@objectstack/platform-objects 12.5.0 → 13.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.js +31 -11
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +31 -11
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +250 -30
- package/dist/audit/index.d.ts +250 -30
- package/dist/identity/index.d.mts +581 -81
- package/dist/identity/index.d.ts +581 -81
- package/dist/identity/index.js +64 -26
- package/dist/identity/index.js.map +1 -1
- package/dist/identity/index.mjs +64 -26
- package/dist/identity/index.mjs.map +1 -1
- package/dist/index.js +104 -70
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +104 -70
- package/dist/index.mjs.map +1 -1
- package/dist/metadata-translations/index.js +0 -32
- package/dist/metadata-translations/index.js.map +1 -1
- package/dist/metadata-translations/index.mjs +0 -32
- package/dist/metadata-translations/index.mjs.map +1 -1
- package/dist/pages/index.d.mts +1 -1
- package/dist/pages/index.d.ts +1 -1
- package/dist/pages/index.js +1 -1
- package/dist/pages/index.js.map +1 -1
- package/dist/pages/index.mjs +1 -1
- package/dist/pages/index.mjs.map +1 -1
- package/dist/plugin.js +12 -40
- package/dist/plugin.js.map +1 -1
- package/dist/plugin.mjs +12 -40
- package/dist/plugin.mjs.map +1 -1
- package/dist/system/index.d.mts +78 -9
- package/dist/system/index.d.ts +78 -9
- package/dist/system/index.js +8 -0
- package/dist/system/index.js.map +1 -1
- package/dist/system/index.mjs +8 -0
- package/dist/system/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.js
CHANGED
|
@@ -39,13 +39,14 @@ var SysUser = data.ObjectSchema.create({
|
|
|
39
39
|
locations: ["list_toolbar"],
|
|
40
40
|
type: "api",
|
|
41
41
|
target: "/api/v1/auth/organization/invite-member",
|
|
42
|
-
//
|
|
43
|
-
//
|
|
44
|
-
//
|
|
45
|
-
//
|
|
46
|
-
//
|
|
47
|
-
//
|
|
48
|
-
|
|
42
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
43
|
+
// better-auth organization plugin is always mounted, and single-org
|
|
44
|
+
// mode now bootstraps a Default Organization (plugin-auth) so the
|
|
45
|
+
// endpoint's active-org resolution works there too. This is THE
|
|
46
|
+
// "add a teammate" affordance — the Users list is always reachable —
|
|
47
|
+
// and every add flows through better-auth invitations, never bespoke
|
|
48
|
+
// sys_user CRUD.
|
|
49
|
+
visible: "features.organization != false",
|
|
49
50
|
successMessage: "Invitation sent",
|
|
50
51
|
refreshAfter: true,
|
|
51
52
|
params: [
|
|
@@ -934,6 +935,12 @@ var SysVerification = data.ObjectSchema.create({
|
|
|
934
935
|
icon: "shield-check",
|
|
935
936
|
isSystem: true,
|
|
936
937
|
managedBy: "better-auth",
|
|
938
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
|
|
939
|
+
// (email/phone verification + password-reset tokens) — reading one is
|
|
940
|
+
// account takeover. Not covered by the wildcard `'*'` grant; admins retain
|
|
941
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
942
|
+
// (system context), so verification flows are unaffected.
|
|
943
|
+
access: { default: "private" },
|
|
937
944
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
938
945
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
939
946
|
// forbid sys_metadata overlays entirely.
|
|
@@ -1267,11 +1274,11 @@ var SysMember = data.ObjectSchema.create({
|
|
|
1267
1274
|
locations: ["list_toolbar"],
|
|
1268
1275
|
type: "api",
|
|
1269
1276
|
target: "/api/v1/auth/organization/add-member",
|
|
1270
|
-
//
|
|
1271
|
-
// endpoints resolve
|
|
1272
|
-
// mode
|
|
1273
|
-
//
|
|
1274
|
-
visible: "features.
