@nextsparkjs/core 0.1.0-beta.154 → 0.1.0-beta.155

package/dist/lib/teams/permissions.d.ts

@@ -89,6 +89,24 @@ export declare function isSuperadmin(userRole: UserRole): boolean;
  * @returns True if action is allowed, false otherwise
  */
 export declare function canManageRole(actorRole: string, targetRole: string): boolean;
+/**
+ * Check if a role can invite another role to the team
+ *
+ * Reads hierarchy from the merged permissions registry, so any roles added
+ * by consumers via additional config are supported automatically.
+ *
+ * Semantics: invitation is allowed when the actor's hierarchy level is
+ * greater than or equal to the target's hierarchy level. Peers can invite
+ * peers (e.g. admin → admin); a lower-ranked actor cannot invite a
+ * higher-ranked target.
+ *
+ * Missing hierarchy entries are treated as 0, mirroring canManageRole.
+ *
+ * @param actorRole - The role of the user issuing the invitation
+ * @param targetRole - The role the invitee would receive
+ * @returns True if the invitation is allowed, false otherwise
+ */
+export declare function canInviteToRole(actorRole: string, targetRole: string): boolean;
 /**
  * Get human-readable role description
  *

package/dist/lib/teams/permissions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../src/lib/teams/permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAUH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,YAAY,CAAA;AAE9C;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,WAAW,GACX,aAAa,GACb,mBAAmB,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,0BAA0B,GAC1B,oBAAoB,GACpB,oBAAoB,GACpB,mBAAmB,GACnB,qBAAqB,CAAA;AAEzB;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,cAAc,EAYhD,CAAA;AAuCD;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAgC,CAAA;AAM7F;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,cAAc,EAC1B,aAAa,GAAE,OAAe,GAC7B,OAAO,CAWT;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,aAAa,GAAE,OAAe,GAC7B,cAAc,EAAE,CAQlB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,EACvB,UAAU,EAAE,cAAc,GACzB,OAAO,CAcT;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAExD;AAMD;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAKT;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGvD;AAMD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGrD;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAI5C;AAMD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BvC"}
+{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../src/lib/teams/permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAUH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,QAAQ,GAAG,YAAY,CAAA;AAE9C;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,WAAW,GACX,aAAa,GACb,mBAAmB,GACnB,qBAAqB,GACrB,qBAAqB,GACrB,0BAA0B,GAC1B,oBAAoB,GACpB,oBAAoB,GACpB,mBAAmB,GACnB,qBAAqB,CAAA;AAEzB;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,cAAc,EAYhD,CAAA;AAuCD;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,EAAE,CAAgC,CAAA;AAM7F;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,cAAc,EAC1B,aAAa,GAAE,OAAe,GAC7B,OAAO,CAWT;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EACZ,aAAa,GAAE,OAAe,GAC7B,cAAc,EAAE,CAQlB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,QAAQ,EAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,EACvB,UAAU,EAAE,cAAc,GACzB,OAAO,CAcT;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAExD;AAMD;;;;;;;;;GASG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAKT;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAIT;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAGvD;AAMD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGrD;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,EAAE,CAI5C;AAMD;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BvC"}

package/dist/lib/teams/permissions.js

@@ -63,6 +63,10 @@ function canManageRole(actorRole, targetRole) {
   const hierarchy = getHierarchyFromRegistry();
   return (hierarchy[actorRole] ?? 0) > (hierarchy[targetRole] ?? 0);
 }
+function canInviteToRole(actorRole, targetRole) {
+  const hierarchy = getHierarchyFromRegistry();
+  return (hierarchy[actorRole] ?? 0) >= (hierarchy[targetRole] ?? 0);
+}
 function getRoleDescription(role) {
   const descriptions = getDescriptionsFromRegistry();
   return descriptions[role] ?? "No description available";
@@ -97,6 +101,7 @@ function validateRoleTransition(fromRole, toRole, actorRole) {
 }
 export {
   ALL_TEAM_PERMISSIONS,
+  canInviteToRole,
   canManageRole,
   checkTeamPermission,
   getInvitableRoles,

package/dist/styles/classes.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-05-27T00:35:24.358Z",
+  "generated": "2026-05-27T12:11:22.327Z",
   "totalClasses": 1080,
   "classes": [
     "!text-2xl",

package/dist/templates/app/api/v1/teams/[teamId]/members/route.ts

@@ -14,24 +14,12 @@ import { checkRateLimit, withRateLimitTier } from '@nextsparkjs/core/lib/api/rat
 import { RATE_LIMITS } from '@nextsparkjs/core/lib/api/keys'
 import { inviteMemberSchema, memberListQuerySchema } from '@nextsparkjs/core/lib/teams/schema'
 import { TeamMemberService, MembershipService } from '@nextsparkjs/core/lib/services'
+import { canInviteToRole } from '@nextsparkjs/core/lib/teams/permissions'
 import type { TeamMember, TeamInvitation, TeamRole, Team } from '@nextsparkjs/core/lib/teams/types'
 import { EmailFactory } from '@nextsparkjs/core/lib/email/factory'
 import { sendTeamInvitationEmail } from '@nextsparkjs/core/lib/email/send'
 import { I18N_CONFIG } from '@nextsparkjs/core/lib/config'
 
