@objectstack/platform-objects 12.6.0 → 13.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.js +31 -11
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +31 -11
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +90 -30
- package/dist/audit/index.d.ts +90 -30
- package/dist/identity/index.d.mts +229 -81
- package/dist/identity/index.d.ts +229 -81
- package/dist/identity/index.js +64 -26
- package/dist/identity/index.js.map +1 -1
- package/dist/identity/index.mjs +64 -26
- package/dist/identity/index.mjs.map +1 -1
- package/dist/index.js +104 -70
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +104 -70
- package/dist/index.mjs.map +1 -1
- package/dist/metadata-translations/index.js +0 -32
- package/dist/metadata-translations/index.js.map +1 -1
- package/dist/metadata-translations/index.mjs +0 -32
- package/dist/metadata-translations/index.mjs.map +1 -1
- package/dist/pages/index.d.mts +1 -1
- package/dist/pages/index.d.ts +1 -1
- package/dist/pages/index.js +1 -1
- package/dist/pages/index.js.map +1 -1
- package/dist/pages/index.mjs +1 -1
- package/dist/pages/index.mjs.map +1 -1
- package/dist/plugin.js +12 -40
- package/dist/plugin.js.map +1 -1
- package/dist/plugin.mjs +12 -40
- package/dist/plugin.mjs.map +1 -1
- package/dist/system/index.d.mts +30 -9
- package/dist/system/index.d.ts +30 -9
- package/dist/system/index.js +8 -0
- package/dist/system/index.js.map +1 -1
- package/dist/system/index.mjs +8 -0
- package/dist/system/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/identity/index.mjs
CHANGED
|
@@ -35,13 +35,14 @@ var SysUser = ObjectSchema.create({
|
|
|
35
35
|
locations: ["list_toolbar"],
|
|
36
36
|
type: "api",
|
|
37
37
|
target: "/api/v1/auth/organization/invite-member",
|
|
38
|
-
//
|
|
39
|
-
//
|
|
40
|
-
//
|
|
41
|
-
//
|
|
42
|
-
//
|
|
43
|
-
//
|
|
44
|
-
|
|
38
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
39
|
+
// better-auth organization plugin is always mounted, and single-org
|
|
40
|
+
// mode now bootstraps a Default Organization (plugin-auth) so the
|
|
41
|
+
// endpoint's active-org resolution works there too. This is THE
|
|
42
|
+
// "add a teammate" affordance — the Users list is always reachable —
|
|
43
|
+
// and every add flows through better-auth invitations, never bespoke
|
|
44
|
+
// sys_user CRUD.
|
|
45
|
+
visible: "features.organization != false",
|
|
45
46
|
successMessage: "Invitation sent",
|
|
46
47
|
refreshAfter: true,
|
|
47
48
|
params: [
|
|
@@ -930,6 +931,12 @@ var SysVerification = ObjectSchema.create({
|
|
|
930
931
|
icon: "shield-check",
|
|
931
932
|
isSystem: true,
|
|
932
933
|
managedBy: "better-auth",
|
|
934
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
|
|
935
|
+
// (email/phone verification + password-reset tokens) — reading one is
|
|
936
|
+
// account takeover. Not covered by the wildcard `'*'` grant; admins retain
|
|
937
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
938
|
+
// (system context), so verification flows are unaffected.
|
|
939
|
+
access: { default: "private" },
|
|
933
940
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
934
941
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
935
942
|
// forbid sys_metadata overlays entirely.
|
|
@@ -1263,11 +1270,11 @@ var SysMember = ObjectSchema.create({
|
|
|
1263
1270
|
locations: ["list_toolbar"],
|
|
1264
1271
|
type: "api",
|
|
1265
1272
|
target: "/api/v1/auth/organization/add-member",
|
|
1266
|
-
//
|
|
1267
|
-
// endpoints resolve
|
|
1268
|
-
// mode
|
|
1269
|
-
//
|
|
1270
|
-
visible: "features.
|
|
1273
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
1274
|
+
// better-auth endpoints resolve the session's active org, which
|
|
1275
|
+
// single-org mode now guarantees via plugin-auth's default-org
|
|
1276
|
+
// bootstrap. Same gate on every membership mutation below.
|
|
1277
|
+
visible: "features.organization != false",
|
|
1271
1278
|
successMessage: "Member added",
|
|
1272
1279
|
refreshAfter: true,
|
|
1273
1280
|
params: [
|
|
@@ -1285,7 +1292,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1285
1292
|
type: "api",
|
|
1286
1293
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1287
1294
|
recordIdParam: "memberId",
|
|
1288
|
-
visible: "features.
|
|
1295
|
+
visible: "features.organization != false",
|
|
1289
1296
|
successMessage: "Member role updated",
|
|
1290
1297
|
refreshAfter: true,
|
|
1291
1298
|
params: [
|
|
@@ -1302,7 +1309,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1302
1309
|
type: "api",
|
|
1303
1310
|
target: "/api/v1/auth/organization/remove-member",
|
|
1304
1311
|
recordIdParam: "memberIdOrEmail",
|
|
1305
|
-
visible: "features.