|
|
1277
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
1278
|
+
// better-auth endpoints resolve the session's active org, which
|
|
1279
|
+
// single-org mode now guarantees via plugin-auth's default-org
|
|
1280
|
+
// bootstrap. Same gate on every membership mutation below.
|
|
1281
|
+
visible: "features.organization != false",
|
|
1275
1282
|
successMessage: "Member added",
|
|
1276
1283
|
refreshAfter: true,
|
|
1277
1284
|
params: [
|
|
@@ -1289,7 +1296,7 @@ var SysMember = data.ObjectSchema.create({
|
|
|
1289
1296
|
type: "api",
|
|
1290
1297
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1291
1298
|
recordIdParam: "memberId",
|
|
1292
|
-
visible: "features.
|
|
1299
|
+
visible: "features.organization != false",
|
|
1293
1300
|
successMessage: "Member role updated",
|
|
1294
1301
|
refreshAfter: true,
|
|
1295
1302
|
params: [
|
|
@@ -1306,7 +1313,7 @@ var SysMember = data.ObjectSchema.create({
|
|
|
1306
1313
|
type: "api",
|
|
1307
1314
|
target: "/api/v1/auth/organization/remove-member",
|
|
1308
1315
|
recordIdParam: "memberIdOrEmail",
|
|
1309
|
-
visible: "features.
|
|
1316
|
+
visible: "features.organization != false",
|
|
1310
1317
|
confirmText: "Remove this member from the organization? They will lose access to all org resources.",
|
|
1311
1318
|
successMessage: "Member removed",
|
|
1312
1319
|
refreshAfter: true
|
|
@@ -1328,7 +1335,7 @@ var SysMember = data.ObjectSchema.create({
|
|
|
1328
1335
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1329
1336
|
recordIdParam: "memberId",
|
|
1330
1337
|
bodyExtra: { role: "owner" },
|
|
1331
|
-
visible: "record.role != 'owner' && features.
|
|
1338
|
+
visible: "record.role != 'owner' && features.organization != false",
|
|
1332
1339
|
confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
|
|
1333
1340
|
successMessage: "Ownership transferred",
|
|
1334
1341
|
refreshAfter: true
|
|
@@ -1436,7 +1443,7 @@ var SysInvitation = data.ObjectSchema.create({
|
|
|
1436
1443
|
// sys_organization.create_organization). The recipient-side
|
|
1437
1444
|
// accept/reject actions below stay record-gated — they are
|
|
1438
1445
|
// unreachable in single-org anyway (no invitation rows exist).
|
|
1439
|
-
visible: "features.
|
|
1446
|
+
visible: "features.organization != false",
|
|
1440
1447
|
successMessage: "Invitation sent",
|
|
1441
1448
|
refreshAfter: true,
|
|
1442
1449
|
params: [
|
|
@@ -1454,7 +1461,7 @@ var SysInvitation = data.ObjectSchema.create({
|
|
|
1454
1461
|
type: "api",
|
|
1455
1462
|
target: "/api/v1/auth/organization/cancel-invitation",
|
|
1456
1463
|
recordIdParam: "invitationId",
|
|
1457
|
-
visible: "features.
|
|
1464
|
+
visible: "features.organization != false",
|
|
1458
1465
|
confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
|
|
1459
1466
|
successMessage: "Invitation canceled",
|
|
1460
1467
|
refreshAfter: true
|
|
@@ -1468,7 +1475,7 @@ var SysInvitation = data.ObjectSchema.create({
|
|
|
1468
1475
|
type: "api",
|
|
1469
1476
|
target: "/api/v1/auth/organization/invite-member",
|
|
1470
1477
|
bodyExtra: { resend: true },
|
|
1471
|
-
visible: "features.
