@objectstack/platform-objects 12.6.0 → 13.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.js +31 -11
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +31 -11
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +90 -30
- package/dist/audit/index.d.ts +90 -30
- package/dist/identity/index.d.mts +229 -81
- package/dist/identity/index.d.ts +229 -81
- package/dist/identity/index.js +64 -26
- package/dist/identity/index.js.map +1 -1
- package/dist/identity/index.mjs +64 -26
- package/dist/identity/index.mjs.map +1 -1
- package/dist/index.js +104 -70
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +104 -70
- package/dist/index.mjs.map +1 -1
- package/dist/metadata-translations/index.js +0 -32
- package/dist/metadata-translations/index.js.map +1 -1
- package/dist/metadata-translations/index.mjs +0 -32
- package/dist/metadata-translations/index.mjs.map +1 -1
- package/dist/pages/index.d.mts +1 -1
- package/dist/pages/index.d.ts +1 -1
- package/dist/pages/index.js +1 -1
- package/dist/pages/index.js.map +1 -1
- package/dist/pages/index.mjs +1 -1
- package/dist/pages/index.mjs.map +1 -1
- package/dist/plugin.js +12 -40
- package/dist/plugin.js.map +1 -1
- package/dist/plugin.mjs +12 -40
- package/dist/plugin.mjs.map +1 -1
- package/dist/system/index.d.mts +30 -9
- package/dist/system/index.d.ts +30 -9
- package/dist/system/index.js +8 -0
- package/dist/system/index.js.map +1 -1
- package/dist/system/index.mjs +8 -0
- package/dist/system/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.mjs
CHANGED
|
@@ -37,13 +37,14 @@ var SysUser = ObjectSchema.create({
|
|
|
37
37
|
locations: ["list_toolbar"],
|
|
38
38
|
type: "api",
|
|
39
39
|
target: "/api/v1/auth/organization/invite-member",
|
|
40
|
-
//
|
|
41
|
-
//
|
|
42
|
-
//
|
|
43
|
-
//
|
|
44
|
-
//
|
|
45
|
-
//
|
|
46
|
-
|
|
40
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
41
|
+
// better-auth organization plugin is always mounted, and single-org
|
|
42
|
+
// mode now bootstraps a Default Organization (plugin-auth) so the
|
|
43
|
+
// endpoint's active-org resolution works there too. This is THE
|
|
44
|
+
// "add a teammate" affordance — the Users list is always reachable —
|
|
45
|
+
// and every add flows through better-auth invitations, never bespoke
|
|
46
|
+
// sys_user CRUD.
|
|
47
|
+
visible: "features.organization != false",
|
|
47
48
|
successMessage: "Invitation sent",
|
|
48
49
|
refreshAfter: true,
|
|
49
50
|
params: [
|
|
@@ -932,6 +933,12 @@ var SysVerification = ObjectSchema.create({
|
|
|
932
933
|
icon: "shield-check",
|
|
933
934
|
isSystem: true,
|
|
934
935
|
managedBy: "better-auth",
|
|
936
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
|
|
937
|
+
// (email/phone verification + password-reset tokens) — reading one is
|
|
938
|
+
// account takeover. Not covered by the wildcard `'*'` grant; admins retain
|
|
939
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
940
|
+
// (system context), so verification flows are unaffected.
|
|
941
|
+
access: { default: "private" },
|
|
935
942
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
936
943
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
937
944
|
// forbid sys_metadata overlays entirely.
|
|
@@ -1265,11 +1272,11 @@ var SysMember = ObjectSchema.create({
|
|
|
1265
1272
|
locations: ["list_toolbar"],
|
|
1266
1273
|
type: "api",
|
|
1267
1274
|
target: "/api/v1/auth/organization/add-member",
|
|
1268
|
-
//
|
|
1269
|
-
// endpoints resolve
|
|
1270
|
-
// mode
|
|
1271
|
-
//
|
|
1272
|
-
visible: "features.
|
|
1275
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
1276
|
+
// better-auth endpoints resolve the session's active org, which
|
|
1277
|
+
// single-org mode now guarantees via plugin-auth's default-org
|
|
1278
|
+
// bootstrap. Same gate on every membership mutation below.
