@objectstack/platform-objects 12.6.0 → 14.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.d.mts +1 -1
- package/dist/apps/index.d.ts +1 -1
- package/dist/apps/index.js +38 -17
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +38 -17
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +90 -30
- package/dist/audit/index.d.ts +90 -30
- package/dist/identity/index.d.mts +1057 -280
- package/dist/identity/index.d.ts +1057 -280
- package/dist/identity/index.js +184 -29
- package/dist/identity/index.js.map +1 -1
- package/dist/identity/index.mjs +184 -29
- package/dist/identity/index.mjs.map +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +362 -335
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +362 -336
- package/dist/index.mjs.map +1 -1
- package/dist/metadata-translations/index.js +20 -288
- package/dist/metadata-translations/index.js.map +1 -1
- package/dist/metadata-translations/index.mjs +20 -288
- package/dist/metadata-translations/index.mjs.map +1 -1
- package/dist/pages/index.d.mts +35 -4
- package/dist/pages/index.d.ts +35 -4
- package/dist/pages/index.js +112 -1
- package/dist/pages/index.js.map +1 -1
- package/dist/pages/index.mjs +112 -2
- package/dist/pages/index.mjs.map +1 -1
- package/dist/plugin.js +37 -300
- package/dist/plugin.js.map +1 -1
- package/dist/plugin.mjs +37 -300
- package/dist/plugin.mjs.map +1 -1
- package/dist/system/index.d.mts +30 -9
- package/dist/system/index.d.ts +30 -9
- package/dist/system/index.js +8 -0
- package/dist/system/index.js.map +1 -1
- package/dist/system/index.mjs +8 -0
- package/dist/system/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.mjs
CHANGED
|
@@ -37,13 +37,14 @@ var SysUser = ObjectSchema.create({
|
|
|
37
37
|
locations: ["list_toolbar"],
|
|
38
38
|
type: "api",
|
|
39
39
|
target: "/api/v1/auth/organization/invite-member",
|
|
40
|
-
//
|
|
41
|
-
//
|
|
42
|
-
//
|
|
43
|
-
//
|
|
44
|
-
//
|
|
45
|
-
//
|
|
46
|
-
|
|
40
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
41
|
+
// better-auth organization plugin is always mounted, and single-org
|
|
42
|
+
// mode now bootstraps a Default Organization (plugin-auth) so the
|
|
43
|
+
// endpoint's active-org resolution works there too. This is THE
|
|
44
|
+
// "add a teammate" affordance — the Users list is always reachable —
|
|
45
|
+
// and every add flows through better-auth invitations, never bespoke
|
|
46
|
+
// sys_user CRUD.
|
|
47
|
+
visible: "features.organization != false",
|
|
47
48
|
successMessage: "Invitation sent",
|
|
48
49
|
refreshAfter: true,
|
|
49
50
|
params: [
|
|
@@ -102,6 +103,62 @@ var SysUser = ObjectSchema.create({
|
|
|
102
103
|
successMessage: "Account unlocked",
|
|
103
104
|
refreshAfter: true
|
|
104
105
|
},
|
|
106
|
+
{
|
|
107
|
+
// #2766 V1 — a platform admin can add a login-capable teammate without
|
|
108
|
+
// the email-dependent invite flow. Hits the plugin-auth wrapper route
|
|
109
|
+
// (NOT better-auth's stock /admin/create-user): the wrapper runs the
|
|
110
|
+
// ADR-0068 admin gate, drives the better-auth pipeline (scrypt hash +
|
|
111
|
+
// credential sys_account), stamps must_change_password, and — when
|
|
112
|
+
// "Generate temporary password" is picked — returns the password ONCE
|
|
113
|
+
// in the response for the result dialog. It is never persisted or logged.
|
|
114
|
+
name: "create_user",
|
|
115
|
+
label: "Create User",
|
|
116
|
+
icon: "user-plus",
|
|
117
|
+
variant: "secondary",
|
|
118
|
+
locations: ["list_toolbar"],
|
|
119
|
+
type: "api",
|
|
120
|
+
target: "/api/v1/auth/admin/create-user",
|
|
121
|
+
visible: "features.admin == true",
|
|
122
|
+
successMessage: "User created",
|
|
123
|
+
refreshAfter: true,
|
|
124
|
+
params: [
|
|
125
|
+
// The endpoint requires email OR phone (phone-only users get a
|
|
126
|
+
// placeholder address; requires auth.plugins.phoneNumber).
