@nizam-os/dashboard-sdk 5.1.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/resources/organizations/client/Client.d.ts +25 -3
- package/dist/api/resources/organizations/client/Client.js +77 -3
- package/dist/api/resources/organizations/client/requests/ListOrganizationsRequest.d.ts +17 -0
- package/dist/api/resources/organizations/client/requests/ListOrganizationsRequest.js +3 -0
- package/dist/api/resources/organizations/client/requests/index.d.ts +1 -0
- package/dist/api/types/ListResponseOrganization.d.ts +27 -0
- package/dist/api/types/ListResponseOrganization.js +11 -0
- package/dist/api/types/index.d.ts +1 -0
- package/dist/api/types/index.js +1 -0
- package/package.json +1 -1
|
@@ -13,6 +13,24 @@ export declare namespace OrganizationsClient {
|
|
|
13
13
|
export declare class OrganizationsClient {
|
|
14
14
|
protected readonly _options: NormalizedClientOptionsWithAuth<OrganizationsClient.Options>;
|
|
15
15
|
constructor(options: OrganizationsClient.Options);
|
|
16
|
+
/**
|
|
17
|
+
* Dashboard callers see exactly the organizations they can read — their own memberships plus any cross-tenant read grants (3PL / delegated), resolved via SpiceDB `lookupResources(read)`. Platform staff see every tenant. Allowed sort field: `created_at` (prefix with `-` for descending). RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
|
|
18
|
+
*
|
|
19
|
+
* @param {NizamDashboard.ListOrganizationsRequest} request
|
|
20
|
+
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
21
|
+
*
|
|
22
|
+
* @throws {@link NizamDashboard.UnauthorizedError}
|
|
23
|
+
* @throws {@link NizamDashboard.ForbiddenError}
|
|
24
|
+
* @throws {@link NizamDashboard.InternalServerError}
|
|
25
|
+
*
|
|
26
|
+
* @example
|
|
27
|
+
* await client.organizations.listOrganizations({
|
|
28
|
+
* starting_after: "Y3Vyc29yX25leHRfMDFKNVE=",
|
|
29
|
+
* ending_before: "Y3Vyc29yX25leHRfMDFKNVE="
|
|
30
|
+
* })
|
|
31
|
+
*/
|
|
32
|
+
listOrganizations(request?: NizamDashboard.ListOrganizationsRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.ListResponseOrganization>;
|
|
33
|
+
private __listOrganizations;
|
|
16
34
|
/**
|
|
17
35
|
* Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
|
|
18
36
|
*
|
|
@@ -41,7 +59,7 @@ export declare class OrganizationsClient {
|
|
|
41
59
|
createOrganization(request: NizamDashboard.CreateOrganizationRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.Organization>;
|
|
42
60
|
private __createOrganization;
|
|
43
61
|
/**
|
|
44
|
-
* Returns one organization.
|
|
62
|
+
* Returns one organization. Visible to members, platform staff, and L4-granted cross-tenant readers; everyone else gets 404 — indistinguishable from a non-existent id (prevents tenant probing).
|
|
45
63
|
*
|
|
46
64
|
* @param {NizamDashboard.GetOrganizationRequest} request
|
|
47
65
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -59,7 +77,9 @@ export declare class OrganizationsClient {
|
|
|
59
77
|
getOrganization(request: NizamDashboard.GetOrganizationRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.Organization>;
|
|
60
78
|
private __getOrganization;
|
|
61
79
|
/**
|
|
62
|
-
* Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later.
|
|
80
|
+
* Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later. L4 @HasPermission ensures the caller is an admin; the owner-only check inside the handler narrows further.
|
|
81
|
+
*
|
|
82
|
+
* > **Requires** `administer` on `organization` (SpiceDB permission expression).
|
|
63
83
|
*
|
|
64
84
|
* @param {NizamDashboard.DeleteOrganizationRequest} request
|
|
65
85
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -77,7 +97,9 @@ export declare class OrganizationsClient {
|
|
|
77
97
|
deleteOrganization(request: NizamDashboard.DeleteOrganizationRequest, requestOptions?: OrganizationsClient.RequestOptions): core.HttpResponsePromise<void>;
|
|
78
98
|
private __deleteOrganization;
|
|
79
99
|
/**
|
|
80
|
-
* Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep.