|
|
1279
|
+
visible: "features.organization != false",
|
|
1273
1280
|
successMessage: "Member added",
|
|
1274
1281
|
refreshAfter: true,
|
|
1275
1282
|
params: [
|
|
@@ -1287,7 +1294,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1287
1294
|
type: "api",
|
|
1288
1295
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1289
1296
|
recordIdParam: "memberId",
|
|
1290
|
-
visible: "features.
|
|
1297
|
+
visible: "features.organization != false",
|
|
1291
1298
|
successMessage: "Member role updated",
|
|
1292
1299
|
refreshAfter: true,
|
|
1293
1300
|
params: [
|
|
@@ -1304,7 +1311,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1304
1311
|
type: "api",
|
|
1305
1312
|
target: "/api/v1/auth/organization/remove-member",
|
|
1306
1313
|
recordIdParam: "memberIdOrEmail",
|
|
1307
|
-
visible: "features.
|
|
1314
|
+
visible: "features.organization != false",
|
|
1308
1315
|
confirmText: "Remove this member from the organization? They will lose access to all org resources.",
|
|
1309
1316
|
successMessage: "Member removed",
|
|
1310
1317
|
refreshAfter: true
|
|
@@ -1326,7 +1333,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1326
1333
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1327
1334
|
recordIdParam: "memberId",
|
|
1328
1335
|
bodyExtra: { role: "owner" },
|
|
1329
|
-
visible: "record.role != 'owner' && features.
|
|
1336
|
+
visible: "record.role != 'owner' && features.organization != false",
|
|
1330
1337
|
confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
|
|
1331
1338
|
successMessage: "Ownership transferred",
|
|
1332
1339
|
refreshAfter: true
|
|
@@ -1434,7 +1441,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1434
1441
|
// sys_organization.create_organization). The recipient-side
|
|
1435
1442
|
// accept/reject actions below stay record-gated — they are
|
|
1436
1443
|
// unreachable in single-org anyway (no invitation rows exist).
|
|
1437
|
-
visible: "features.
|
|
1444
|
+
visible: "features.organization != false",
|
|
1438
1445
|
successMessage: "Invitation sent",
|
|
1439
1446
|
refreshAfter: true,
|
|
1440
1447
|
params: [
|
|
@@ -1452,7 +1459,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1452
1459
|
type: "api",
|
|
1453
1460
|
target: "/api/v1/auth/organization/cancel-invitation",
|
|
1454
1461
|
recordIdParam: "invitationId",
|
|
1455
|
-
visible: "features.
|
|
1462
|
+
visible: "features.organization != false",
|
|
1456
1463
|
confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
|
|
1457
1464
|
successMessage: "Invitation canceled",
|
|
1458
1465
|
refreshAfter: true
|
|
@@ -1466,7 +1473,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1466
1473
|
type: "api",
|
|
1467
1474
|
target: "/api/v1/auth/organization/invite-member",
|
|
1468
1475
|
bodyExtra: { resend: true },
|
|
1469
|
-
visible: "features.
|
|
1476
|
+
visible: "features.organization != false",
|
|
1470
1477
|
successMessage: "Invitation resent",
|
|
1471
1478
|
refreshAfter: true,
|
|
1472
1479
|
params: [
|
|
@@ -1656,7 +1663,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1656
1663
|
// Teams are nested inside organizations — a multi-org-only concept.
|
|
1657
1664
|
// Gate every team mutation on the multi-org flag so the affordances
|
|
1658
1665
|
// disappear in single-org (mirrors sys_organization.create_organization).
|
|
1659
|
-
visible: "features.
|
|
1666
|
+
visible: "features.organization != false",
|
|
1660
1667
|
successMessage: "Team created",
|
|
1661
1668
|
refreshAfter: true,
|
|
1662
1669
|
params: [
|
|
@@ -1677,7 +1684,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1677
1684
|
target: "/api/v1/auth/organization/update-team",
|
|
1678
1685
|
recordIdParam: "teamId",
|
|
1679
1686
|
bodyShape: { wrap: "data" },
|
|
1680
|
-
visible: "features.
|
|
1687
|
+
visible: "features.organization != false",
|
|
1681
1688
|
successMessage: "Team updated",
|
|
1682
1689
|
refreshAfter: true,
|
|
1683
1690
|
params: [
|
|
@@ -1696,7 +1703,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1696
1703
|
type: "api",
|
|
1697
1704
|
target: "/api/v1/auth/organization/remove-team",
|
|
1698
1705
|
recordIdParam: "teamId",
|
|
1699
|
-
visible: "features.
