
+ * `resourceId` is the dashboard ID.
+ *
+ * The backing {@link DashboardEngine} lazy-initializes via its own `@RegisterForStartup`
+ * decorator; this provider reads from it on demand so startup ordering between
+ * PermissionEngine and DashboardEngine doesn't matter — whichever configures last wins.
+ */
+let DashboardPermissionProvider = class DashboardPermissionProvider extends PermissionProviderBase {
+    constructor() {
+        super(...arguments);
+        this.DomainName = 'Dashboard Permissions';
+        this.Description = 'User-level sharing permissions on MJ dashboards; includes category-level inheritance and owner semantics';
+        this.SupportedGranteeTypes = ['User'];
+        this.SupportedActions = ['Read', 'Update', 'Delete', 'Share'];
+        this.SupportsDeny = false;
+    }
+    GetResourceTypes() {
+        return ['Dashboards'];
+    }
+    async CheckPermission(user, _resourceType, resourceId, action) {
+        if (!resourceId) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: 'Dashboard permissions require a specific dashboard ID',
+            };
+        }
+        const perms = DashboardEngine.Instance.GetDashboardPermissions(resourceId, user.ID);
+        const allowed = this.checkActionOnPermission(perms, action);
+        return {
+            Allowed: allowed,
+            DomainName: this.DomainName,
+            Reason: allowed
+                ? `User has ${action} via ${perms.PermissionSource}`
+                : `User has no ${action} permission on dashboard '${resourceId}' (source: ${perms.PermissionSource})`,
+        };
+    }
+    async GetEffectivePermissions(user, _resourceType, resourceId) {
+        const perms = DashboardEngine.Instance.GetDashboardPermissions(resourceId, user.ID);
+        const actions = this.resolveActions(perms);
+        if (actions.length === 0)
+            return [];
+        return [this.buildDashboardPermission(resourceId, {
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+            })];
+    }
+    async GetUserResources(user, resourceType) {
+        if (resourceType && resourceType !== 'Dashboards')
+            return [];
+        const engine = DashboardEngine.Instance;
+        const results = [];
+        for (const dashboard of engine.Dashboards) {
+            const perms = engine.GetDashboardPermissions(dashboard.ID, user.ID);
+            const actions = this.resolveActions(perms);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Dashboards', resourceId: dashboard.ID, resourceName: dashboard.Name,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+            }));
+        }
+        return results;
+    }
+    /**
+     * Dashboards shared with `grantee` by someone else. Excludes dashboards the
+     * user owns and excludes permission rows the user created themselves.
+     *
+     * Permission rows whose dashboard no longer exists in the engine cache are
+     * skipped — covers the window between a DB cascade delete (cleaning up
+     * DashboardPermission rows) and the engine cache being refreshed.
+     */
+    async GetPermissionsSharedWithUser(grantee) {
+        const engine = DashboardEngine.Instance;
+        const dashboardsById = new Map(engine.Dashboards.map((d) => [d.ID, d]));
+        const ownedDashboardIds = new Set(engine.Dashboards
+            .filter((d) => d.UserID && UUIDsEqual(d.UserID, grantee.ID))
+            .map((d) => d.ID));
+        const results = [];
+        for (const perm of engine.DashboardPermissions) {
+            if (!UUIDsEqual(perm.UserID, grantee.ID))
+                continue;
+            const dashboard = dashboardsById.get(perm.DashboardID);
+            if (!dashboard)
+                continue;
+            if (ownedDashboardIds.has(perm.DashboardID))
+                continue;
+            if (perm.SharedByUserID && UUIDsEqual(perm.SharedByUserID, grantee.ID))
+                continue;
+            const actions = this.permRowActions(perm);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Dashboards', resourceId: perm.DashboardID, resourceName: dashboard.Name,
+                granteeType: 'User', granteeId: grantee.ID, granteeName: grantee.Name, actions,
+                sourceRecordId: perm.ID,
+            }));
+        }
+        return results;
+    }
+    /**
+     * Every DashboardPermission row where this user is the effective grantor —
+     * either explicitly (`SharedByUserID === grantor.ID`) or implicitly (the user
+     * owns the dashboard and `SharedByUserID` is NULL — legacy shape from before
+     * the grantor column was captured).