|
|
1478
|
+
visible: "features.organization != false",
|
|
1472
1479
|
successMessage: "Invitation resent",
|
|
1473
1480
|
refreshAfter: true,
|
|
1474
1481
|
params: [
|
|
@@ -1658,7 +1665,7 @@ var SysTeam = data.ObjectSchema.create({
|
|
|
1658
1665
|
// Teams are nested inside organizations — a multi-org-only concept.
|
|
1659
1666
|
// Gate every team mutation on the multi-org flag so the affordances
|
|
1660
1667
|
// disappear in single-org (mirrors sys_organization.create_organization).
|
|
1661
|
-
visible: "features.
|
|
1668
|
+
visible: "features.organization != false",
|
|
1662
1669
|
successMessage: "Team created",
|
|
1663
1670
|
refreshAfter: true,
|
|
1664
1671
|
params: [
|
|
@@ -1679,7 +1686,7 @@ var SysTeam = data.ObjectSchema.create({
|
|
|
1679
1686
|
target: "/api/v1/auth/organization/update-team",
|
|
1680
1687
|
recordIdParam: "teamId",
|
|
1681
1688
|
bodyShape: { wrap: "data" },
|
|
1682
|
-
visible: "features.
|
|
1689
|
+
visible: "features.organization != false",
|
|
1683
1690
|
successMessage: "Team updated",
|
|
1684
1691
|
refreshAfter: true,
|
|
1685
1692
|
params: [
|
|
@@ -1698,7 +1705,7 @@ var SysTeam = data.ObjectSchema.create({
|
|
|
1698
1705
|
type: "api",
|
|
1699
1706
|
target: "/api/v1/auth/organization/remove-team",
|
|
1700
1707
|
recordIdParam: "teamId",
|
|
1701
|
-
visible: "features.
|
|
1708
|
+
visible: "features.organization != false",
|
|
1702
1709
|
confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
|
|
1703
1710
|
successMessage: "Team deleted",
|
|
1704
1711
|
refreshAfter: true
|
|
@@ -1812,7 +1819,7 @@ var SysTeamMember = data.ObjectSchema.create({
|
|
|
1812
1819
|
// Team membership lives under organizations — multi-org-only. Gate
|
|
1813
1820
|
// both mutations so they vanish in single-org (mirrors
|
|
1814
1821
|
// sys_organization.create_organization).
|
|
1815
|
-
visible: "features.
|
|
1822
|
+
visible: "features.organization != false",
|
|
1816
1823
|
successMessage: "Team member added",
|
|
1817
1824
|
refreshAfter: true,
|
|
1818
1825
|
params: [
|
|
@@ -1833,7 +1840,7 @@ var SysTeamMember = data.ObjectSchema.create({
|
|
|
1833
1840
|
locations: ["list_item"],
|
|
1834
1841
|
type: "api",
|
|
1835
1842
|
target: "/api/v1/auth/organization/remove-team-member",
|
|
1836
|
-
visible: "features.
|
|
1843
|
+
visible: "features.organization != false",
|
|
1837
1844
|
confirmText: "Remove this user from the team? They will lose any team-scoped access.",
|
|
1838
1845
|
successMessage: "Team member removed",
|
|
1839
1846
|
refreshAfter: true,
|
|
@@ -2071,7 +2078,7 @@ var SysBusinessUnitMember = data.ObjectSchema.create({
|
|
|
2071
2078
|
managedBy: "platform",
|
|
2072
2079
|
description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
|
|
2073
2080
|
titleFormat: "{user_id} in {business_unit_id}",
|
|
2074
|
-
highlightFields: ["user_id", "business_unit_id", "
|
|
2081
|
+
highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
|
|
2075
2082
|
fields: {
|
|
2076
2083
|
id: data.Field.text({
|
|
2077
2084
|
label: "Member ID",
|
|
@@ -2089,10 +2096,10 @@ var SysBusinessUnitMember = data.ObjectSchema.create({
|
|
|
2089
2096
|
required: true,
|
|
2090
2097
|
group: "Assignment"
|
|
2091
2098
|
}),
|
|
2092
|
-
|
|
2099
|
+
function_in_business_unit: data.Field.select(
|
|
2093
2100
|
["member", "lead", "deputy"],
|
|
2094
2101
|
{
|
|
2095
|
-
label: "
|
|
2102
|
+
label: "Function in Business Unit",
|
|
2096
2103
|
required: false,
|
|
2097
2104
|
defaultValue: "member",
|
|
2098
2105
|
description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
@@ -2496,6 +2503,12 @@ var SysDeviceCode = data.ObjectSchema.create({
|
|
|
2496
2503
|
icon: "key-round",
|
|
2497
2504
|
isSystem: true,
|
|
2498
2505
|
managedBy: "better-auth",
|
|
2506
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
|
|
2507
|
+
// codes — reading `user_code`/`device_code` lets an attacker hijack a
|
|
2508
|
+
// pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
|
|
2509
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
2510
|
+
// (system context), so the device-grant flow is unaffected.