|
|
100
|
+
* Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep. Gated by L4 — admins of the org are allowed; non-admins surface as 403 from Spring Security's access-denied handler.
|
|
101
|
+
*
|
|
102
|
+
* > **Requires** `administer` on `organization` (SpiceDB permission expression).
|
|
81
103
|
*
|
|
82
104
|
* @param {NizamDashboard.UpdateOrganizationRequest} request
|
|
83
105
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -49,6 +49,76 @@ class OrganizationsClient {
|
|
|
49
49
|
constructor(options) {
|
|
50
50
|
this._options = (0, BaseClient_js_1.normalizeClientOptionsWithAuth)(options);
|
|
51
51
|
}
|
|
52
|
+
/**
|
|
53
|
+
* Dashboard callers see exactly the organizations they can read — their own memberships plus any cross-tenant read grants (3PL / delegated), resolved via SpiceDB `lookupResources(read)`. Platform staff see every tenant. Allowed sort field: `created_at` (prefix with `-` for descending). RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
|
|
54
|
+
*
|
|
55
|
+
* @param {NizamDashboard.ListOrganizationsRequest} request
|
|
56
|
+
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
57
|
+
*
|
|
58
|
+
* @throws {@link NizamDashboard.UnauthorizedError}
|
|
59
|
+
* @throws {@link NizamDashboard.ForbiddenError}
|
|
60
|
+
* @throws {@link NizamDashboard.InternalServerError}
|
|
61
|
+
*
|
|
62
|
+
* @example
|
|
63
|
+
* await client.organizations.listOrganizations({
|
|
64
|
+
* starting_after: "Y3Vyc29yX25leHRfMDFKNVE=",
|
|
65
|
+
* ending_before: "Y3Vyc29yX25leHRfMDFKNVE="
|
|
66
|
+
* })
|
|
67
|
+
*/
|
|
68
|
+
listOrganizations(request = {}, requestOptions) {
|
|
69
|
+
return core.HttpResponsePromise.fromPromise(this.__listOrganizations(request, requestOptions));
|
|
70
|
+
}
|
|
71
|
+
async __listOrganizations(request = {}, requestOptions) {
|
|
72
|
+
const { sort, limit, starting_after: startingAfter, ending_before: endingBefore } = request;
|
|
73
|
+
const _queryParams = {
|
|
74
|
+
sort,
|
|
75
|
+
limit,
|
|
76
|
+
starting_after: startingAfter,
|
|
77
|
+
ending_before: endingBefore,
|
|
78
|
+
};
|
|
79
|
+
const _authRequest = await this._options.authProvider.getAuthRequest();
|
|
80
|
+
const _headers = (0, headers_js_1.mergeHeaders)(_authRequest.headers, this._options?.headers, requestOptions?.headers);
|
|
81
|
+
const _response = await core.fetcher({
|
|
82
|
+
url: core.url.join((await core.Supplier.get(this._options.baseUrl)) ??
|
|
83
|
+
(await core.Supplier.get(this._options.environment)) ??
|
|
84
|
+
environments.NizamDashboardEnvironment.Production, "v1/organizations"),
|
|
85
|
+
method: "GET",
|
|
86
|
+
headers: _headers,
|
|
87
|
+
queryString: core.url
|
|
88
|
+
.queryBuilder()
|
|
89
|
+
.addMany(_queryParams)
|
|
90
|
+
.mergeAdditional(requestOptions?.queryParams)
|
|
91
|
+
.build(),
|
|
92
|
+
timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1000,
|
|
93
|
+
maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,
|
|
94
|
+
abortSignal: requestOptions?.abortSignal,
|
|
95
|
+
fetchFn: this._options?.fetch,
|
|
96
|
+
logging: this._options.logging,
|
|
97
|
+
});
|
|
98
|
+
if (_response.ok) {
|
|
99
|
+
return {
|
|
100
|
+
data: _response.body,
|
|
101
|
+
rawResponse: _response.rawResponse,
|
|
102
|
+
};
|
|
103
|
+
}
|
|
104
|
+
if (_response.error.reason === "status-code") {
|
|
105
|
+
switch (_response.error.statusCode) {
|
|
106
|
+
case 401:
|
|
107
|
+
throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
|
|
108
|
+
case 403:
|
|
109
|
+
throw new NizamDashboard.ForbiddenError(_response.error.body, _response.rawResponse);
|
|
110
|
+
case 500:
|
|
111
|
+
throw new NizamDashboard.InternalServerError(_response.error.body, _response.rawResponse);
|
|
112
|
+
default:
|
|
113
|
+
throw new errors.NizamDashboardError({
|
|
114
|
+
statusCode: _response.error.statusCode,
|
|
115
|
+
body: _response.error.body,
|
|
116
|
+
rawResponse: _response.rawResponse,
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "GET", "/v1/organizations");
|
|
121
|
+
}
|
|
52
122
|
/**
|
|
53
123
|
* Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
|
|
54
124
|
*
|
|
@@ -122,7 +192,7 @@ class OrganizationsClient {
|
|
|
122
192
|
return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "POST", "/v1/organizations");
|
|
123
193
|
}
|
|
124
194
|
/**
|
|
125
|
-
* Returns one organization.