|
|
127
|
+
{ field: "email", required: false },
|
|
128
|
+
{
|
|
129
|
+
name: "phoneNumber",
|
|
130
|
+
label: "Phone Number",
|
|
131
|
+
type: "text",
|
|
132
|
+
required: false,
|
|
133
|
+
helpText: "Sign-in phone number (E.164, e.g. +8613800000000). Required when no email is given."
|
|
134
|
+
},
|
|
135
|
+
{ field: "name", required: false },
|
|
136
|
+
{
|
|
137
|
+
name: "generatePassword",
|
|
138
|
+
label: "Generate Temporary Password",
|
|
139
|
+
type: "boolean",
|
|
140
|
+
required: false,
|
|
141
|
+
defaultValue: true
|
|
142
|
+
},
|
|
143
|
+
{ name: "password", label: "Password (leave empty to generate)", type: "text", required: false },
|
|
144
|
+
{
|
|
145
|
+
name: "mustChangePassword",
|
|
146
|
+
label: "Require Password Change On First Login",
|
|
147
|
+
type: "boolean",
|
|
148
|
+
required: false,
|
|
149
|
+
defaultValue: true
|
|
150
|
+
}
|
|
151
|
+
],
|
|
152
|
+
resultDialog: {
|
|
153
|
+
title: "User Created",
|
|
154
|
+
description: "Copy the temporary password now \u2014 it is shown only once and never stored.",
|
|
155
|
+
acknowledge: "I have saved this password",
|
|
156
|
+
fields: [
|
|
157
|
+
{ path: "user.email", label: "Email", format: "text" },
|
|
158
|
+
{ path: "temporaryPassword", label: "Temporary Password", format: "secret" }
|
|
159
|
+
]
|
|
160
|
+
}
|
|
161
|
+
},
|
|
105
162
|
{
|
|
106
163
|
name: "set_user_password",
|
|
107
164
|
label: "Set Password",
|
|
@@ -109,13 +166,40 @@ var SysUser = ObjectSchema.create({
|
|
|
109
166
|
variant: "secondary",
|
|
110
167
|
locations: ["list_item"],
|
|
111
168
|
type: "api",
|
|
169
|
+
// #2766 V1 — same path as better-auth's stock route, but served by the
|
|
170
|
+
// plugin-auth wrapper registered ahead of the catch-all: it accepts the
|
|
171
|
+
// ADR-0068 platform-admin signals (the stock handler only honors the
|
|
172
|
+
// legacy role scalar), can mint a temporary password, and stamps
|
|
173
|
+
// must_change_password.
|
|
112
174
|
target: "/api/v1/auth/admin/set-user-password",
|
|
113
175
|
recordIdParam: "userId",
|
|
114
176
|
successMessage: "Password updated",
|
|
115
177
|
refreshAfter: false,
|
|
116
178
|
params: [
|
|
117
|
-
{
|
|
118
|
-
|
|
179
|
+
{
|
|
180
|
+
name: "generatePassword",
|
|
181
|
+
label: "Generate Temporary Password",
|
|
182
|
+
type: "boolean",
|
|
183
|
+
required: false,
|
|
184
|
+
defaultValue: false
|
|
185
|
+
},
|
|
186
|
+
{ name: "newPassword", label: "New Password (leave empty to generate)", type: "text", required: false },
|
|
187
|
+
{
|
|
188
|
+
name: "mustChangePassword",
|
|
189
|
+
label: "Require Password Change On Next Login",
|
|
190
|
+
type: "boolean",
|
|
191
|
+
required: false,
|
|
192
|
+
defaultValue: true
|
|
193
|
+
}
|
|
194
|
+
],
|
|
195
|
+
resultDialog: {
|
|
196
|
+
title: "Password Updated",
|
|
197
|
+
description: "If a temporary password was generated, copy it now \u2014 it is shown only once and never stored.",
|
|
198
|
+
acknowledge: "Done",
|
|
199
|
+
fields: [
|
|
200
|
+
{ path: "temporaryPassword", label: "Temporary Password", format: "secret" }
|
|
201
|
+
]
|
|
202
|
+
}
|
|
119
203
|
},
|
|
120
204
|
{
|
|
121
205
|
name: "set_user_role",
|
|
@@ -434,6 +518,37 @@ var SysUser = ObjectSchema.create({
|
|
|
434
518
|
group: "Admin",
|
|
435
519
|
description: "Timestamp of the last password change. Backs password_expiry_days; system-managed."