|
|
1706
|
+
visible: "features.organization != false",
|
|
1700
1707
|
confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
|
|
1701
1708
|
successMessage: "Team deleted",
|
|
1702
1709
|
refreshAfter: true
|
|
@@ -1810,7 +1817,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1810
1817
|
// Team membership lives under organizations — multi-org-only. Gate
|
|
1811
1818
|
// both mutations so they vanish in single-org (mirrors
|
|
1812
1819
|
// sys_organization.create_organization).
|
|
1813
|
-
visible: "features.
|
|
1820
|
+
visible: "features.organization != false",
|
|
1814
1821
|
successMessage: "Team member added",
|
|
1815
1822
|
refreshAfter: true,
|
|
1816
1823
|
params: [
|
|
@@ -1831,7 +1838,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1831
1838
|
locations: ["list_item"],
|
|
1832
1839
|
type: "api",
|
|
1833
1840
|
target: "/api/v1/auth/organization/remove-team-member",
|
|
1834
|
-
visible: "features.
|
|
1841
|
+
visible: "features.organization != false",
|
|
1835
1842
|
confirmText: "Remove this user from the team? They will lose any team-scoped access.",
|
|
1836
1843
|
successMessage: "Team member removed",
|
|
1837
1844
|
refreshAfter: true,
|
|
@@ -2069,7 +2076,7 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2069
2076
|
managedBy: "platform",
|
|
2070
2077
|
description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
|
|
2071
2078
|
titleFormat: "{user_id} in {business_unit_id}",
|
|
2072
|
-
highlightFields: ["user_id", "business_unit_id", "
|
|
2079
|
+
highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
|
|
2073
2080
|
fields: {
|
|
2074
2081
|
id: Field.text({
|
|
2075
2082
|
label: "Member ID",
|
|
@@ -2087,10 +2094,10 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2087
2094
|
required: true,
|
|
2088
2095
|
group: "Assignment"
|
|
2089
2096
|
}),
|
|
2090
|
-
|
|
2097
|
+
function_in_business_unit: Field.select(
|
|
2091
2098
|
["member", "lead", "deputy"],
|
|
2092
2099
|
{
|
|
2093
|
-
label: "
|
|
2100
|
+
label: "Function in Business Unit",
|
|
2094
2101
|
required: false,
|
|
2095
2102
|
defaultValue: "member",
|
|
2096
2103
|
description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
@@ -2494,6 +2501,12 @@ var SysDeviceCode = ObjectSchema.create({
|
|
|
2494
2501
|
icon: "key-round",
|
|
2495
2502
|
isSystem: true,
|
|
2496
2503
|
managedBy: "better-auth",
|
|
2504
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
|
|
2505
|
+
// codes — reading `user_code`/`device_code` lets an attacker hijack a
|
|
2506
|
+
// pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
|
|
2507
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
2508
|
+
// (system context), so the device-grant flow is unaffected.
|
|
2509
|
+
access: { default: "private" },
|
|
2497
2510
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
2498
2511
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
2499
2512
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3089,6 +3102,11 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3089
3102
|
icon: "ticket",
|
|
3090
3103
|
isSystem: true,
|
|
3091
3104
|
managedBy: "better-auth",
|
|
3105
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
|
|
3106
|
+
// reading one is session hijack. Not covered by the wildcard `'*'` grant;
|
|
3107
|
+
// admins retain access via the superuser bypass; better-auth reads via its
|
|
3108
|
+
// adapter (system context), so OAuth flows are unaffected.
|
|
3109
|
+
access: { default: "private" },
|
|
3092
3110
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3093
3111
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3094
3112
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3175,6 +3193,11 @@ var SysOauthRefreshToken = ObjectSchema.create({
|
|
|
3175
3193
|
icon: "refresh-cw",
|
|
3176
3194
|
isSystem: true,
|
|
3177
3195
|
managedBy: "better-auth",
|
|
3196
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
|
|
3197
|
+
// a refresh token mints new access tokens. Not covered by the wildcard `'*'`
|
|
3198
|
+
// grant; admins retain access via the superuser bypass; better-auth reads
|
|
3199
|
+
// via its adapter (system context), so OAuth flows are unaffected.
