npm - @memberjunction/core-entities - Versions diffs - 5.28.0 → 5.30.0 - Mend

@memberjunction/core-entities 5.28.0 → 5.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/custom/PermissionProviders/EntityPermissionProvider.js ADDED Viewed

@@ -0,0 +1,129 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { Metadata, PermissionProviderBase, } from '@memberjunction/core';
+import { RegisterClass, UUIDsEqual } from '@memberjunction/global';
+/**
+ * Wraps the {@link Metadata} + `EntityInfo.GetUserPermisions()` path behind the
+ * unified {@link PermissionProviderBase} contract. Entity permissions are role-only,
+ * additive (OR across roles), and cover the CRUD action set only.
+ *
+ * `resourceType` is the entity name (e.g., `"Users"`).
+ * `resourceId` is unused — entity permissions are domain-wide per entity, not per-row.
+ * Row-level filters are a separate concern handled by the RLS system.
+ */
+let EntityPermissionProvider = class EntityPermissionProvider extends PermissionProviderBase {
+    constructor() {
+        super(...arguments);
+        this.DomainName = 'Entity Permissions';
+        this.Description = 'CRUD permissions on MJ entities, role-based with optional row-level security filters and explicit Allow/Deny rows';
+        this.SupportedGranteeTypes = ['Role'];
+        this.SupportedActions = ['Read', 'Create', 'Update', 'Delete'];
+        this.SupportsDeny = true;
+    }
+    GetResourceTypes() {
+        return new Metadata().Entities.map((e) => e.Name).sort((a, b) => a.localeCompare(b));
+    }
+    async CheckPermission(user, resourceType, _resourceId, action) {
+        const md = new Metadata();
+        const entity = md.EntityByName(resourceType);
+        if (!entity) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: `Entity '${resourceType}' not found in metadata`,
+            };
+        }
+        const perms = entity.GetUserPermisions(user);
+        const allowed = this.checkActionOnPermission(perms, action);
+        return {
+            Allowed: allowed,
+            DomainName: this.DomainName,
+            Reason: allowed
+                ? `Role grants ${action} on entity '${resourceType}'`
+                : `No role grants ${action} on entity '${resourceType}'`,
+        };
+    }
+    async GetEffectivePermissions(user, resourceType, _resourceId) {
+        const md = new Metadata();
+        const entity = md.EntityByName(resourceType);
+        if (!entity)
+            return [];
+        const actions = this.resolveActions(entity.GetUserPermisions(user));
+        if (actions.length === 0)
+            return [];
+        return [this.buildNormalizedPermission({
+                resourceType, resourceId: null, resourceName: resourceType,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+            })];
+    }
+    async GetUserResources(user, resourceType) {
+        const md = new Metadata();
+        const entities = resourceType
+            ? md.Entities.filter((e) => e.Name === resourceType)
+            : md.Entities;
+        const results = [];
+        for (const entity of entities) {
+            const actions = this.resolveActions(entity.GetUserPermisions(user));
+            if (actions.length === 0)
+                continue;
+            results.push(this.buildNormalizedPermission({
+                resourceType: entity.Name, resourceId: null, resourceName: entity.Name,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+            }));
+        }
+        return results;
+    }
+    async GetResourcePermissions(resourceType, _resourceId) {
+        const md = new Metadata();
+        const entity = md.EntityByName(resourceType);
+        if (!entity)
+            return [];
+        const results = [];
+        for (const ep of entity.Permissions) {
+            const actions = this.resolveActions(ep);
+            if (actions.length === 0)
+                continue;
+            const role = md.Roles.find((r) => UUIDsEqual(r.ID, ep.RoleID));
+            const isDeny = (ep.Type || 'Allow').trim().toLowerCase() === 'deny';
+            results.push(this.buildNormalizedPermission({
+                resourceType, resourceId: null, resourceName: resourceType,
+                granteeType: 'Role', granteeId: ep.RoleID,
+                granteeName: role?.Name ?? ep.RoleID, actions,
+                effect: isDeny ? 'Deny' : 'Allow',
+                sourceRecordId: ep.ID,
+            }));
+        }
+        return results;
+    }
+    checkActionOnPermission(perms, action) {
+        switch (action) {
+            case 'Read':
+                return perms.CanRead;
+            case 'Create':
+                return perms.CanCreate;
+            case 'Update':
+                return perms.CanUpdate;
+            case 'Delete':
+                return perms.CanDelete;
+            default:
+                return false;
+        }
+    }
+    resolveActions(perms) {
+        return this.boolsToActions({
+            Read: perms.CanRead,
+            Create: perms.CanCreate,
+            Update: perms.CanUpdate,
+            Delete: perms.CanDelete,
+        });
+    }
+};
+EntityPermissionProvider = __decorate([
+    RegisterClass(PermissionProviderBase, 'MJEntityPermissionProvider')
+], EntityPermissionProvider);
+export { EntityPermissionProvider };
+//# sourceMappingURL=EntityPermissionProvider.js.map