+     */
+    async GetPermissionsGrantedByUser(grantor) {
+        const engine = DashboardEngine.Instance;
+        const dashboardsById = new Map(engine.Dashboards.map((d) => [d.ID, d]));
+        const ownedDashboardIds = new Set(engine.Dashboards
+            .filter((d) => d.UserID && UUIDsEqual(d.UserID, grantor.ID))
+            .map((d) => d.ID));
+        const results = [];
+        for (const perm of engine.DashboardPermissions) {
+            const dashboard = dashboardsById.get(perm.DashboardID);
+            if (!dashboard)
+                continue;
+            const explicit = perm.SharedByUserID && UUIDsEqual(perm.SharedByUserID, grantor.ID);
+            const implicit = !perm.SharedByUserID && ownedDashboardIds.has(perm.DashboardID);
+            if (!explicit && !implicit)
+                continue;
+            if (UUIDsEqual(perm.UserID, grantor.ID))
+                continue;
+            const actions = this.permRowActions(perm);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Dashboards', resourceId: perm.DashboardID, resourceName: dashboard.Name,
+                granteeType: 'User', granteeId: perm.UserID, granteeName: perm.User, actions,
+                sourceRecordId: perm.ID,
+            }));
+        }
+        return results;
+    }
+    async GetResourcePermissions(resourceType, resourceId) {
+        if (resourceType !== 'Dashboards')
+            return [];
+        const engine = DashboardEngine.Instance;
+        const dashboard = engine.Dashboards.find((d) => UUIDsEqual(d.ID, resourceId));
+        if (!dashboard)
+            return [];
+        const results = [];
+        if (dashboard.UserID) {
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Dashboards', resourceId: dashboard.ID, resourceName: dashboard.Name,
+                granteeType: 'User', granteeId: dashboard.UserID, granteeName: dashboard.User,
+                actions: ['Read', 'Update', 'Delete', 'Share'],
+            }));
+        }
+        for (const perm of engine.DashboardPermissions.filter((p) => UUIDsEqual(p.DashboardID, resourceId))) {
+            const actions = this.permRowActions(perm);
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Dashboards', resourceId: dashboard.ID, resourceName: dashboard.Name,
+                granteeType: 'User', granteeId: perm.UserID, granteeName: perm.User, actions,
+                sourceRecordId: perm.ID,
+            }));
+        }
+        return results;
+    }
+    checkActionOnPermission(perms, action) {
+        switch (action) {
+            case 'Read':
+                return perms.CanRead;
+            case 'Update':
+                return perms.CanEdit;
+            case 'Delete':
+                return perms.CanDelete;
+            case 'Share':
+                return perms.CanShare;
+            default:
+                return false;
+        }
+    }
+    resolveActions(perms) {
+        return this.boolsToActions({
+            Read: perms.CanRead,
+            Update: perms.CanEdit,
+            Delete: perms.CanDelete,
+            Share: perms.CanShare,
+        });
+    }
+    permRowActions(perm) {
+        return this.boolsToActions({
+            Read: perm.CanRead,
+            Update: perm.CanEdit,
+            Delete: perm.CanDelete,
+            Share: perm.CanShare,
+        });
+    }
+    buildDashboardPermission(dashboardId, args) {
+        const dashboard = DashboardEngine.Instance.Dashboards.find((d) => UUIDsEqual(d.ID, dashboardId));
+        return this.buildNormalizedPermission({
+            resourceType: 'Dashboards', resourceId: dashboardId, resourceName: dashboard?.Name,
+            ...args,
+        });
+    }
+};
+DashboardPermissionProvider = __decorate([
+    RegisterClass(PermissionProviderBase, 'MJDashboardPermissionProvider')
+], DashboardPermissionProvider);
+export { DashboardPermissionProvider };
+//# sourceMappingURL=DashboardPermissionProvider.js.map