|
|
2511
|
+
access: { default: "private" },
|
|
2499
2512
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
2500
2513
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
2501
2514
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3091,6 +3104,11 @@ var SysOauthAccessToken = data.ObjectSchema.create({
|
|
|
3091
3104
|
icon: "ticket",
|
|
3092
3105
|
isSystem: true,
|
|
3093
3106
|
managedBy: "better-auth",
|
|
3107
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
|
|
3108
|
+
// reading one is session hijack. Not covered by the wildcard `'*'` grant;
|
|
3109
|
+
// admins retain access via the superuser bypass; better-auth reads via its
|
|
3110
|
+
// adapter (system context), so OAuth flows are unaffected.
|
|
3111
|
+
access: { default: "private" },
|
|
3094
3112
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3095
3113
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3096
3114
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3177,6 +3195,11 @@ var SysOauthRefreshToken = data.ObjectSchema.create({
|
|
|
3177
3195
|
icon: "refresh-cw",
|
|
3178
3196
|
isSystem: true,
|
|
3179
3197
|
managedBy: "better-auth",
|
|
3198
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
|
|
3199
|
+
// a refresh token mints new access tokens. Not covered by the wildcard `'*'`
|
|
3200
|
+
// grant; admins retain access via the superuser bypass; better-auth reads
|
|
3201
|
+
// via its adapter (system context), so OAuth flows are unaffected.
|
|
3202
|
+
access: { default: "private" },
|
|
3180
3203
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3181
3204
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3182
3205
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3335,6 +3358,13 @@ var SysJwks = data.ObjectSchema.create({
|
|
|
3335
3358
|
icon: "key",
|
|
3336
3359
|
isSystem: true,
|
|
3337
3360
|
managedBy: "better-auth",
|
|
3361
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
|
|
3362
|
+
// KEYS (private key material). Not covered by the wildcard `'*'` grant — an
|
|
3363
|
+
// ordinary member gets 403 from the generic data layer. Platform admins
|
|
3364
|
+
// (viewAllRecords/modifyAllRecords) retain access via the posture-gated
|
|
3365
|
+
// superuser bypass; better-auth itself reads via its adapter (system
|
|
3366
|
+
// context), so token signing/verification is unaffected.
|
|
3367
|
+
access: { default: "private" },
|
|
3338
3368
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3339
3369
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3340
3370
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3648,6 +3678,14 @@ var SysScimProvider = data.ObjectSchema.create({
|
|
|
3648
3678
|
icon: "users",
|
|
3649
3679
|
isSystem: true,
|
|
3650
3680
|
managedBy: "better-auth",
|
|
3681
|
+
// [ADR-0066 D3/④] Admin-only identity config carrying a live credential
|
|
3682
|
+
// (`scim_token` — the bearer external IdPs authenticate provisioning calls
|
|
3683
|
+
// with). Object-level capability gate, mirroring the sibling
|
|
3684
|
+
// `sys_sso_provider`: ordinary members are denied entirely (without it, the
|
|
3685
|
+
// `member_default` wildcard `'*': allowRead` would expose SCIM connections
|
|
3686
|
+
// to every authenticated user). better-auth's own endpoints read via a
|
|
3687
|
+
// system context, so SCIM provisioning is unaffected.