package/dist/custom/PermissionProviders/EntityPermissionProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"EntityPermissionProvider.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/EntityPermissionProvider.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAIH,QAAQ,EAIR,sBAAsB,GAEzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEnE;;;;;;;;GAQG;AAEI,IAAM,wBAAwB,GAA9B,MAAM,wBAAyB,SAAQ,sBAAsB;IAA7D;;QACM,eAAU,GAAG,oBAAoB,CAAC;QAClC,gBAAW,GAAG,mHAAmH,CAAC;QAClI,0BAAqB,GAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,qBAAgB,GAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9E,iBAAY,GAAG,IAAI,CAAC;IAkHjC,CAAC;IAhHY,gBAAgB;QACrB,OAAO,IAAI,QAAQ,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,CAAC;IAGD,KAAK,CAAC,eAAe,CACjB,IAAc,EACd,YAAoB,EACpB,WAA0B,EAC1B,MAAwB;QAExB,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,WAAW,YAAY,yBAAyB;aAC3D,CAAC;QACN,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5D,OAAO;YACH,OAAO,EAAE,OAAO;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,OAAO;gBACX,CAAC,CAAC,eAAe,MAAM,eAAe,YAAY,GAAG;gBACrD,CAAC,CAAC,kBAAkB,MAAM,eAAe,YAAY,GAAG;SAC/D,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAc,EAAE,YAAoB,EAAE,WAAmB;QACnF,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,CAAC;QAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;QACpE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACnC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY;gBAC1D,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;aAC3E,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAc,EAAE,YAAqB;QACxD,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,YAAY;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC;YACpD,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC;QAElB,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,IAAI;gBACtE,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;aAC3E,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,WAAmB;QAClE,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM;YAAE,OAAO,EAAE,CAAC;QAEvB,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;YACxC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;YACpE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,YAAY;gBAC1D,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,CAAC,MAAM;gBACzC,WAAW,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO;gBAC7C,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;gBACjC,cAAc,EAAE,EAAE,CAAC,EAAE;aACxB,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,uBAAuB,CAC3B,KAAsD,EACtD,MAAwB;QAExB,QAAQ,MAAM,EAAE,CAAC;YACb,KAAK,MAAM;gBACP,OAAO,KAAK,CAAC,OAAO,CAAC;YACzB,KAAK,QAAQ;gBACT,OAAO,KAAK,CAAC,SAAS,CAAC;YAC3B,KAAK,QAAQ;gBACT,OAAO,KAAK,CAAC,SAAS,CAAC;YAC3B,KAAK,QAAQ;gBACT,OAAO,KAAK,CAAC,SAAS,CAAC;YAC3B;gBACI,OAAO,KAAK,CAAC;QACrB,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,KAAsD;QACzE,OAAO,IAAI,CAAC,cAAc,CAAC;YACvB,IAAI,EAAE,KAAK,CAAC,OAAO;YACnB,MAAM,EAAE,KAAK,CAAC,SAAS;YACvB,MAAM,EAAE,KAAK,CAAC,SAAS;YACvB,MAAM,EAAE,KAAK,CAAC,SAAS;SAC1B,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AAvHY,wBAAwB;IADpC,aAAa,CAAC,sBAAsB,EAAE,4BAA4B,CAAC;GACvD,wBAAwB,CAuHpC"}

package/dist/custom/PermissionProviders/QueryPermissionProvider.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { GranteeType, NormalizedPermission, PermissionAction, PermissionCheckResult, PermissionProviderBase, UserInfo } from '@memberjunction/core';
+/**
+ * Wraps `MJ: Query Permissions` behind the unified {@link PermissionProviderBase} contract.
+ *
+ * Query permissions are role-only and use existence semantics: a row indicates the role
+ * is allowed to execute the query; the absence of a row denies it. There are no CRUD flags.
+ * This provider exposes `Execute` as the single canonical action.
+ *
+ * `resourceType` is `"Queries"`. `resourceId` is the query ID.
+ */
+export declare class QueryPermissionProvider extends PermissionProviderBase {
+    readonly DomainName = "Query Permissions";
+    readonly Description = "Role-based Execute permission on MJ queries. Row existence = permission granted.";
+    readonly SupportedGranteeTypes: GranteeType[];
+    readonly SupportedActions: PermissionAction[];
+    readonly SupportsDeny = false;
+    GetResourceTypes(): string[];
+    CheckPermission(user: UserInfo, _resourceType: string, resourceId: string | null, action: PermissionAction): Promise<PermissionCheckResult>;
+    GetEffectivePermissions(user: UserInfo, _resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    GetUserResources(user: UserInfo, resourceType?: string): Promise<NormalizedPermission[]>;
+    GetResourcePermissions(resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    private fetchPermissionsForQuery;
+}
+//# sourceMappingURL=QueryPermissionProvider.d.ts.map

package/dist/custom/PermissionProviders/QueryPermissionProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"QueryPermissionProvider.d.ts","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/QueryPermissionProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,WAAW,EAEX,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,sBAAsB,EACtB,QAAQ,EACX,MAAM,sBAAsB,CAAC;AAW9B;;;;;;;;GAQG;AACH,qBACa,uBAAwB,SAAQ,sBAAsB;IAC/D,QAAQ,CAAC,UAAU,uBAAuB;IAC1C,QAAQ,CAAC,WAAW,sFAAsF;IAC1G,QAAQ,CAAC,qBAAqB,EAAE,WAAW,EAAE,CAAY;IACzD,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,CAAe;IAC5D,QAAQ,CAAC,YAAY,SAAS;IAErB,gBAAgB,IAAI,MAAM,EAAE;IAI/B,eAAe,CACjB,IAAI,EAAE,QAAQ,EACd,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,gBAAgB,GACzB,OAAO,CAAC,qBAAqB,CAAC;IA4B3B,uBAAuB,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAgBnH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA8BxF,sBAAsB,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAqBzF,wBAAwB;CAQzC"}