package/dist/custom/PermissionProviders/DashboardPermissionProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"DashboardPermissionProvider.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/DashboardPermissionProvider.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAKH,sBAAsB,GAEzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEnE,OAAO,EAAE,eAAe,EAA4B,MAAM,0BAA0B,CAAC;AAErF;;;;;;;;;;;;GAYG;AAEI,IAAM,2BAA2B,GAAjC,MAAM,2BAA4B,SAAQ,sBAAsB;IAAhE;;QACM,eAAU,GAAG,uBAAuB,CAAC;QACrC,gBAAW,GAChB,0GAA0G,CAAC;QACtG,0BAAqB,GAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,qBAAgB,GAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC7E,iBAAY,GAAG,KAAK,CAAC;IAyMlC,CAAC;IAvMY,gBAAgB;QACrB,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,eAAe,CACjB,IAAc,EACd,aAAqB,EACrB,UAAyB,EACzB,MAAwB;QAExB,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,uDAAuD;aAClE,CAAC;QACN,CAAC;QAED,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5D,OAAO;YACH,OAAO,EAAE,OAAO;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,OAAO;gBACX,CAAC,CAAC,YAAY,MAAM,QAAQ,KAAK,CAAC,gBAAgB,EAAE;gBACpD,CAAC,CAAC,eAAe,MAAM,6BAA6B,UAAU,cAAc,KAAK,CAAC,gBAAgB,GAAG;SAC5G,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAc,EAAE,aAAqB,EAAE,UAAkB;QACnF,MAAM,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,uBAAuB,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpF,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE;gBAC9C,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;aAC3E,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAc,EAAE,YAAqB;QACxD,IAAI,YAAY,IAAI,YAAY,KAAK,YAAY;YAAE,OAAO,EAAE,CAAC;QAE7D,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC;QACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,MAAM,CAAC,uBAAuB,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI;gBAClF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;aAC3E,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;;;;;OAOG;IACM,KAAK,CAAC,4BAA4B,CAAC,OAAiB;QACzD,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC;QACxC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC7B,MAAM,CAAC,UAAU;aACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;aAC3D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACxB,CAAC;QAEF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC7C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBAAE,SAAS;YACnD,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS;gBAAE,SAAS;YACzB,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;gBAAE,SAAS;YACtD,IAAI,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;gBAAE,SAAS;YAEjF,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI;gBACtF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,WAAW,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO;gBAC9E,cAAc,EAAE,IAAI,CAAC,EAAE;aAC1B,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACM,KAAK,CAAC,2BAA2B,CAAC,OAAiB;QACxD,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC;QACxC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAC7B,MAAM,CAAC,UAAU;aACZ,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;aAC3D,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACxB,CAAC;QAEF,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;YAC7C,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvD,IAAI,CAAC,SAAS;gBAAE,SAAS;YACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,IAAI,UAAU,CAAC,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YACpF,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjF,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACrC,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBAAE,SAAS;YAElD,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI;gBACtF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;gBAC5E,cAAc,EAAE,IAAI,CAAC,EAAE;aAC1B,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,UAAkB;QACjE,IAAI,YAAY,KAAK,YAAY;YAAE,OAAO,EAAE,CAAC;QAE7C,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC;QACxC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAC;QAE1B,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,SAAS,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI;gBAClF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,CAAC,IAAI;gBAC7E,OAAO,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC;aACjD,CAAC,CAAC,CAAC;QACR,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