|
|
1312
|
+
visible: "features.organization != false",
|
|
1306
1313
|
confirmText: "Remove this member from the organization? They will lose access to all org resources.",
|
|
1307
1314
|
successMessage: "Member removed",
|
|
1308
1315
|
refreshAfter: true
|
|
@@ -1324,7 +1331,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1324
1331
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1325
1332
|
recordIdParam: "memberId",
|
|
1326
1333
|
bodyExtra: { role: "owner" },
|
|
1327
|
-
visible: "record.role != 'owner' && features.
|
|
1334
|
+
visible: "record.role != 'owner' && features.organization != false",
|
|
1328
1335
|
confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
|
|
1329
1336
|
successMessage: "Ownership transferred",
|
|
1330
1337
|
refreshAfter: true
|
|
@@ -1432,7 +1439,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1432
1439
|
// sys_organization.create_organization). The recipient-side
|
|
1433
1440
|
// accept/reject actions below stay record-gated — they are
|
|
1434
1441
|
// unreachable in single-org anyway (no invitation rows exist).
|
|
1435
|
-
visible: "features.
|
|
1442
|
+
visible: "features.organization != false",
|
|
1436
1443
|
successMessage: "Invitation sent",
|
|
1437
1444
|
refreshAfter: true,
|
|
1438
1445
|
params: [
|
|
@@ -1450,7 +1457,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1450
1457
|
type: "api",
|
|
1451
1458
|
target: "/api/v1/auth/organization/cancel-invitation",
|
|
1452
1459
|
recordIdParam: "invitationId",
|
|
1453
|
-
visible: "features.
|
|
1460
|
+
visible: "features.organization != false",
|
|
1454
1461
|
confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
|
|
1455
1462
|
successMessage: "Invitation canceled",
|
|
1456
1463
|
refreshAfter: true
|
|
@@ -1464,7 +1471,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1464
1471
|
type: "api",
|
|
1465
1472
|
target: "/api/v1/auth/organization/invite-member",
|
|
1466
1473
|
bodyExtra: { resend: true },
|
|
1467
|
-
visible: "features.
|
|
1474
|
+
visible: "features.organization != false",
|
|
1468
1475
|
successMessage: "Invitation resent",
|
|
1469
1476
|
refreshAfter: true,
|
|
1470
1477
|
params: [
|
|
@@ -1654,7 +1661,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1654
1661
|
// Teams are nested inside organizations — a multi-org-only concept.
|
|
1655
1662
|
// Gate every team mutation on the multi-org flag so the affordances
|
|
1656
1663
|
// disappear in single-org (mirrors sys_organization.create_organization).
|
|
1657
|
-
visible: "features.
|
|
1664
|
+
visible: "features.organization != false",
|
|
1658
1665
|
successMessage: "Team created",
|
|
1659
1666
|
refreshAfter: true,
|
|
1660
1667
|
params: [
|
|
@@ -1675,7 +1682,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1675
1682
|
target: "/api/v1/auth/organization/update-team",
|
|
1676
1683
|
recordIdParam: "teamId",
|
|
1677
1684
|
bodyShape: { wrap: "data" },
|
|
1678
|
-
visible: "features.
|
|
1685
|
+
visible: "features.organization != false",
|
|
1679
1686
|
successMessage: "Team updated",
|
|
1680
1687
|
refreshAfter: true,
|
|
1681
1688
|
params: [
|
|
@@ -1694,7 +1701,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1694
1701
|
type: "api",
|
|
1695
1702
|
target: "/api/v1/auth/organization/remove-team",
|
|
1696
1703
|
recordIdParam: "teamId",
|
|
1697
|
-
visible: "features.
|
|
1704
|
+
visible: "features.organization != false",
|
|
1698
1705
|
confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
|
|
1699
1706
|
successMessage: "Team deleted",
|
|
1700
1707
|
refreshAfter: true
|
|
@@ -1808,7 +1815,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1808
1815
|
// Team membership lives under organizations — multi-org-only. Gate
|
|
1809
1816
|
// both mutations so they vanish in single-org (mirrors
|
|
1810
1817
|
// sys_organization.create_organization).
|
|
1811
|
-
visible: "features.
|
|
1818
|
+
visible: "features.organization != false",
|
|
1812
1819
|
successMessage: "Team member added",
|
|
1813
1820
|
refreshAfter: true,
|
|
1814
1821
|
params: [
|
|
@@ -1829,7 +1836,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1829
1836
|
locations: ["list_item"],
|
|
1830
1837
|
type: "api",
|
|
1831
1838
|
target: "/api/v1/auth/organization/remove-team-member",
|
|
1832
|
-
visible: "features.