|
|
436
520
|
}),
|
|
521
|
+
// #2766 V1.5 — phone-number sign-in identifier (better-auth phoneNumber
|
|
522
|
+
// plugin, mapped via buildPhoneNumberPluginSchema). Unique when present;
|
|
523
|
+
// null for email-only accounts. Written through better-auth, not CRUD.
|
|
524
|
+
phone_number: Field.text({
|
|
525
|
+
label: "Phone Number",
|
|
526
|
+
required: false,
|
|
527
|
+
readonly: true,
|
|
528
|
+
searchable: true,
|
|
529
|
+
maxLength: 32,
|
|
530
|
+
group: "Account",
|
|
531
|
+
description: "Sign-in phone number (E.164 recommended). Unique per user; managed by better-auth when the phoneNumber plugin is enabled."
|
|
532
|
+
}),
|
|
533
|
+
phone_number_verified: Field.boolean({
|
|
534
|
+
label: "Phone Verified",
|
|
535
|
+
defaultValue: false,
|
|
536
|
+
readonly: true,
|
|
537
|
+
group: "Account",
|
|
538
|
+
description: "Whether the phone number has been verified (OTP verification requires SMS infrastructure; false until that ships). System-managed."
|
|
539
|
+
}),
|
|
540
|
+
// #2766 V1 — admin-issued "must change password on next sign-in" flag.
|
|
541
|
+
// Set by the /admin/create-user and /admin/set-user-password routes when
|
|
542
|
+
// a temporary password is issued; enforced through the ADR-0069 authGate
|
|
543
|
+
// (surfaces as PASSWORD_EXPIRED); cleared by stampPasswordChangedAt once
|
|
544
|
+
// the user completes a password change.
|
|
545
|
+
must_change_password: Field.boolean({
|
|
546
|
+
label: "Must Change Password",
|
|
547
|
+
defaultValue: false,
|
|
548
|
+
readonly: true,
|
|
549
|
+
group: "Admin",
|
|
550
|
+
description: "When true, the user is blocked (403 PASSWORD_EXPIRED) until they change their password. Stamped by the admin user-management routes; system-managed."
|
|
551
|
+
}),
|
|
437
552
|
// ADR-0069 D3 — when enforced MFA first applied to this user; starts the
|
|
438
553
|
// grace clock. Stamped lazily at session validation; system-managed.
|
|
439
554
|
mfa_required_at: Field.datetime({
|
|
@@ -531,7 +646,10 @@ var SysUser = ObjectSchema.create({
|
|
|
531
646
|
},
|
|
532
647
|
indexes: [
|
|
533
648
|
{ fields: ["email"], unique: true },
|
|
534
|
-
{ fields: ["created_at"], unique: false }
|
|
649
|
+
{ fields: ["created_at"], unique: false },
|
|
650
|
+
// #2766 V1.5 — phone sign-in identifier; unique when present (null for
|
|
651
|
+
// email-only accounts), also the upsert match key for identity import.
|
|
652
|
+
{ fields: ["phone_number"], unique: true }
|
|
535
653
|
],
|
|
536
654
|
enable: {
|
|
537
655
|
trackHistory: true,
|
|
@@ -932,6 +1050,12 @@ var SysVerification = ObjectSchema.create({
|
|
|
932
1050
|
icon: "shield-check",
|
|
933
1051
|
isSystem: true,
|
|
934
1052
|
managedBy: "better-auth",
|
|
1053
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE one-time credentials
|
|
1054
|
+
// (email/phone verification + password-reset tokens) — reading one is
|
|
1055
|
+
// account takeover. Not covered by the wildcard `'*'` grant; admins retain
|
|
1056
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
1057
|
+
// (system context), so verification flows are unaffected.
|
|
1058
|
+
access: { default: "private" },
|
|
935
1059
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
936
1060
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
937
1061
|
// forbid sys_metadata overlays entirely.