|
|
3200
|
+
access: { default: "private" },
|
|
3178
3201
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3179
3202
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3180
3203
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3333,6 +3356,13 @@ var SysJwks = ObjectSchema.create({
|
|
|
3333
3356
|
icon: "key",
|
|
3334
3357
|
isSystem: true,
|
|
3335
3358
|
managedBy: "better-auth",
|
|
3359
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
|
|
3360
|
+
// KEYS (private key material). Not covered by the wildcard `'*'` grant — an
|
|
3361
|
+
// ordinary member gets 403 from the generic data layer. Platform admins
|
|
3362
|
+
// (viewAllRecords/modifyAllRecords) retain access via the posture-gated
|
|
3363
|
+
// superuser bypass; better-auth itself reads via its adapter (system
|
|
3364
|
+
// context), so token signing/verification is unaffected.
|
|
3365
|
+
access: { default: "private" },
|
|
3336
3366
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3337
3367
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3338
3368
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3646,6 +3676,14 @@ var SysScimProvider = ObjectSchema.create({
|
|
|
3646
3676
|
icon: "users",
|
|
3647
3677
|
isSystem: true,
|
|
3648
3678
|
managedBy: "better-auth",
|
|
3679
|
+
// [ADR-0066 D3/④] Admin-only identity config carrying a live credential
|
|
3680
|
+
// (`scim_token` — the bearer external IdPs authenticate provisioning calls
|
|
3681
|
+
// with). Object-level capability gate, mirroring the sibling
|
|
3682
|
+
// `sys_sso_provider`: ordinary members are denied entirely (without it, the
|
|
3683
|
+
// `member_default` wildcard `'*': allowRead` would expose SCIM connections
|
|
3684
|
+
// to every authenticated user). better-auth's own endpoints read via a
|
|
3685
|
+
// system context, so SCIM provisioning is unaffected.
|
|
3686
|
+
requiredPermissions: ["manage_platform_settings"],
|
|
3649
3687
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
|
|
3650
3688
|
protection: {
|
|
3651
3689
|
lock: "full",
|
|
@@ -4934,6 +4972,14 @@ var SysSecret = ObjectSchema.create({
|
|
|
4934
4972
|
icon: "key",
|
|
4935
4973
|
isSystem: true,
|
|
4936
4974
|
managedBy: "system",
|
|
4975
|
+
// [ADR-0066 D2/④] Secure-by-default: the environment's encrypted-secrets
|
|
4976
|
+
// store (settings/datasource credentials). Not covered by the wildcard `'*'`
|
|
4977
|
+
// grant — ordinary members get 403 from the generic data layer. Platform
|
|
4978
|
+
// admins retain access via the posture-gated superuser bypass. Internal
|
|
4979
|
+
// readers are unaffected: `engine.resolveSecret` reads at DRIVER level,
|
|
4980
|
+
// SettingsService / the datasource secret-binder read with no principal
|
|
4981
|
+
// (middleware falls open for principal-less internal calls).
|
|
4982
|
+
access: { default: "private" },
|
|
4937
4983
|
description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
|
|
4938
4984
|
highlightFields: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
|
|
4939
4985
|
listViews: {
|
|
@@ -5281,10 +5327,22 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5281
5327
|
priority: BASE_PRIORITY,
|
|
5282
5328
|
items: [
|
|
5283
5329
|
{ id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
|
|
5330
|
+
// The ACTIVE organization's record page (Members / Invitations / Teams
|
|
5331
|
+
// tabs with the better-auth row actions), rendered inside the app shell
|
|
5332
|
+
// (ADR-0081). `{current_org_id}` resolves from the session's active
|
|
5333
|
+
// organization; unresolved (e.g. org-less admin before bootstrap) it
|
|
5334
|
+
// falls back to the sys_organization list — one row in single-org.