|
|
195
|
+
* Returns one organization. Visible to members, platform staff, and L4-granted cross-tenant readers; everyone else gets 404 — indistinguishable from a non-existent id (prevents tenant probing).
|
|
126
196
|
*
|
|
127
197
|
* @param {NizamDashboard.GetOrganizationRequest} request
|
|
128
198
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -181,7 +251,9 @@ class OrganizationsClient {
|
|
|
181
251
|
return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "GET", "/v1/organizations/{id}");
|
|
182
252
|
}
|
|
183
253
|
/**
|
|
184
|
-
* Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later.
|
|
254
|
+
* Owner-only. Sets `deleted_at` on the organizations row; subsequent reads filter it out. The Keycloak Organization is intentionally left in place — restore is just an UPDATE un-setting `deleted_at`. Members are not removed; their memberships persist alongside the soft-deleted row in case a restore path is added later. L4 @HasPermission ensures the caller is an admin; the owner-only check inside the handler narrows further.
|
|
255
|
+
*
|
|
256
|
+
* > **Requires** `administer` on `organization` (SpiceDB permission expression).
|
|
185
257
|
*
|
|
186
258
|
* @param {NizamDashboard.DeleteOrganizationRequest} request
|
|
187
259
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -240,7 +312,9 @@ class OrganizationsClient {
|
|
|
240
312
|
return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "DELETE", "/v1/organizations/{id}");
|
|
241
313
|
}
|
|
242
314
|
/**
|
|
243
|
-
* Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep.
|
|
315
|
+
* Set-only partial update. Null/omitted fields stay unchanged. A slug rename also renames the Keycloak Organization's alias inside the same transaction so the two stay in lockstep. Gated by L4 — admins of the org are allowed; non-admins surface as 403 from Spring Security's access-denied handler.
|
|
316
|
+
*
|
|
317
|
+
* > **Requires** `administer` on `organization` (SpiceDB permission expression).
|
|
244
318
|
*
|
|
245
319
|
* @param {NizamDashboard.UpdateOrganizationRequest} request
|
|
246
320
|
* @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @example
|
|
3
|
+
* {
|
|
4
|
+
* starting_after: "Y3Vyc29yX25leHRfMDFKNVE=",
|
|
5
|
+
* ending_before: "Y3Vyc29yX25leHRfMDFKNVE="
|
|
6
|
+
* }
|
|
7
|
+
*/
|
|
8
|
+
export interface ListOrganizationsRequest {
|
|
9
|
+
/** Sorting criteria in the format: property,(asc|desc). Default sort order is ascending. Multiple sort criteria are supported. */
|
|
10
|
+
sort?: string | string[];
|
|
11
|
+
/** Page size. Default 20, maximum 100. Out-of-range values are silently clamped; the response body's `limit` field reflects what was applied. */
|
|
12
|
+
limit?: number;
|
|
13
|
+
/** Opaque cursor — return the page starting strictly after this entity in the sort order. Mutually exclusive with `ending_before`. */
|
|
14
|
+
starting_after?: string;
|
|
15
|
+
/** Opaque cursor — return the page ending strictly before this entity in the sort order. Mutually exclusive with `starting_after`. */
|
|
16
|
+
ending_before?: string;
|
|
17
|
+
}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export type { CreateOrganizationRequest } from "./CreateOrganizationRequest.js";
|
|
2
2
|
export type { DeleteOrganizationRequest } from "./DeleteOrganizationRequest.js";
|
|
3
3
|
export type { GetOrganizationRequest } from "./GetOrganizationRequest.js";
|
|
4
|
+
export type { ListOrganizationsRequest } from "./ListOrganizationsRequest.js";
|
|
4
5
|
export type { UpdateOrganizationRequest } from "./UpdateOrganizationRequest.js";
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import type * as NizamDashboard from "../index.js";
|
|
2
|
+
/**
|
|
3
|
+
* Envelope for paginated list responses (Stripe-style cursor pagination).