package/dist/custom/PermissionProviders/QueryPermissionProvider.js ADDED Viewed

@@ -0,0 +1,123 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { Metadata, PermissionProviderBase, } from '@memberjunction/core';
+import { RegisterClass, UUIDsEqual } from '@memberjunction/global';
+/**
+ * Wraps `MJ: Query Permissions` behind the unified {@link PermissionProviderBase} contract.
+ *
+ * Query permissions are role-only and use existence semantics: a row indicates the role
+ * is allowed to execute the query; the absence of a row denies it. There are no CRUD flags.
+ * This provider exposes `Execute` as the single canonical action.
+ *
+ * `resourceType` is `"Queries"`. `resourceId` is the query ID.
+ */
+let QueryPermissionProvider = class QueryPermissionProvider extends PermissionProviderBase {
+    constructor() {
+        super(...arguments);
+        this.DomainName = 'Query Permissions';
+        this.Description = 'Role-based Execute permission on MJ queries. Row existence = permission granted.';
+        this.SupportedGranteeTypes = ['Role'];
+        this.SupportedActions = ['Execute'];
+        this.SupportsDeny = false;
+    }
+    GetResourceTypes() {
+        return ['Queries'];
+    }
+    async CheckPermission(user, _resourceType, resourceId, action) {
+        if (action !== 'Execute') {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: `Query Permissions only support Execute (got '${action}')`,
+            };
+        }
+        if (!resourceId) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: 'Query permissions require a specific query ID',
+            };
+        }
+        const rows = await this.fetchPermissionsForQuery(resourceId);
+        const userRoleIds = (user.UserRoles ?? []).map((ur) => ur.RoleID);
+        const match = rows.some((row) => userRoleIds.some((rid) => UUIDsEqual(row.RoleID, rid)));
+        return {
+            Allowed: match,
+            DomainName: this.DomainName,
+            Reason: match
+                ? `User has a role that grants Execute on query '${resourceId}'`
+                : `No role grants Execute on query '${resourceId}'`,
+        };
+    }
+    async GetEffectivePermissions(user, _resourceType, resourceId) {
+        const rows = await this.fetchPermissionsForQuery(resourceId);
+        const userRoleIds = (user.UserRoles ?? []).map((ur) => ur.RoleID);
+        const matchingRows = rows.filter((row) => userRoleIds.some((rid) => UUIDsEqual(row.RoleID, rid)));
+        if (matchingRows.length === 0)
+            return [];
+        const nameMap = await this.bulkLookupNames('Queries', [resourceId]);
+        const queryName = nameMap.get(resourceId);
+        return matchingRows.map((row) => this.buildNormalizedPermission({
+            resourceType: 'Queries', resourceId, resourceName: queryName,
+            granteeType: 'User', granteeId: user.ID, granteeName: user.Name,
+            actions: ['Execute'],
+            sourceRecordId: row.ID,
+        }));
+    }
+    async GetUserResources(user, resourceType) {
+        if (resourceType && resourceType !== 'Queries')
+            return [];
+        const userRoleIds = (user.UserRoles ?? []).map((ur) => ur.RoleID);
+        if (userRoleIds.length === 0)
+            return [];
+        const rows = await this.fetchRows('MJ: Query Permissions', `RoleID IN (${userRoleIds.map((r) => `'${r}'`).join(',')})`, ['ID', 'QueryID', 'RoleID', 'Query'], 'GetUserResources');
+        // Deduplicate: multiple roles may grant the same query.
+        const seen = new Set();
+        const results = [];
+        for (const row of rows) {
+            if (seen.has(row.QueryID))
+                continue;
+            seen.add(row.QueryID);
+            results.push(this.buildNormalizedPermission({
+                resourceType: 'Queries', resourceId: row.QueryID,
+                resourceName: row.Query ?? undefined,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name,
+                actions: ['Execute'],
+                sourceRecordId: row.ID,
+            }));
+        }
+        return results;
+    }
+    async GetResourcePermissions(resourceType, resourceId) {
+        if (resourceType !== 'Queries')
+            return [];
+        const rows = await this.fetchPermissionsForQuery(resourceId);
+        if (rows.length === 0)
+            return [];
+        const md = new Metadata();
+        const nameMap = await this.bulkLookupNames('Queries', [resourceId]);
+        const queryName = nameMap.get(resourceId);
+        return rows.map((row) => {
+            const role = md.Roles.find((r) => UUIDsEqual(r.ID, row.RoleID));
+            return this.buildNormalizedPermission({
+                resourceType: 'Queries', resourceId, resourceName: queryName,
+                granteeType: 'Role', granteeId: row.RoleID,
+                granteeName: role?.Name ?? row.Role ?? undefined,
+                actions: ['Execute'],
+                sourceRecordId: row.ID,
+            });
+        });
+    }
+    async fetchPermissionsForQuery(queryId) {
+        return this.fetchRows('MJ: Query Permissions', `QueryID='${queryId}'`, ['ID', 'QueryID', 'RoleID', 'Role'], 'fetchPermissionsForQuery');
+    }
+};
+QueryPermissionProvider = __decorate([
+    RegisterClass(PermissionProviderBase, 'MJQueryPermissionProvider')
+], QueryPermissionProvider);
+export { QueryPermissionProvider };
+//# sourceMappingURL=QueryPermissionProvider.js.map