|
|
5335
|
+
{ id: "nav_organization", type: "object", label: "Organization", objectName: "sys_organization", recordId: "{current_org_id}", icon: "building-2" },
|
|
5284
5336
|
{ id: "nav_business_units", type: "object", label: "Business Units", objectName: "sys_business_unit", icon: "building", requiresObject: "sys_business_unit" },
|
|
5285
|
-
|
|
5337
|
+
// Teams / Invitations no longer gate on `org-scoping` (ADR-0081 D1):
|
|
5338
|
+
// the better-auth organization capability is always mounted, and
|
|
5339
|
+
// plugin-auth's single-org default-org bootstrap guarantees an org to
|
|
5340
|
+
// invite into — these are the OPEN member-management basics. Only the
|
|
5341
|
+
// org LIST below keeps the gate: browsing organizations is meaningful
|
|
5342
|
+
// only when more than one can exist (enterprise multi-org).
|
|
5343
|
+
{ id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
|
|
5286
5344
|
{ id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2", requiresService: "org-scoping" },
|
|
5287
|
-
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail"
|
|
5345
|
+
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
|
|
5288
5346
|
]
|
|
5289
5347
|
},
|
|
5290
5348
|
{
|
|
@@ -5346,7 +5404,11 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5346
5404
|
priority: BASE_PRIORITY,
|
|
5347
5405
|
items: [
|
|
5348
5406
|
{ id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
|
|
5349
|
-
|
|
5407
|
+
// nav_jwks is capability-gated (like nav_api_keys): sys_jwks is
|
|
5408
|
+
// `access.default:'private'` (ADR-0066 ④ — signing keys), so a
|
|
5409
|
+
// non-admin's list request 403s server-side; gating the nav item keeps
|
|
5410
|
+
// the menu honest instead of showing an entry that can only error.
|
|
5411
|
+
{ id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round", requiredPermissions: ["manage_platform_settings"] },
|
|
5350
5412
|
// `sys_verification` (email/phone tokens) and `sys_device_code` (OAuth
|
|
5351
5413
|
// device-grant codes) deliberately omit `list` from their `apiMethods`
|
|
5352
5414
|
// (sensitive, ephemeral secrets — not browsable), so an object/list-view
|
|
@@ -6685,8 +6747,8 @@ var enObjects = {
|
|
|
6685
6747
|
user_id: {
|
|
6686
6748
|
label: "User"
|
|
6687
6749
|
},
|
|
6688
|
-
|
|
6689
|
-
label: "
|
|
6750
|
+
function_in_business_unit: {
|
|
6751
|
+
label: "Function in Business Unit",
|
|
6690
6752
|
help: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
6691
6753
|
options: {
|
|
6692
6754
|
member: "member",
|
|
@@ -8638,6 +8700,7 @@ var en = {
|
|
|
8638
8700
|
nav_marketplace_installed: { label: "Installed Apps" },
|
|
8639
8701
|
// People & Organization
|
|
8640
8702
|
nav_users: { label: "Users" },
|
|
8703
|
+
nav_organization: { label: "Organization" },
|
|
8641
8704
|
nav_business_units: { label: "Business Units" },
|
|
8642
8705
|
nav_teams: { label: "Teams" },
|
|
8643
8706
|
nav_organizations: { label: "Organizations" },
|
|
@@ -9431,8 +9494,8 @@ var zhCNObjects = {
|
|
|
9431
9494
|
user_id: {
|
|
9432
9495
|
label: "\u7528\u6237"
|
|
9433
9496
|
},
|
|
9434
|
-
|
|
9435
|
-
label: "\u4E1A\u52A1\u5355\u5143\u5185\
|
|
9497
|
+
function_in_business_unit: {
|
|
9498
|
+
label: "\u4E1A\u52A1\u5355\u5143\u5185\u804C\u80FD",
|
|
9436
9499
|