-// Role hierarchy for invite validation (higher number = more power)
-const ROLE_HIERARCHY: Record<TeamRole, number> = {
-  owner: 4,
-  admin: 3,
-  member: 2,
-  viewer: 1,
-}
-
-// Check if a user can invite to a specific role (same level or below)
-function canInviteToRole(actorRole: TeamRole, targetRole: TeamRole): boolean {
-  return ROLE_HIERARCHY[actorRole] >= ROLE_HIERARCHY[targetRole]
-}
-
 // Handle CORS preflight
 export async function OPTIONS() {
   return handleCorsPreflightRequest()
@@ -226,7 +214,8 @@ export const POST = withRateLimitTier(withApiLogging(
       const body = await req.json()
       const validatedData = inviteMemberSchema.parse(body)
 
-      // Check role hierarchy - users can only invite to same role or below
+      // Check role hierarchy via the merged permissions registry — users can
+      // only invite to roles at the same level or below their own
       if (!canInviteToRole(userRole, validatedData.role)) {
         const response = createApiError(
           `You cannot invite members to a role higher than your own. Your role: ${userRole}, requested role: ${validatedData.role}`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nextsparkjs/core",
-  "version": "0.1.0-beta.154",
+  "version": "0.1.0-beta.155",
   "description": "NextSpark - The complete SaaS framework for Next.js",
   "license": "MIT",
   "author": "NextSpark <hello@nextspark.dev>",
@@ -467,7 +467,7 @@
     "tailwind-merge": "^3.3.1",
     "uuid": "^13.0.0",
     "zod": "^4.1.5",
-    "@nextsparkjs/testing": "0.1.0-beta.154"
+    "@nextsparkjs/testing": "0.1.0-beta.155"
   },
   "scripts": {
     "postinstall": "node scripts/postinstall.mjs || true",

package/templates/app/api/v1/teams/[teamId]/members/route.ts

@@ -14,24 +14,12 @@ import { checkRateLimit, withRateLimitTier } from '@nextsparkjs/core/lib/api/rat
 import { RATE_LIMITS } from '@nextsparkjs/core/lib/api/keys'
 import { inviteMemberSchema, memberListQuerySchema } from '@nextsparkjs/core/lib/teams/schema'
 import { TeamMemberService, MembershipService } from '@nextsparkjs/core/lib/services'
+import { canInviteToRole } from '@nextsparkjs/core/lib/teams/permissions'
 import type { TeamMember, TeamInvitation, TeamRole, Team } from '@nextsparkjs/core/lib/teams/types'
 import { EmailFactory } from '@nextsparkjs/core/lib/email/factory'
 import { sendTeamInvitationEmail } from '@nextsparkjs/core/lib/email/send'
 import { I18N_CONFIG } from '@nextsparkjs/core/lib/config'
 
-// Role hierarchy for invite validation (higher number = more power)
-const ROLE_HIERARCHY: Record<TeamRole, number> = {
-  owner: 4,
-  admin: 3,
-  member: 2,
-  viewer: 1,
-}
-
-// Check if a user can invite to a specific role (same level or below)
-function canInviteToRole(actorRole: TeamRole, targetRole: TeamRole): boolean {
-  return ROLE_HIERARCHY[actorRole] >= ROLE_HIERARCHY[targetRole]
-}
-
 // Handle CORS preflight
 export async function OPTIONS() {
   return handleCorsPreflightRequest()
@@ -226,7 +214,8 @@ export const POST = withRateLimitTier(withApiLogging(
       const body = await req.json()
       const validatedData = inviteMemberSchema.parse(body)
 
-      // Check role hierarchy - users can only invite to same role or below
+      // Check role hierarchy via the merged permissions registry — users can
+      // only invite to roles at the same level or below their own
       if (!canInviteToRole(userRole, validatedData.role)) {
         const response = createApiError(
           `You cannot invite members to a role higher than your own. Your role: ${userRole}, requested role: ${validatedData.role}`,