|
|
@@ -1265,11 +1389,11 @@ var SysMember = ObjectSchema.create({
|
|
|
1265
1389
|
locations: ["list_toolbar"],
|
|
1266
1390
|
type: "api",
|
|
1267
1391
|
target: "/api/v1/auth/organization/add-member",
|
|
1268
|
-
//
|
|
1269
|
-
// endpoints resolve
|
|
1270
|
-
// mode
|
|
1271
|
-
//
|
|
1272
|
-
visible: "features.
|
|
1392
|
+
// Gated on the org CAPABILITY, not multi-org (ADR-0081 D1): the
|
|
1393
|
+
// better-auth endpoints resolve the session's active org, which
|
|
1394
|
+
// single-org mode now guarantees via plugin-auth's default-org
|
|
1395
|
+
// bootstrap. Same gate on every membership mutation below.
|
|
1396
|
+
visible: "features.organization != false",
|
|
1273
1397
|
successMessage: "Member added",
|
|
1274
1398
|
refreshAfter: true,
|
|
1275
1399
|
params: [
|
|
@@ -1287,7 +1411,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1287
1411
|
type: "api",
|
|
1288
1412
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1289
1413
|
recordIdParam: "memberId",
|
|
1290
|
-
visible: "features.
|
|
1414
|
+
visible: "features.organization != false",
|
|
1291
1415
|
successMessage: "Member role updated",
|
|
1292
1416
|
refreshAfter: true,
|
|
1293
1417
|
params: [
|
|
@@ -1304,7 +1428,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1304
1428
|
type: "api",
|
|
1305
1429
|
target: "/api/v1/auth/organization/remove-member",
|
|
1306
1430
|
recordIdParam: "memberIdOrEmail",
|
|
1307
|
-
visible: "features.
|
|
1431
|
+
visible: "features.organization != false",
|
|
1308
1432
|
confirmText: "Remove this member from the organization? They will lose access to all org resources.",
|
|
1309
1433
|
successMessage: "Member removed",
|
|
1310
1434
|
refreshAfter: true
|
|
@@ -1326,7 +1450,7 @@ var SysMember = ObjectSchema.create({
|
|
|
1326
1450
|
target: "/api/v1/auth/organization/update-member-role",
|
|
1327
1451
|
recordIdParam: "memberId",
|
|
1328
1452
|
bodyExtra: { role: "owner" },
|
|
1329
|
-
visible: "record.role != 'owner' && features.
|
|
1453
|
+
visible: "record.role != 'owner' && features.organization != false",
|
|
1330
1454
|
confirmText: "Transfer ownership of this organization to the selected member? You will be demoted to admin and lose owner-only privileges.",
|
|
1331
1455
|
successMessage: "Ownership transferred",
|
|
1332
1456
|
refreshAfter: true
|
|
@@ -1434,7 +1558,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1434
1558
|
// sys_organization.create_organization). The recipient-side
|
|
1435
1559
|
// accept/reject actions below stay record-gated — they are
|
|
1436
1560
|
// unreachable in single-org anyway (no invitation rows exist).
|
|
1437
|
-
visible: "features.
|
|
1561
|
+
visible: "features.organization != false",
|
|
1438
1562
|
successMessage: "Invitation sent",
|
|
1439
1563
|
refreshAfter: true,
|
|
1440
1564
|
params: [
|
|
@@ -1452,7 +1576,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1452
1576
|
type: "api",
|
|
1453
1577
|
target: "/api/v1/auth/organization/cancel-invitation",
|
|
1454
1578
|
recordIdParam: "invitationId",
|
|
1455
|
-
visible: "features.
|
|
1579
|
+
visible: "features.organization != false",
|
|
1456
1580
|
confirmText: "Cancel this invitation? The recipient will no longer be able to accept it.",
|
|
1457
1581
|
successMessage: "Invitation canceled",
|
|
1458
1582
|
refreshAfter: true
|
|
@@ -1466,7 +1590,7 @@ var SysInvitation = ObjectSchema.create({
|
|
|
1466
1590
|
type: "api",
|
|
1467
1591
|
target: "/api/v1/auth/organization/invite-member",
|
|
1468
1592
|
bodyExtra: { resend: true },
|
|
1469
|
-
visible: "features.