|
|
4
|
+
*/
|
|
5
|
+
export interface ListResponseOrganization {
|
|
6
|
+
/** Object type discriminator (Stripe pattern). Always `list` for this envelope. */
|
|
7
|
+
object?: ListResponseOrganization.Object_ | undefined;
|
|
8
|
+
/** Page of resources. Empty array when there are no matches. */
|
|
9
|
+
data?: NizamDashboard.Organization[] | undefined;
|
|
10
|
+
/** True when more pages exist; pass `next_cursor` as `?starting_after=` to fetch the next page. */
|
|
11
|
+
has_more?: boolean | undefined;
|
|
12
|
+
/** True when earlier pages exist; pass `prev_cursor` as `?ending_before=` to fetch the previous page. */
|
|
13
|
+
has_previous?: boolean | undefined;
|
|
14
|
+
/** Opaque cursor for the next page. `null` on the last page. */
|
|
15
|
+
next_cursor?: string | undefined;
|
|
16
|
+
/** Opaque cursor for the previous page. `null` on the first page. */
|
|
17
|
+
prev_cursor?: string | undefined;
|
|
18
|
+
/** Page size that produced this response. */
|
|
19
|
+
limit?: number | undefined;
|
|
20
|
+
}
|
|
21
|
+
export declare namespace ListResponseOrganization {
|
|
22
|
+
/** Object type discriminator (Stripe pattern). Always `list` for this envelope. */
|
|
23
|
+
const Object_: {
|
|
24
|
+
readonly List: "list";
|
|
25
|
+
};
|
|
26
|
+
type Object_ = (typeof Object_)[keyof typeof Object_];
|
|
27
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
// This file was auto-generated by Fern from our API Definition.
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.ListResponseOrganization = void 0;
|
|
5
|
+
var ListResponseOrganization;
|
|
6
|
+
(function (ListResponseOrganization) {
|
|
7
|
+
/** Object type discriminator (Stripe pattern). Always `list` for this envelope. */
|
|
8
|
+
ListResponseOrganization.Object_ = {
|
|
9
|
+
List: "list",
|
|
10
|
+
};
|
|
11
|
+
})(ListResponseOrganization || (exports.ListResponseOrganization = ListResponseOrganization = {}));
|
|
@@ -17,6 +17,7 @@ export * from "./ListResponseCountry.js";
|
|
|
17
17
|
export * from "./ListResponseCurrency.js";
|
|
18
18
|
export * from "./ListResponseLanguage.js";
|
|
19
19
|
export * from "./ListResponseMembership.js";
|
|
20
|
+
export * from "./ListResponseOrganization.js";
|
|
20
21
|
export * from "./ListResponseTimezone.js";
|
|
21
22
|
export * from "./ListResponseUserResource.js";
|
|
22
23
|
export * from "./Membership.js";
|
package/dist/api/types/index.js
CHANGED
|
@@ -33,6 +33,7 @@ __exportStar(require("./ListResponseCountry.js"), exports);
|
|
|
33
33
|
__exportStar(require("./ListResponseCurrency.js"), exports);
|
|
34
34
|
__exportStar(require("./ListResponseLanguage.js"), exports);
|
|
35
35
|
__exportStar(require("./ListResponseMembership.js"), exports);
|
|
36
|
+
__exportStar(require("./ListResponseOrganization.js"), exports);
|
|
36
37
|
__exportStar(require("./ListResponseTimezone.js"), exports);
|
|
37
38
|
__exportStar(require("./ListResponseUserResource.js"), exports);
|
|
38
39
|
__exportStar(require("./Membership.js"), exports);
|