|
|
3688
|
+
requiredPermissions: ["manage_platform_settings"],
|
|
3651
3689
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
|
|
3652
3690
|
protection: {
|
|
3653
3691
|
lock: "full",
|
|
@@ -4936,6 +4974,14 @@ var SysSecret = data.ObjectSchema.create({
|
|
|
4936
4974
|
icon: "key",
|
|
4937
4975
|
isSystem: true,
|
|
4938
4976
|
managedBy: "system",
|
|
4977
|
+
// [ADR-0066 D2/④] Secure-by-default: the environment's encrypted-secrets
|
|
4978
|
+
// store (settings/datasource credentials). Not covered by the wildcard `'*'`
|
|
4979
|
+
// grant — ordinary members get 403 from the generic data layer. Platform
|
|
4980
|
+
// admins retain access via the posture-gated superuser bypass. Internal
|
|
4981
|
+
// readers are unaffected: `engine.resolveSecret` reads at DRIVER level,
|
|
4982
|
+
// SettingsService / the datasource secret-binder read with no principal
|
|
4983
|
+
// (middleware falls open for principal-less internal calls).
|
|
4984
|
+
access: { default: "private" },
|
|
4939
4985
|
description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
|
|
4940
4986
|
highlightFields: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
|
|
4941
4987
|
listViews: {
|
|
@@ -5283,10 +5329,22 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5283
5329
|
priority: BASE_PRIORITY,
|
|
5284
5330
|
items: [
|
|
5285
5331
|
{ id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
|
|
5332
|
+
// The ACTIVE organization's record page (Members / Invitations / Teams
|
|
5333
|
+
// tabs with the better-auth row actions), rendered inside the app shell
|
|
5334
|
+
// (ADR-0081). `{current_org_id}` resolves from the session's active
|
|
5335
|
+
// organization; unresolved (e.g. org-less admin before bootstrap) it
|
|
5336
|
+
// falls back to the sys_organization list — one row in single-org.
|
|
5337
|
+
{ id: "nav_organization", type: "object", label: "Organization", objectName: "sys_organization", recordId: "{current_org_id}", icon: "building-2" },
|
|
5286
5338
|
{ id: "nav_business_units", type: "object", label: "Business Units", objectName: "sys_business_unit", icon: "building", requiresObject: "sys_business_unit" },
|
|
5287
|
-
|
|
5339
|
+
// Teams / Invitations no longer gate on `org-scoping` (ADR-0081 D1):
|
|
5340
|
+
// the better-auth organization capability is always mounted, and
|
|
5341
|
+
// plugin-auth's single-org default-org bootstrap guarantees an org to
|
|
5342
|
+
// invite into — these are the OPEN member-management basics. Only the
|
|
5343
|
+
// org LIST below keeps the gate: browsing organizations is meaningful
|
|
5344
|
+
// only when more than one can exist (enterprise multi-org).
|
|
5345
|
+
{ id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
|
|
5288
5346
|
{ id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2", requiresService: "org-scoping" },
|
|
5289
|
-
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail"
|
|
5347
|
+
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
|
|
5290
5348
|
]
|
|
5291
5349
|
},
|
|
5292
5350
|
{
|
|
@@ -5348,7 +5406,11 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5348
5406
|
priority: BASE_PRIORITY,
|
|
5349
5407
|
items: [
|
|
5350
5408
|
{ id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
|
|
5351
|
-
|
|
5409
|
+
// nav_jwks is capability-gated (like nav_api_keys): sys_jwks is
|
|
5410
|
+
// `access.default:'private'` (ADR-0066 ④ — signing keys), so a
|
|
5411
|
+
// non-admin's list request 403s server-side; gating the nav item keeps
|
|
5412
|
+
// the menu honest instead of showing an entry that can only error.