package/dist/custom/PermissionProviders/QueryPermissionProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"QueryPermissionProvider.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/QueryPermissionProvider.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAEH,QAAQ,EAIR,sBAAsB,GAEzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAUnE;;;;;;;;GAQG;AAEI,IAAM,uBAAuB,GAA7B,MAAM,uBAAwB,SAAQ,sBAAsB;IAA5D;;QACM,eAAU,GAAG,mBAAmB,CAAC;QACjC,gBAAW,GAAG,kFAAkF,CAAC;QACjG,0BAAqB,GAAkB,CAAC,MAAM,CAAC,CAAC;QAChD,qBAAgB,GAAuB,CAAC,SAAS,CAAC,CAAC;QACnD,iBAAY,GAAG,KAAK,CAAC;IAkHlC,CAAC;IAhHY,gBAAgB;QACrB,OAAO,CAAC,SAAS,CAAC,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,eAAe,CACjB,IAAc,EACd,aAAqB,EACrB,UAAyB,EACzB,MAAwB;QAExB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,gDAAgD,MAAM,IAAI;aACrE,CAAC;QACN,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,+CAA+C;aAC1D,CAAC;QACN,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACzF,OAAO;YACH,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,KAAK;gBACT,CAAC,CAAC,iDAAiD,UAAU,GAAG;gBAChE,CAAC,CAAC,oCAAoC,UAAU,GAAG;SAC1D,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAc,EAAE,aAAqB,EAAE,UAAkB;QACnF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAClE,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAClG,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1C,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC;YAC5D,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS;YAC5D,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI;YAC/D,OAAO,EAAE,CAAC,SAAS,CAAC;YACpB,cAAc,EAAE,GAAG,CAAC,EAAE;SACzB,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAc,EAAE,YAAqB;QACxD,IAAI,YAAY,IAAI,YAAY,KAAK,SAAS;YAAE,OAAO,EAAE,CAAC;QAE1D,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAExC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAC7B,uBAAuB,EACvB,cAAc,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAC3D,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,EACpC,kBAAkB,CACrB,CAAC;QAEF,wDAAwD;QACxD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,SAAS;YACpC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,CAAC,OAAO;gBAChD,YAAY,EAAE,GAAG,CAAC,KAAK,IAAI,SAAS;gBACpC,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI;gBAC/D,OAAO,EAAE,CAAC,SAAS,CAAC;gBACpB,cAAc,EAAE,GAAG,CAAC,EAAE;aACzB,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,UAAkB;QACjE,IAAI,YAAY,KAAK,SAAS;YAAE,OAAO,EAAE,CAAC;QAE1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEjC,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YACpB,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC,yBAAyB,CAAC;gBAClC,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS;gBAC5D,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,MAAM;gBAC1C,WAAW,EAAE,IAAI,EAAE,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,SAAS;gBAChD,OAAO,EAAE,CAAC,SAAS,CAAC;gBACpB,cAAc,EAAE,GAAG,CAAC,EAAE;aACzB,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,OAAe;QAClD,OAAO,IAAI,CAAC,SAAS,CACjB,uBAAuB,EACvB,YAAY,OAAO,GAAG,EACtB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,EACnC,0BAA0B,CAC7B,CAAC;IACN,CAAC;CACJ,CAAA;AAvHY,uBAAuB;IADnC,aAAa,CAAC,sBAAsB,EAAE,2BAA2B,CAAC;GACtD,uBAAuB,CAuHnC"}

package/dist/custom/PermissionProviders/ResourcePermissionProvider.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { GranteeType, NormalizedPermission, PermissionAction, PermissionCheckResult, PermissionProviderBase, UserInfo } from '@memberjunction/core';
+/**
+ * Wraps {@link ResourcePermissionEngine.GetUserResourcePermissionLevel} behind the
+ * unified {@link PermissionProviderBase} contract.
+ *
+ * Resource permissions support both Users and Roles as grantees and use a hierarchical
+ * level model (View < Edit < Owner). The provider translates those levels into canonical
+ * action sets: View → [Read], Edit → [Read, Update], Owner → [Read, Update, Delete, Share, Admin].
+ *
+ * `resourceType` is the human-readable name from the `MJ: Resource Types` entity
+ * (e.g., `"User Views"`, `"Reports"`). `resourceId` is the target record ID.
+ */
+export declare class ResourcePermissionProvider extends PermissionProviderBase {
+    readonly DomainName = "Resource Permissions";
+    readonly Description = "Generic resource sharing with User or Role grantees, hierarchical View/Edit/Owner levels, and status workflow";
+    readonly SupportedGranteeTypes: GranteeType[];
+    readonly SupportedActions: PermissionAction[];
+    readonly SupportsDeny = false;
+    GetResourceTypes(): string[];
+    CheckPermission(user: UserInfo, resourceType: string, resourceId: string | null, action: PermissionAction): Promise<PermissionCheckResult>;
+    GetEffectivePermissions(user: UserInfo, resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    GetUserResources(user: UserInfo, resourceType?: string): Promise<NormalizedPermission[]>;
+    GetResourcePermissions(resourceType: string, resourceId: string): Promise<NormalizedPermission[]>;
+    /**
+     * Rows granted directly by this user to *other* users. Uses the
+     * `SharedByUserID` column (added in migration
+     * `V202604231235__v5.29.x__ResourcePermission_SharedByUserID.sql`) so every
+     * resource type that writes through `MJ: Resource Permissions` surfaces
+     * correctly in the end-user Sharing Center's "Shared by me" tab.
+     *
+     * Only Approved, User-grantee rows are returned — pending requests
+     * (`Status === 'Requested'`) and Role grants don't belong in a personal
+     * sharing view.
+     */
+    GetPermissionsGrantedByUser(grantor: UserInfo): Promise<NormalizedPermission[]>;
+    private resolveResourceTypeId;
+    private actionsForLevel;
+}
+//# sourceMappingURL=ResourcePermissionProvider.d.ts.map