|
|
1593
|
+
visible: "features.organization != false",
|
|
1470
1594
|
successMessage: "Invitation resent",
|
|
1471
1595
|
refreshAfter: true,
|
|
1472
1596
|
params: [
|
|
@@ -1656,7 +1780,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1656
1780
|
// Teams are nested inside organizations — a multi-org-only concept.
|
|
1657
1781
|
// Gate every team mutation on the multi-org flag so the affordances
|
|
1658
1782
|
// disappear in single-org (mirrors sys_organization.create_organization).
|
|
1659
|
-
visible: "features.
|
|
1783
|
+
visible: "features.organization != false",
|
|
1660
1784
|
successMessage: "Team created",
|
|
1661
1785
|
refreshAfter: true,
|
|
1662
1786
|
params: [
|
|
@@ -1677,7 +1801,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1677
1801
|
target: "/api/v1/auth/organization/update-team",
|
|
1678
1802
|
recordIdParam: "teamId",
|
|
1679
1803
|
bodyShape: { wrap: "data" },
|
|
1680
|
-
visible: "features.
|
|
1804
|
+
visible: "features.organization != false",
|
|
1681
1805
|
successMessage: "Team updated",
|
|
1682
1806
|
refreshAfter: true,
|
|
1683
1807
|
params: [
|
|
@@ -1696,7 +1820,7 @@ var SysTeam = ObjectSchema.create({
|
|
|
1696
1820
|
type: "api",
|
|
1697
1821
|
target: "/api/v1/auth/organization/remove-team",
|
|
1698
1822
|
recordIdParam: "teamId",
|
|
1699
|
-
visible: "features.
|
|
1823
|
+
visible: "features.organization != false",
|
|
1700
1824
|
confirmText: "Delete this team? Members will lose any team-scoped access. This cannot be undone.",
|
|
1701
1825
|
successMessage: "Team deleted",
|
|
1702
1826
|
refreshAfter: true
|
|
@@ -1810,7 +1934,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1810
1934
|
// Team membership lives under organizations — multi-org-only. Gate
|
|
1811
1935
|
// both mutations so they vanish in single-org (mirrors
|
|
1812
1936
|
// sys_organization.create_organization).
|
|
1813
|
-
visible: "features.
|
|
1937
|
+
visible: "features.organization != false",
|
|
1814
1938
|
successMessage: "Team member added",
|
|
1815
1939
|
refreshAfter: true,
|
|
1816
1940
|
params: [
|
|
@@ -1831,7 +1955,7 @@ var SysTeamMember = ObjectSchema.create({
|
|
|
1831
1955
|
locations: ["list_item"],
|
|
1832
1956
|
type: "api",
|
|
1833
1957
|
target: "/api/v1/auth/organization/remove-team-member",
|
|
1834
|
-
visible: "features.
|
|
1958
|
+
visible: "features.organization != false",
|
|
1835
1959
|
confirmText: "Remove this user from the team? They will lose any team-scoped access.",
|
|
1836
1960
|
successMessage: "Team member removed",
|
|
1837
1961
|
refreshAfter: true,
|
|
@@ -2069,7 +2193,7 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2069
2193
|
managedBy: "platform",
|
|
2070
2194
|
description: "User assignment to a business unit (matrix-org friendly, effective-dated).",
|
|
2071
2195
|
titleFormat: "{user_id} in {business_unit_id}",
|
|
2072
|
-
highlightFields: ["user_id", "business_unit_id", "
|
|
2196
|
+
highlightFields: ["user_id", "business_unit_id", "function_in_business_unit", "is_primary"],
|
|
2073
2197
|
fields: {
|
|
2074
2198
|
id: Field.text({
|
|
2075
2199
|
label: "Member ID",
|
|
@@ -2087,10 +2211,10 @@ var SysBusinessUnitMember = ObjectSchema.create({
|
|
|
2087
2211
|
required: true,
|
|
2088
2212
|
group: "Assignment"
|
|
2089
2213
|
}),
|
|
2090
|
-
|
|
2214
|
+
function_in_business_unit: Field.select(
|
|
2091
2215
|
["member", "lead", "deputy"],
|
|
2092
2216
|
{
|
|
2093
|
-
label: "
|
|
2217
|
+
label: "Function in Business Unit",
|
|
2094
2218
|
required: false,
|
|
2095
2219
|
defaultValue: "member",
|
|
2096
2220
|
description: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
@@ -2494,6 +2618,12 @@ var SysDeviceCode = ObjectSchema.create({
|
|
|
2494
2618
|
icon: "key-round",
|
|
2495
2619
|
isSystem: true,
|
|
2496
2620
|
managedBy: "better-auth",
|
|
2621
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE pending device-grant
|
|
2622
|
+
// codes — reading `user_code`/`device_code` lets an attacker hijack a
|
|
2623
|
+
// pending CLI login. Not covered by the wildcard `'*'` grant; admins retain
|
|
2624
|
+
// access via the superuser bypass; better-auth reads via its adapter
|
|
2625
|
+
// (system context), so the device-grant flow is unaffected.