|
|
5413
|
+
{ id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round", requiredPermissions: ["manage_platform_settings"] },
|
|
5352
5414
|
// `sys_verification` (email/phone tokens) and `sys_device_code` (OAuth
|
|
5353
5415
|
// device-grant codes) deliberately omit `list` from their `apiMethods`
|
|
5354
5416
|
// (sensitive, ephemeral secrets — not browsable), so an object/list-view
|
|
@@ -6687,8 +6749,8 @@ var enObjects = {
|
|
|
6687
6749
|
user_id: {
|
|
6688
6750
|
label: "User"
|
|
6689
6751
|
},
|
|
6690
|
-
|
|
6691
|
-
label: "
|
|
6752
|
+
function_in_business_unit: {
|
|
6753
|
+
label: "Function in Business Unit",
|
|
6692
6754
|
help: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
6693
6755
|
options: {
|
|
6694
6756
|
member: "member",
|
|
@@ -8640,6 +8702,7 @@ var en = {
|
|
|
8640
8702
|
nav_marketplace_installed: { label: "Installed Apps" },
|
|
8641
8703
|
// People & Organization
|
|
8642
8704
|
nav_users: { label: "Users" },
|
|
8705
|
+
nav_organization: { label: "Organization" },
|
|
8643
8706
|
nav_business_units: { label: "Business Units" },
|
|
8644
8707
|
nav_teams: { label: "Teams" },
|
|
8645
8708
|
nav_organizations: { label: "Organizations" },
|
|
@@ -9433,8 +9496,8 @@ var zhCNObjects = {
|
|
|
9433
9496
|
user_id: {
|
|
9434
9497
|
label: "\u7528\u6237"
|
|
9435
9498
|
},
|
|
9436
|
-
|
|
9437
|
-
label: "\u4E1A\u52A1\u5355\u5143\u5185\
|
|
9499
|
+
function_in_business_unit: {
|
|
9500
|
+
label: "\u4E1A\u52A1\u5355\u5143\u5185\u804C\u80FD",
|
|
9438
9501
|
help: "`lead` \u8868\u793A\u65E5\u5E38\u8D1F\u8D23\u4EBA\uFF1B`deputy` \u53EF\u5728\u5BA1\u6279\u8DEF\u7531\u4E2D\u4EE3\u66FF\u8D1F\u8D23\u4EBA\u3002",
|
|
9439
9502
|
options: {
|
|
9440
9503
|
member: "\u6210\u5458",
|
|
@@ -11383,6 +11446,7 @@ var zhCN = {
|
|
|
11383
11446
|
group_advanced: { label: "\u9AD8\u7EA7" },
|
|
11384
11447
|
nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
|
|
11385
11448
|
nav_users: { label: "\u7528\u6237" },
|
|
11449
|
+
nav_organization: { label: "\u7EC4\u7EC7" },
|
|
11386
11450
|
nav_business_units: { label: "\u4E1A\u52A1\u5355\u5143" },
|
|
11387
11451
|
nav_teams: { label: "\u56E2\u961F" },
|
|
11388
11452
|
nav_organizations: { label: "\u7EC4\u7EC7" },
|
|
@@ -12142,8 +12206,8 @@ var jaJPObjects = {
|
|
|
12142
12206
|
user_id: {
|
|
12143
12207
|
label: "\u30E6\u30FC\u30B6\u30FC"
|
|
12144
12208
|
},
|
|
12145
|
-
|
|
12146
|
-
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\