package/dist/custom/PermissionProviders/ResourcePermissionProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ResourcePermissionProvider.d.ts","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/ResourcePermissionProvider.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,WAAW,EAEX,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,sBAAsB,EACtB,QAAQ,EACX,MAAM,sBAAsB,CAAC;AAK9B;;;;;;;;;;GAUG;AACH,qBACa,0BAA2B,SAAQ,sBAAsB;IAClE,QAAQ,CAAC,UAAU,0BAA0B;IAC7C,QAAQ,CAAC,WAAW,mHACgG;IACpH,QAAQ,CAAC,qBAAqB,EAAE,WAAW,EAAE,CAAoB;IACjE,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,CAAkD;IAC/F,QAAQ,CAAC,YAAY,SAAS;IAErB,gBAAgB,IAAI,MAAM,EAAE;IAQ/B,eAAe,CACjB,IAAI,EAAE,QAAQ,EACd,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,MAAM,EAAE,gBAAgB,GACzB,OAAO,CAAC,qBAAqB,CAAC;IA6B3B,uBAAuB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAclH,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA2BxF,sBAAsB,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAgCvG;;;;;;;;;;OAUG;IACY,2BAA2B,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAwB9F,OAAO,CAAC,qBAAqB;IAO7B,OAAO,CAAC,eAAe;CAY1B"}

package/dist/custom/PermissionProviders/ResourcePermissionProvider.js ADDED Viewed