help: "`lead` \u8868\u793A\u65E5\u5E38\u8D1F\u8D23\u4EBA\uFF1B`deputy` \u53EF\u5728\u5BA1\u6279\u8DEF\u7531\u4E2D\u4EE3\u66FF\u8D1F\u8D23\u4EBA\u3002",
|
|
9437
9500
|
options: {
|
|
9438
9501
|
member: "\u6210\u5458",
|
|
@@ -11381,6 +11444,7 @@ var zhCN = {
|
|
|
11381
11444
|
group_advanced: { label: "\u9AD8\u7EA7" },
|
|
11382
11445
|
nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
|
|
11383
11446
|
nav_users: { label: "\u7528\u6237" },
|
|
11447
|
+
nav_organization: { label: "\u7EC4\u7EC7" },
|
|
11384
11448
|
nav_business_units: { label: "\u4E1A\u52A1\u5355\u5143" },
|
|
11385
11449
|
nav_teams: { label: "\u56E2\u961F" },
|
|
11386
11450
|
nav_organizations: { label: "\u7EC4\u7EC7" },
|
|
@@ -12140,8 +12204,8 @@ var jaJPObjects = {
|
|
|
12140
12204
|
user_id: {
|
|
12141
12205
|
label: "\u30E6\u30FC\u30B6\u30FC"
|
|
12142
12206
|
},
|
|
12143
|
-
|
|
12144
|
-
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\
|
|
12207
|
+
function_in_business_unit: {
|
|
12208
|
+
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u306E\u8077\u80FD",
|
|
12145
12209
|
help: "`lead` \u306F\u65E5\u5E38\u306E\u8CAC\u4EFB\u8005\u3001`deputy` \u306F\u627F\u8A8D\u30EB\u30FC\u30C6\u30A3\u30F3\u30B0\u3067\u30EA\u30FC\u30C9\u306E\u4EE3\u7406\u3092\u52D9\u3081\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002",
|
|
12146
12210
|
options: {
|
|
12147
12211
|
member: "\u30E1\u30F3\u30D0\u30FC",
|
|
@@ -14089,6 +14153,7 @@ var jaJP = {
|
|
|
14089
14153
|
group_advanced: { label: "\u8A73\u7D30" },
|
|
14090
14154
|
nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
|
|
14091
14155
|
nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
|
|
14156
|
+
nav_organization: { label: "\u7D44\u7E54" },
|
|
14092
14157
|
nav_business_units: { label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8" },
|
|
14093
14158
|
nav_teams: { label: "\u30C1\u30FC\u30E0" },
|
|
14094
14159
|
nav_organizations: { label: "\u7D44\u7E54" },
|
|
@@ -14846,8 +14911,8 @@ var esESObjects = {
|
|
|
14846
14911
|
user_id: {
|
|
14847
14912
|
label: "Usuario"
|
|
14848
14913
|
},
|
|
14849
|
-
|
|
14850
|
-
label: "
|
|
14914
|
+
function_in_business_unit: {
|
|
14915
|
+
label: "Funci\xF3n en la unidad de negocio",
|
|
14851
14916
|
help: "`lead` es el responsable del d\xEDa a d\xEDa; `deputy` puede sustituir al responsable en el enrutamiento de aprobaciones.",
|
|
14852
14917
|
options: {
|
|
14853
14918
|
member: "Miembro",
|
|
@@ -16795,6 +16860,7 @@ var esES = {
|
|
|
16795
16860
|
group_advanced: { label: "Avanzado" },
|
|
16796
16861
|
nav_system_overview: { label: "Resumen del Sistema" },
|
|
16797
16862
|
nav_users: { label: "Usuarios" },
|
|
16863
|
+
nav_organization: { label: "Organizaci\xF3n" },
|
|
16798
16864
|
nav_business_units: { label: "Unidades de negocio" },
|
|
16799
16865
|
nav_teams: { label: "Equipos" },
|
|
16800
16866
|
nav_organizations: { label: "Organizaciones" },
|
|
@@ -17044,7 +17110,7 @@ var SysUserDetailPage = {
|
|
|
17044
17110
|
},
|
|
17045
17111
|
// ── Tabs: curated related lists ───────────────────────────────
|
|
17046
17112
|
// Only the 4 lists that are semantically about THIS user account.
|
|
17047
|
-
// Everything else (
|
|
17113
|
+
// Everything else (sys_position created_by, sys_email_template
|
|
17048
17114
|
// updated_by, …) is incidental authorship metadata and would only
|
|
17049
17115
|
// create noise.