|
|
12209
|
+
function_in_business_unit: {
|
|
12210
|
+
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u306E\u8077\u80FD",
|
|
12147
12211
|
help: "`lead` \u306F\u65E5\u5E38\u306E\u8CAC\u4EFB\u8005\u3001`deputy` \u306F\u627F\u8A8D\u30EB\u30FC\u30C6\u30A3\u30F3\u30B0\u3067\u30EA\u30FC\u30C9\u306E\u4EE3\u7406\u3092\u52D9\u3081\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002",
|
|
12148
12212
|
options: {
|
|
12149
12213
|
member: "\u30E1\u30F3\u30D0\u30FC",
|
|
@@ -14091,6 +14155,7 @@ var jaJP = {
|
|
|
14091
14155
|
group_advanced: { label: "\u8A73\u7D30" },
|
|
14092
14156
|
nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
|
|
14093
14157
|
nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
|
|
14158
|
+
nav_organization: { label: "\u7D44\u7E54" },
|
|
14094
14159
|
nav_business_units: { label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8" },
|
|
14095
14160
|
nav_teams: { label: "\u30C1\u30FC\u30E0" },
|
|
14096
14161
|
nav_organizations: { label: "\u7D44\u7E54" },
|
|
@@ -14848,8 +14913,8 @@ var esESObjects = {
|
|
|
14848
14913
|
user_id: {
|
|
14849
14914
|
label: "Usuario"
|
|
14850
14915
|
},
|
|
14851
|
-
|
|
14852
|
-
label: "
|
|
14916
|
+
function_in_business_unit: {
|
|
14917
|
+
label: "Funci\xF3n en la unidad de negocio",
|
|
14853
14918
|
help: "`lead` es el responsable del d\xEDa a d\xEDa; `deputy` puede sustituir al responsable en el enrutamiento de aprobaciones.",
|
|
14854
14919
|
options: {
|
|
14855
14920
|
member: "Miembro",
|
|
@@ -16797,6 +16862,7 @@ var esES = {
|
|
|
16797
16862
|
group_advanced: { label: "Avanzado" },
|
|
16798
16863
|
nav_system_overview: { label: "Resumen del Sistema" },
|
|
16799
16864
|
nav_users: { label: "Usuarios" },
|
|
16865
|
+
nav_organization: { label: "Organizaci\xF3n" },
|
|
16800
16866
|
nav_business_units: { label: "Unidades de negocio" },
|
|
16801
16867
|
nav_teams: { label: "Equipos" },
|
|
16802
16868
|
nav_organizations: { label: "Organizaciones" },
|
|
@@ -17046,7 +17112,7 @@ var SysUserDetailPage = {
|
|
|
17046
17112
|
},
|
|
17047
17113
|
// ── Tabs: curated related lists ───────────────────────────────
|
|
17048
17114
|
// Only the 4 lists that are semantically about THIS user account.
|
|
17049
|
-
// Everything else (
|
|
17115
|
+
// Everything else (sys_position created_by, sys_email_template
|
|
17050
17116
|
// updated_by, …) is incidental authorship metadata and would only
|
|
17051
17117
|
// create noise.