@@ -0,0 +1,193 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { Metadata, PermissionProviderBase, } from '@memberjunction/core';
+import { RegisterClass, UUIDsEqual } from '@memberjunction/global';
+import { ResourcePermissionEngine } from '../ResourcePermissions/ResourcePermissionEngine.js';
+/**
+ * Wraps {@link ResourcePermissionEngine.GetUserResourcePermissionLevel} behind the
+ * unified {@link PermissionProviderBase} contract.
+ *
+ * Resource permissions support both Users and Roles as grantees and use a hierarchical
+ * level model (View < Edit < Owner). The provider translates those levels into canonical
+ * action sets: View → [Read], Edit → [Read, Update], Owner → [Read, Update, Delete, Share, Admin].
+ *
+ * `resourceType` is the human-readable name from the `MJ: Resource Types` entity
+ * (e.g., `"User Views"`, `"Reports"`). `resourceId` is the target record ID.
+ */
+let ResourcePermissionProvider = class ResourcePermissionProvider extends PermissionProviderBase {
+    constructor() {
+        super(...arguments);
+        this.DomainName = 'Resource Permissions';
+        this.Description = 'Generic resource sharing with User or Role grantees, hierarchical View/Edit/Owner levels, and status workflow';
+        this.SupportedGranteeTypes = ['User', 'Role'];
+        this.SupportedActions = ['Read', 'Update', 'Delete', 'Share', 'Admin'];
+        this.SupportsDeny = false;
+    }
+    GetResourceTypes() {
+        // Live list from the MJ: Resource Types catalog. Sorted for stable UI output.
+        return ResourcePermissionEngine.Instance.ResourceTypes
+            .map((rt) => rt.Name)
+            .filter((name) => !!name)
+            .sort((a, b) => a.localeCompare(b));
+    }
+    async CheckPermission(user, resourceType, resourceId, action) {
+        if (!resourceId) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: 'Resource permissions require a specific resource ID',
+            };
+        }
+        const resourceTypeId = this.resolveResourceTypeId(resourceType);
+        if (!resourceTypeId) {
+            return {
+                Allowed: false,
+                DomainName: this.DomainName,
+                Reason: `Unknown resource type '${resourceType}'`,
+            };
+        }
+        const level = ResourcePermissionEngine.Instance.GetUserResourcePermissionLevel(resourceTypeId, resourceId, user);
+        const actions = this.actionsForLevel(level);
+        const allowed = actions.includes(action);
+        return {
+            Allowed: allowed,
+            DomainName: this.DomainName,
+            Reason: level
+                ? `User has ${level} level permission${allowed ? '' : ` (insufficient for ${action})`}`
+                : `No resource permission found for user on '${resourceType}'/'${resourceId}'`,
+        };
+    }
+    async GetEffectivePermissions(user, resourceType, resourceId) {
+        const resourceTypeId = this.resolveResourceTypeId(resourceType);
+        if (!resourceTypeId)
+            return [];
+        const level = ResourcePermissionEngine.Instance.GetUserResourcePermissionLevel(resourceTypeId, resourceId, user);
+        const actions = this.actionsForLevel(level);
+        if (actions.length === 0)
+            return [];
+        return [this.buildNormalizedPermission({
+                resourceType, resourceId,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name, actions,
+            })];
+    }
+    async GetUserResources(user, resourceType) {
+        const engine = ResourcePermissionEngine.Instance;
+        let resourceTypeId;
+        if (resourceType) {
+            resourceTypeId = this.resolveResourceTypeId(resourceType) ?? undefined;
+            if (!resourceTypeId)
+                return [];
+        }
+        const userPerms = engine.GetUserAvailableResources(user, resourceTypeId);
+        const results = [];
+        for (const p of userPerms) {
+            const actions = this.actionsForLevel(p.PermissionLevel);
+            if (actions.length === 0)
+                continue;
+            const rt = engine.ResourceTypes.find((r) => UUIDsEqual(r.ID, p.ResourceTypeID));
+            results.push(this.buildNormalizedPermission({
+                resourceType: rt?.Name ?? p.ResourceTypeID,
+                resourceId: p.ResourceRecordID,
+                granteeType: 'User', granteeId: user.ID, granteeName: user.Name,
+                actions,
+                sourceRecordId: p.ID,
+                expiresAt: p.EndSharingAt ?? undefined,
+            }));
+        }
+        return results;
+    }
+    async GetResourcePermissions(resourceType, resourceId) {
+        const resourceTypeId = this.resolveResourceTypeId(resourceType);
+        if (!resourceTypeId)
+            return [];
+        const engine = ResourcePermissionEngine.Instance;
+        const md = new Metadata();
+        const rows = engine.GetResourcePermissions(resourceTypeId, resourceId);
+        const results = [];
+        for (const p of rows) {
+            const actions = this.actionsForLevel(p.PermissionLevel);
+            if (actions.length === 0)
+                continue;
+            const isUser = p.Type === 'User';
+            const granteeId = isUser ? p.UserID : p.RoleID;
+            let granteeName;
+            if (isUser) {
+                granteeName = undefined; // UserID → name requires user cache lookup; leave blank, UI can hydrate
+            }
+            else if (p.RoleID) {
+                granteeName = md.Roles.find((r) => UUIDsEqual(r.ID, p.RoleID))?.Name;
+            }
+            results.push(this.buildNormalizedPermission({
+                resourceType, resourceId,
+                granteeType: isUser ? 'User' : 'Role',
+                granteeId, granteeName, actions,
+                sourceRecordId: p.ID,
+                expiresAt: p.EndSharingAt ?? undefined,
+            }));
+        }
+        return results;
+    }
+    /**
+     * Rows granted directly by this user to *other* users. Uses the
+     * `SharedByUserID` column (added in migration
+     * `V202604231235__v5.29.x__ResourcePermission_SharedByUserID.sql`) so every
+     * resource type that writes through `MJ: Resource Permissions` surfaces
+     * correctly in the end-user Sharing Center's "Shared by me" tab.
+     *
+     * Only Approved, User-grantee rows are returned — pending requests
+     * (`Status === 'Requested'`) and Role grants don't belong in a personal
+     * sharing view.
+     */
+    async GetPermissionsGrantedByUser(grantor) {
+        const engine = ResourcePermissionEngine.Instance;
+        const results = [];
+        for (const p of engine.Permissions ?? []) {
+            if (!p.SharedByUserID || !UUIDsEqual(p.SharedByUserID, grantor.ID))
+                continue;
+            if (p.Type !== 'User' || !p.UserID)
+                continue;
+            if (p.Status !== 'Approved')
+                continue;
+            if (UUIDsEqual(p.UserID, grantor.ID))
+                continue;
+            const actions = this.actionsForLevel(p.PermissionLevel);
+            if (actions.length === 0)
+                continue;
+            const rt = engine.ResourceTypes.find((r) => UUIDsEqual(r.ID, p.ResourceTypeID));
+            results.push(this.buildNormalizedPermission({
+                resourceType: rt?.Name ?? p.ResourceTypeID,
+                resourceId: p.ResourceRecordID,
+                granteeType: 'User', granteeId: p.UserID, granteeName: p.User ?? undefined,
+                actions,
+                sourceRecordId: p.ID,
+                expiresAt: p.EndSharingAt ?? undefined,
+            }));
+        }
+        return results;
+    }
+    resolveResourceTypeId(resourceTypeName) {
+        const rt = ResourcePermissionEngine.Instance.ResourceTypes?.find((t) => t.Name.toLowerCase() === resourceTypeName.toLowerCase());
+        return rt?.ID ?? null;
+    }
+    actionsForLevel(level) {
+        switch (level) {
+            case 'Owner':
+                return ['Read', 'Update', 'Delete', 'Share', 'Admin'];
+            case 'Edit':
+                return ['Read', 'Update'];
+            case 'View':
+                return ['Read'];
+            default:
+                return [];
+        }
+    }
+};
+ResourcePermissionProvider = __decorate([
+    RegisterClass(PermissionProviderBase, 'MJResourcePermissionProvider')
+], ResourcePermissionProvider);
+export { ResourcePermissionProvider };
+//# sourceMappingURL=ResourcePermissionProvider.js.map