|
|
1839
|
+
visible: "features.organization != false",
|
|
1833
1840
|
confirmText: "Remove this user from the team? They will lose any team-scoped access.",
|
|
1834
1841
|
successMessage: "Team member removed",
|
|
1835
1842
|
refreshAfter: true,
|
|
@@ -2067,7 +2074,7 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2067
2074
|
managedBy: "platform",
|
|
2068
2075
|
description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
|
|
2069
2076
|
titleFormat: "{user_id} in {business_unit_id}",
|
|
2070
|
-
highlightFields: ["user_id", "business_unit_id", "
|
|
2077
|
+
highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
|
|
2071
2078
|
fields: {
|
|
2072
2079
|
id: Field.text({
|
|
2073
2080
|
label: "Member ID",
|
|
@@ -2085,10 +2092,10 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2085
2092
|
required: true,
|
|
2086
2093
|
group: "Assignment"
|
|
2087
2094
|
}),
|
|
2088
|
-
|
|
2095
|
+
function_in_business_unit: Field.select(
|
|
2089
2096
|
["member", "lead", "deputy"],
|
|
2090
2097
|
{
|
|
2091
|
-
label: "
|
|
2098
|
+
label: "Function in Business Unit",
|
|
2092
2099
|
required: false,
|
|
2093
2100
|
defaultValue: "member",
|
|
2094
2101
|
description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
@@ -2492,6 +2499,12 @@ var SysDeviceCode = ObjectSchema.create({
|
|
|
2492
2499
|
icon: "key-round",
|
|
2493
2500
|
isSystem: true,
|
|
2494
2501
|
managedBy: "better-auth",
|
|
2502
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
|
|
2503
|
+
// codes — reading `user_code`/`device_code` lets an attacker hijack a
|
|
2504
|
+
// pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
|
|
2505
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
2506
|
+
// (system context), so the device-grant flow is unaffected.
|
|
2507
|
+
access: { default: "private" },
|
|
2495
2508
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
2496
2509
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
2497
2510
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3087,6 +3100,11 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3087
3100
|
icon: "ticket",
|
|
3088
3101
|
isSystem: true,
|
|
3089
3102
|
managedBy: "better-auth",
|
|
3103
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
|
|
3104
|
+
// reading one is session hijack. Not covered by the wildcard `'*'` grant;
|
|
3105
|
+
// admins retain access via the superuser bypass; better-auth reads via its
|
|
3106
|
+
// adapter (system context), so OAuth flows are unaffected.
|
|
3107
|
+
access: { default: "private" },
|
|
3090
3108
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3091
3109
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3092
3110
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3173,6 +3191,11 @@ var SysOauthRefreshToken = ObjectSchema.create({
|
|
|
3173
3191
|
icon: "refresh-cw",
|
|
3174
3192
|
isSystem: true,
|
|
3175
3193
|
managedBy: "better-auth",
|
|
3194
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
|
|
3195
|
+
// a refresh token mints new access tokens. Not covered by the wildcard `'*'`
|
|
3196
|
+
// grant; admins retain access via the superuser bypass; better-auth reads
|
|
3197
|
+
// via its adapter (system context), so OAuth flows are unaffected.
|
|
3198
|
+
access: { default: "private" },
|
|
3176
3199
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3177
3200
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3178
3201
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3331,6 +3354,13 @@ var SysJwks = ObjectSchema.create({
|
|
|
3331
3354
|
icon: "key",
|
|
3332
3355
|
isSystem: true,
|
|
3333
3356
|
managedBy: "better-auth",
|
|
3357
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
|
|
3358
|
+
// KEYS (private key material). Not covered by the wildcard `'*'` grant — an
|
|
3359
|
+
// ordinary member gets 403 from the generic data layer. Platform admins
|
|
3360
|
+
// (viewAllRecords/modifyAllRecords) retain access via the posture-gated
|
|
3361
|
+
// superuser bypass; better-auth itself reads via its adapter (system
|
|
3362
|
+
// context), so token signing/verification is unaffected.
|
|
3363
|
+
access: { default: "private" },
|
|
3334
3364
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3335
3365
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3336
3366
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3644,6 +3674,14 @@ var SysScimProvider = ObjectSchema.create({
|
|
|
3644
3674
|
icon: "users",
|
|
3645
3675
|
isSystem: true,
|
|
3646
3676
|
managedBy: "better-auth",
|
|
3677
|
+
// [ADR-0066 D3/④] Admin-only identity config carrying a live credential
|
|
3678
|
+
// (`scim_token` — the bearer external IdPs authenticate provisioning calls
|
|
3679
|
+
// with). Object-level capability gate, mirroring the sibling
|
|
3680
|
+
// `sys_sso_provider`: ordinary members are denied entirely (without it, the
|
|
3681
|
+
// `member_default` wildcard `'*': allowRead` would expose SCIM connections
|
|
3682
|
+
// to every authenticated user). better-auth's own endpoints read via a
|
|
3683
|
+
// system context, so SCIM provisioning is unaffected.
|
|
3684
|
+
requiredPermissions: ["manage_platform_settings"],
|
|
3647
3685
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
|
|
3648
3686
|
protection: {
|
|
3649
3687
|
lock: "full",
|