|
|
17052
17118
|
tabs: {
|
|
@@ -18566,10 +18632,6 @@ var enMetadataForms = {
|
|
|
18566
18632
|
label: "Label",
|
|
18567
18633
|
helpText: "Display label for admins"
|
|
18568
18634
|
},
|
|
18569
|
-
isProfile: {
|
|
18570
|
-
label: "Is Profile",
|
|
18571
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18572
|
-
},
|
|
18573
18635
|
systemPermissions: {
|
|
18574
18636
|
label: "System Permissions",
|
|
18575
18637
|
helpText: "List of system capability keys"
|
|
@@ -18625,10 +18687,6 @@ var enMetadataForms = {
|
|
|
18625
18687
|
label: "Label",
|
|
18626
18688
|
helpText: "Display label for admins"
|
|
18627
18689
|
},
|
|
18628
|
-
isProfile: {
|
|
18629
|
-
label: "Is Profile",
|
|
18630
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18631
|
-
},
|
|
18632
18690
|
systemPermissions: {
|
|
18633
18691
|
label: "System Permissions",
|
|
18634
18692
|
helpText: "List of system capability keys"
|
|
@@ -20204,10 +20262,6 @@ var zhCNMetadataForms = {
|
|
|
20204
20262
|
label: "\u663E\u793A\u540D\u79F0",
|
|
20205
20263
|
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u7684\u663E\u793A\u6807\u7B7E"
|
|
20206
20264
|
},
|
|
20207
|
-
isProfile: {
|
|
20208
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20209
|
-
helpText: "\u52FE\u9009\u540E\u4F5C\u4E3A\u5B8C\u6574\u914D\u7F6E\u6587\u4EF6\uFF08\u800C\u975E\u9644\u52A0\u6743\u9650\u96C6\uFF09"
|
|
20210
|
-
},
|
|
20211
20265
|
systemPermissions: {
|
|
20212
20266
|
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20213
20267
|
helpText: "\u5E94\u7528\u8BBF\u95EE\u3001API\u3001\u7BA1\u7406\u64CD\u4F5C"
|
|
@@ -20263,10 +20317,6 @@ var zhCNMetadataForms = {
|
|
|
20263
20317
|
label: "\u663E\u793A\u540D\u79F0",
|
|
20264
20318
|
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
|
|
20265
20319
|
},
|
|
20266
|
-
isProfile: {
|
|
20267
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20268
|
-
helpText: "\u914D\u7F6E\u6587\u4EF6 = \u5206\u914D\u7ED9\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002\u6743\u9650\u96C6 = \u9644\u52A0\u6388\u4E88\u3002"
|
|
20269
|
-
},
|
|
20270
20320
|
systemPermissions: {
|
|
20271
20321
|
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20272
20322
|
helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
|
|
@@ -21842,10 +21892,6 @@ var jaJPMetadataForms = {
|
|
|
21842
21892
|
label: "\u8868\u793A\u540D",
|
|
21843
21893
|
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21844
21894
|
},
|
|
21845
|
-
isProfile: {
|
|
21846
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21847
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21848
|
-
},
|
|
21849
21895
|
systemPermissions: {
|
|
21850
21896
|
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21851
21897
|
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
@@ -21901,10 +21947,6 @@ var jaJPMetadataForms = {
|
|
|
21901
21947
|
label: "\u8868\u793A\u540D",
|
|
21902
21948
|
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21903
21949
|
},
|
|
21904
|
-
isProfile: {
|
|
21905
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21906
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21907
|
-
},
|
|
21908
21950
|
systemPermissions: {
|
|
21909
21951
|
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21910
21952
|
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
@@ -23480,10 +23522,6 @@ var esESMetadataForms = {
|
|
|
23480
23522
|
label: "Etiqueta",
|
|
23481
23523
|
helpText: "Etiqueta mostrada para administradores"
|
|
23482
23524
|
},
|
|
23483
|
-
isProfile: {
|
|
23484
|
-
label: "Es perfil",
|
|
23485
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23486
|
-
},
|
|
23487
23525
|
systemPermissions: {
|
|
23488
23526
|
label: "Permisos del sistema",
|
|
23489
23527
|
helpText: "Lista de claves de capacidades del sistema"
|
|
@@ -23539,10 +23577,6 @@ var esESMetadataForms = {
|
|
|
23539
23577
|
label: "Etiqueta",
|
|
23540
23578
|
helpText: "Etiqueta mostrada para administradores"
|
|
23541
23579
|
},
|
|
23542
|
-
isProfile: {
|
|
23543
|
-
label: "Es perfil",
|
|
23544
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23545
|
-
},
|
|
23546
23580
|
systemPermissions: {
|
|
23547
23581
|
label: "Permisos del sistema",
|
|
23548
23582
|
helpText: "Lista de claves de capacidades del sistema"
|