package/dist/custom/PermissionProviders/ResourcePermissionProvider.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ResourcePermissionProvider.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/ResourcePermissionProvider.ts"],"names":[],"mappings":";;;;;;AAAA,OAAO,EAEH,QAAQ,EAIR,sBAAsB,GAEzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAEnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,iDAAiD,CAAC;AAE3F;;;;;;;;;;GAUG;AAEI,IAAM,0BAA0B,GAAhC,MAAM,0BAA2B,SAAQ,sBAAsB;IAA/D;;QACM,eAAU,GAAG,sBAAsB,CAAC;QACpC,gBAAW,GAChB,+GAA+G,CAAC;QAC3G,0BAAqB,GAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,qBAAgB,GAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACtF,iBAAY,GAAG,KAAK,CAAC;IA2KlC,CAAC;IAzKY,gBAAgB;QACrB,8EAA8E;QAC9E,OAAO,wBAAwB,CAAC,QAAQ,CAAC,aAAa;aACjD,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC;aACpB,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aACxC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,eAAe,CACjB,IAAc,EACd,YAAoB,EACpB,UAAyB,EACzB,MAAwB;QAExB,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,qDAAqD;aAChE,CAAC;QACN,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc,EAAE,CAAC;YAClB,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,MAAM,EAAE,0BAA0B,YAAY,GAAG;aACpD,CAAC;QACN,CAAC;QAED,MAAM,KAAK,GAAG,wBAAwB,CAAC,QAAQ,CAAC,8BAA8B,CAAC,cAAc,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QACjH,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO;YACH,OAAO,EAAE,OAAO;YAChB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,MAAM,EAAE,KAAK;gBACT,CAAC,CAAC,YAAY,KAAK,oBAAoB,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,sBAAsB,MAAM,GAAG,EAAE;gBACvF,CAAC,CAAC,6CAA6C,YAAY,MAAM,UAAU,GAAG;SACrF,CAAC;IACN,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,IAAc,EAAE,YAAoB,EAAE,UAAkB;QAClF,MAAM,cAAc,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc;YAAE,OAAO,EAAE,CAAC;QAE/B,MAAM,KAAK,GAAG,wBAAwB,CAAC,QAAQ,CAAC,8BAA8B,CAAC,cAAc,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QACjH,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAEpC,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACnC,YAAY,EAAE,UAAU;gBACxB,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO;aAC3E,CAAC,CAAC,CAAC;IACR,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,IAAc,EAAE,YAAqB;QACxD,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC;QAEjD,IAAI,cAAkC,CAAC;QACvC,IAAI,YAAY,EAAE,CAAC;YACf,cAAc,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,IAAI,SAAS,CAAC;YACvE,IAAI,CAAC,cAAc;gBAAE,OAAO,EAAE,CAAC;QACnC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,yBAAyB,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACzE,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,MAAM,EAAE,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;YAChF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC,CAAC,cAAc;gBAC1C,UAAU,EAAE,CAAC,CAAC,gBAAgB;gBAC9B,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI;gBAC/D,OAAO;gBACP,cAAc,EAAE,CAAC,CAAC,EAAE;gBACpB,SAAS,EAAE,CAAC,CAAC,YAAY,IAAI,SAAS;aACzC,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,YAAoB,EAAE,UAAkB;QACjE,MAAM,cAAc,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAChE,IAAI,CAAC,cAAc;YAAE,OAAO,EAAE,CAAC;QAE/B,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QACvE,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACnB,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEnC,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;YACjC,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YAC/C,IAAI,WAA+B,CAAC;YACpC,IAAI,MAAM,EAAE,CAAC;gBACT,WAAW,GAAG,SAAS,CAAC,CAAC,wEAAwE;YACrG,CAAC;iBAAM,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;gBAClB,WAAW,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC;YACzE,CAAC;YAED,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,UAAU;gBACxB,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBACrC,SAAS,EAAE,WAAW,EAAE,OAAO;gBAC/B,cAAc,EAAE,CAAC,CAAC,EAAE;gBACpB,SAAS,EAAE,CAAC,CAAC,YAAY,IAAI,SAAS;aACzC,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;;;;;;;;;OAUG;IACM,KAAK,CAAC,2BAA2B,CAAC,OAAiB;QACxD,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC;QACjD,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;YACvC,IAAI,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;gBAAE,SAAS;YAC7E,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,MAAM;gBAAE,SAAS;YAC7C,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU;gBAAE,SAAS;YACtC,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;gBAAE,SAAS;YAE/C,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACnC,MAAM,EAAE,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;YAChF,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC;gBACxC,YAAY,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC,CAAC,cAAc;gBAC1C,UAAU,EAAE,CAAC,CAAC,gBAAgB;gBAC9B,WAAW,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC,IAAI,IAAI,SAAS;gBAC1E,OAAO;gBACP,cAAc,EAAE,CAAC,CAAC,EAAE;gBACpB,SAAS,EAAE,CAAC,CAAC,YAAY,IAAI,SAAS;aACzC,CAAC,CAAC,CAAC;QACR,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,qBAAqB,CAAC,gBAAwB;QAClD,MAAM,EAAE,GAAG,wBAAwB,CAAC,QAAQ,CAAC,aAAa,EAAE,IAAI,CAC5D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,WAAW,EAAE,CACjE,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC;IAC1B,CAAC;IAEO,eAAe,CAAC,KAAuC;QAC3D,QAAQ,KAAK,EAAE,CAAC;YACZ,KAAK,OAAO;gBACR,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1D,KAAK,MAAM;gBACP,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC9B,KAAK,MAAM;gBACP,OAAO,CAAC,MAAM,CAAC,CAAC;YACpB;gBACI,OAAO,EAAE,CAAC;QAClB,CAAC;IACL,CAAC;CACJ,CAAA;AAjLY,0BAA0B;IADtC,aAAa,CAAC,sBAAsB,EAAE,8BAA8B,CAAC;GACzD,0BAA0B,CAiLtC"}