|
|
17050
17116
|
tabs: {
|
|
@@ -18564,10 +18630,6 @@ var enMetadataForms = {
|
|
|
18564
18630
|
label: "Label",
|
|
18565
18631
|
helpText: "Display label for admins"
|
|
18566
18632
|
},
|
|
18567
|
-
isProfile: {
|
|
18568
|
-
label: "Is Profile",
|
|
18569
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18570
|
-
},
|
|
18571
18633
|
systemPermissions: {
|
|
18572
18634
|
label: "System Permissions",
|
|
18573
18635
|
helpText: "List of system capability keys"
|
|
@@ -18623,10 +18685,6 @@ var enMetadataForms = {
|
|
|
18623
18685
|
label: "Label",
|
|
18624
18686
|
helpText: "Display label for admins"
|
|
18625
18687
|
},
|
|
18626
|
-
isProfile: {
|
|
18627
|
-
label: "Is Profile",
|
|
18628
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18629
|
-
},
|
|
18630
18688
|
systemPermissions: {
|
|
18631
18689
|
label: "System Permissions",
|
|
18632
18690
|
helpText: "List of system capability keys"
|
|
@@ -20202,10 +20260,6 @@ var zhCNMetadataForms = {
|
|
|
20202
20260
|
label: "\u663E\u793A\u540D\u79F0",
|
|
20203
20261
|
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u7684\u663E\u793A\u6807\u7B7E"
|
|
20204
20262
|
},
|
|
20205
|
-
isProfile: {
|
|
20206
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20207
|
-
helpText: "\u52FE\u9009\u540E\u4F5C\u4E3A\u5B8C\u6574\u914D\u7F6E\u6587\u4EF6\uFF08\u800C\u975E\u9644\u52A0\u6743\u9650\u96C6\uFF09"
|
|
20208
|
-
},
|
|
20209
20263
|
systemPermissions: {
|
|
20210
20264
|
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20211
20265
|
helpText: "\u5E94\u7528\u8BBF\u95EE\u3001API\u3001\u7BA1\u7406\u64CD\u4F5C"
|
|
@@ -20261,10 +20315,6 @@ var zhCNMetadataForms = {
|
|
|
20261
20315
|
label: "\u663E\u793A\u540D\u79F0",
|
|
20262
20316
|
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
|
|
20263
20317
|
},
|
|
20264
|
-
isProfile: {
|
|
20265
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20266
|
-
helpText: "\u914D\u7F6E\u6587\u4EF6 = \u5206\u914D\u7ED9\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002\u6743\u9650\u96C6 = \u9644\u52A0\u6388\u4E88\u3002"
|
|
20267
|
-
},
|
|
20268
20318
|
systemPermissions: {
|
|
20269
20319
|
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20270
20320
|
helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
|
|
@@ -21840,10 +21890,6 @@ var jaJPMetadataForms = {
|
|
|
21840
21890
|
label: "\u8868\u793A\u540D",
|
|
21841
21891
|
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21842
21892
|
},
|
|
21843
|
-
isProfile: {
|
|
21844
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21845
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21846
|
-
},
|
|
21847
21893
|
systemPermissions: {
|
|
21848
21894
|
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21849
21895
|
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
@@ -21899,10 +21945,6 @@ var jaJPMetadataForms = {
|
|
|
21899
21945
|
label: "\u8868\u793A\u540D",
|
|
21900
21946
|
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21901
21947
|
},
|
|
21902
|
-
isProfile: {
|
|
21903
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21904
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21905
|
-
},
|
|
21906
21948
|
systemPermissions: {
|
|
21907
21949
|
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21908
21950
|
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
@@ -23478,10 +23520,6 @@ var esESMetadataForms = {
|
|
|
23478
23520
|
label: "Etiqueta",
|
|
23479
23521
|
helpText: "Etiqueta mostrada para administradores"
|
|
23480
23522
|
},
|
|
23481
|
-
isProfile: {
|
|
23482
|
-
label: "Es perfil",
|
|
23483
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23484
|
-
},
|
|
23485
23523
|
systemPermissions: {
|
|
23486
23524
|
label: "Permisos del sistema",
|
|
23487
23525
|
helpText: "Lista de claves de capacidades del sistema"
|
|
@@ -23537,10 +23575,6 @@ var esESMetadataForms = {
|
|
|
23537
23575
|
label: "Etiqueta",
|
|
23538
23576
|
helpText: "Etiqueta mostrada para administradores"
|
|
23539
23577
|
},
|
|
23540
|
-
isProfile: {
|
|
23541
|
-
label: "Es perfil",
|
|
23542
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23543
|
-
},
|
|
23544
23578
|
systemPermissions: {
|
|
23545
23579
|
label: "Permisos del sistema",
|
|
23546
23580
|
helpText: "Lista de claves de capacidades del sistema"
|