,EAAE,CAAC;YAClG,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,YAAY,EAAE,SAAS,CAAC,IAAI;gBAClF,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;gBAC5E,cAAc,EAAE,IAAI,CAAC,EAAE;aAC1B,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,uBAAuB,CAAC,KAA+B,EAAE,MAAwB;QACrF,QAAQ,MAAM,EAAE,CAAC;YACb,KAAK,MAAM;gBACP,OAAO,KAAK,CAAC,OAAO,CAAC;YACzB,KAAK,QAAQ;gBACT,OAAO,KAAK,CAAC,OAAO,CAAC;YACzB,KAAK,QAAQ;gBACT,OAAO,KAAK,CAAC,SAAS,CAAC;YAC3B,KAAK,OAAO;gBACR,OAAO,KAAK,CAAC,QAAQ,CAAC;YAC1B;gBACI,OAAO,KAAK,CAAC;QACrB,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,KAA+B;QAClD,OAAO,IAAI,CAAC,cAAc,CAAC;YACvB,IAAI,EAAE,KAAK,CAAC,OAAO;YACnB,MAAM,EAAE,KAAK,CAAC,OAAO;YACrB,MAAM,EAAE,KAAK,CAAC,SAAS;YACvB,KAAK,EAAE,KAAK,CAAC,QAAQ;SACxB,CAAC,CAAC;IACP,CAAC;IAEO,cAAc,CAAC,IAAmF;QACtG,OAAO,IAAI,CAAC,cAAc,CAAC;YACvB,IAAI,EAAE,IAAI,CAAC,OAAO;YAClB,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,MAAM,EAAE,IAAI,CAAC,SAAS;YACtB,KAAK,EAAE,IAAI,CAAC,QAAQ;SACvB,CAAC,CAAC;IACP,CAAC;IAEO,wBAAwB,CAC5B,WAAmB,EACnB,IAA+G;QAE/G,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC;QACjG,OAAO,IAAI,CAAC,yBAAyB,CAAC;YAClC,YAAY,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI;YAClF,GAAG,IAAI;SACV,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AA/MY,2BAA2B;IADvC,aAAa,CAAC,sBAAsB,EAAE,+BAA+B,CAAC;GAC1D,2BAA2B,CA+MvC"}

package/dist/custom/PermissionProviders/EntityPermissionProvider.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { GranteeType, NormalizedPermission, PermissionAction, PermissionCheckResult, PermissionProviderBase, UserInfo } from '@memberjunction/core';
+/**
+ * Wraps the {@link Metadata} + `EntityInfo.GetUserPermisions()` path behind the
+ * unified {@link PermissionProviderBase} contract. Entity permissions are role-only,
+ * additive (OR across roles), and cover the CRUD action set only.
+ *
+ * `resourceType` is the entity name (e.g., `"Users"`).
+ * `resourceId` is unused — entity permissions are domain-wide per entity, not per-row.
+ * Row-level filters are a separate concern handled by the RLS system.
+ */
+export declare class EntityPermissionProvider extends PermissionProviderBase {
+    readonly DomainName = "Entity Permissions";
+    readonly Description = "CRUD permissions on MJ entities, role-based with optional row-level security filters and explicit Allow/Deny rows";
+    readonly SupportedGranteeTypes: GranteeType[];
+    readonly SupportedActions: PermissionAction[];
+    readonly SupportsDeny = true;
+    GetResourceTypes(): string[];
+    CheckPermission(user: UserInfo, resourceType: string, _resourceId: string | null, action: PermissionAction): Promise<PermissionCheckResult>;
+    GetEffectivePermissions(user: UserInfo, resourceType: string, _resourceId: string): Promise<NormalizedPermission[]>;
+    GetUserResources(user: UserInfo, resourceType?: string): Promise<NormalizedPermission[]>;
+    GetResourcePermissions(resourceType: string, _resourceId: string): Promise<NormalizedPermission[]>;
+    private checkActionOnPermission;
+    private resolveActions;
+}
+//# sourceMappingURL=EntityPermissionProvider.d.ts.map

package/dist/custom/PermissionProviders/EntityPermissionProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"EntityPermissionProvider.d.ts","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/EntityPermissionProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EAGH,WAAW,EAEX,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,sBAAsB,EACtB,QAAQ,EACX,MAAM,sBAAsB,CAAC;AAG9B;;;;;;;;GAQG;AACH,qBACa,wBAAyB,SAAQ,sBAAsB;IAChE,QAAQ,CAAC,UAAU,wBAAwB;IAC3C,QAAQ,CAAC,WAAW,uHAAuH;IAC3I,QAAQ,CAAC,qBAAqB,EAAE,WAAW,EAAE,CAAY;IACzD,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,CAA0C;IACvF,QAAQ,CAAC,YAAY,QAAQ;IAEpB,gBAAgB,IAAI,MAAM,EAAE;IAK/B,eAAe,CACjB,IAAI,EAAE,QAAQ,EACd,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,MAAM,EAAE,gBAAgB,GACzB,OAAO,CAAC,qBAAqB,CAAC;IAsB3B,uBAAuB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAcnH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAkBxF,sBAAsB,CAAC,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAsBxG,OAAO,CAAC,uBAAuB;IAkB/B,OAAO,CAAC,cAAc;CAQzB"}