package/dist/custom/PermissionProviders/index.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export { EntityPermissionProvider } from './EntityPermissionProvider.js';
+export { DashboardPermissionProvider } from './DashboardPermissionProvider.js';
+export { ResourcePermissionProvider } from './ResourcePermissionProvider.js';
+export { ApplicationRolePermissionProvider } from './ApplicationRolePermissionProvider.js';
+export { ArtifactPermissionProvider } from './ArtifactPermissionProvider.js';
+export { CollectionPermissionProvider } from './CollectionPermissionProvider.js';
+export { AIAgentPermissionProvider } from './AIAgentPermissionProvider.js';
+export { QueryPermissionProvider } from './QueryPermissionProvider.js';
+export { AccessControlRuleProvider } from './AccessControlRuleProvider.js';
+/**
+ * No-op function that MJCoreEntities's public-api calls to keep modern bundlers
+ * (ESBuild, Vite) from eliminating the `@RegisterClass(PermissionProviderBase, …)`
+ * side effects — without this, providers silently disappear in production bundles.
+ */
+export declare function LoadPermissionProviders(): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/custom/PermissionProviders/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,IAAI,CAgB9C"}

package/dist/custom/PermissionProviders/index.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { EntityPermissionProvider } from './EntityPermissionProvider.js';
+import { DashboardPermissionProvider } from './DashboardPermissionProvider.js';
+import { ResourcePermissionProvider } from './ResourcePermissionProvider.js';
+import { ApplicationRolePermissionProvider } from './ApplicationRolePermissionProvider.js';
+import { ArtifactPermissionProvider } from './ArtifactPermissionProvider.js';
+import { CollectionPermissionProvider } from './CollectionPermissionProvider.js';
+import { AIAgentPermissionProvider } from './AIAgentPermissionProvider.js';
+import { QueryPermissionProvider } from './QueryPermissionProvider.js';
+import { AccessControlRuleProvider } from './AccessControlRuleProvider.js';
+export { EntityPermissionProvider } from './EntityPermissionProvider.js';
+export { DashboardPermissionProvider } from './DashboardPermissionProvider.js';
+export { ResourcePermissionProvider } from './ResourcePermissionProvider.js';
+export { ApplicationRolePermissionProvider } from './ApplicationRolePermissionProvider.js';
+export { ArtifactPermissionProvider } from './ArtifactPermissionProvider.js';
+export { CollectionPermissionProvider } from './CollectionPermissionProvider.js';
+export { AIAgentPermissionProvider } from './AIAgentPermissionProvider.js';
+export { QueryPermissionProvider } from './QueryPermissionProvider.js';
+export { AccessControlRuleProvider } from './AccessControlRuleProvider.js';
+/**
+ * No-op function that MJCoreEntities's public-api calls to keep modern bundlers
+ * (ESBuild, Vite) from eliminating the `@RegisterClass(PermissionProviderBase, …)`
+ * side effects — without this, providers silently disappear in production bundles.
+ */
+export function LoadPermissionProviders() {
+    const markers = [
+        EntityPermissionProvider,
+        DashboardPermissionProvider,
+        ResourcePermissionProvider,
+        ApplicationRolePermissionProvider,
+        ArtifactPermissionProvider,
+        CollectionPermissionProvider,
+        AIAgentPermissionProvider,
+        QueryPermissionProvider,
+        AccessControlRuleProvider,
+    ];
+    if (markers.length < 0) {
+        // unreachable — keeps the array reference alive
+        console.log(markers);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/custom/PermissionProviders/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/custom/PermissionProviders/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AACtE,OAAO,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAC;AAC1E,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAExE;;;;GAIG;AACH,MAAM,UAAU,uBAAuB;IACnC,MAAM,OAAO,GAAG;QACZ,wBAAwB;QACxB,2BAA2B;QAC3B,0BAA0B;QAC1B,iCAAiC;QACjC,0BAA0B;QAC1B,4BAA4B;QAC5B,yBAAyB;QACzB,uBAAuB;QACvB,yBAAyB;KAC5B,CAAC;IACF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,gDAAgD;QAChD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;AACL,CAAC"}