|
|
2626
|
+
access: { default: "private" },
|
|
2497
2627
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
2498
2628
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
2499
2629
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3089,6 +3219,11 @@ var SysOauthAccessToken = ObjectSchema.create({
|
|
|
3089
3219
|
icon: "ticket",
|
|
3090
3220
|
isSystem: true,
|
|
3091
3221
|
managedBy: "better-auth",
|
|
3222
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE bearer credentials —
|
|
3223
|
+
// reading one is session hijack. Not covered by the wildcard `'*'` grant;
|
|
3224
|
+
// admins retain access via the superuser bypass; better-auth reads via its
|
|
3225
|
+
// adapter (system context), so OAuth flows are unaffected.
|
|
3226
|
+
access: { default: "private" },
|
|
3092
3227
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3093
3228
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3094
3229
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3175,6 +3310,11 @@ var SysOauthRefreshToken = ObjectSchema.create({
|
|
|
3175
3310
|
icon: "refresh-cw",
|
|
3176
3311
|
isSystem: true,
|
|
3177
3312
|
managedBy: "better-auth",
|
|
3313
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are LIVE long-lived credentials —
|
|
3314
|
+
// a refresh token mints new access tokens. Not covered by the wildcard `'*'`
|
|
3315
|
+
// grant; admins retain access via the superuser bypass; better-auth reads
|
|
3316
|
+
// via its adapter (system context), so OAuth flows are unaffected.
|
|
3317
|
+
access: { default: "private" },
|
|
3178
3318
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3179
3319
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3180
3320
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3333,6 +3473,13 @@ var SysJwks = ObjectSchema.create({
|
|
|
3333
3473
|
icon: "key",
|
|
3334
3474
|
isSystem: true,
|
|
3335
3475
|
managedBy: "better-auth",
|
|
3476
|
+
// [ADR-0066 D2/④] Secure-by-default: rows are the environment's JWT SIGNING
|
|
3477
|
+
// KEYS (private key material). Not covered by the wildcard `'*'` grant — an
|
|
3478
|
+
// ordinary member gets 403 from the generic data layer. Platform admins
|
|
3479
|
+
// (viewAllRecords/modifyAllRecords) retain access via the posture-gated
|
|
3480
|
+
// superuser bypass; better-auth itself reads via its adapter (system
|
|
3481
|
+
// context), so token signing/verification is unaffected.
|
|
3482
|
+
access: { default: "private" },
|
|
3336
3483
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema,
|
|
3337
3484
|
// but may add overlay row-level config. Use `no-overlay` if you need to
|
|
3338
3485
|
// forbid sys_metadata overlays entirely.
|
|
@@ -3646,6 +3793,14 @@ var SysScimProvider = ObjectSchema.create({
|
|
|
3646
3793
|
icon: "users",
|
|
3647
3794
|
isSystem: true,
|
|
3648
3795
|
managedBy: "better-auth",
|
|
3796
|
+
// [ADR-0066 D3/④] Admin-only identity config carrying a live credential
|
|
3797
|
+
// (`scim_token` — the bearer external IdPs authenticate provisioning calls
|
|
3798
|
+
// with). Object-level capability gate, mirroring the sibling
|
|
3799
|
+
// `sys_sso_provider`: ordinary members are denied entirely (without it, the
|
|
3800
|
+
// `member_default` wildcard `'*': allowRead` would expose SCIM connections
|
|
3801
|
+
// to every authenticated user). better-auth's own endpoints read via a
|
|
3802
|
+
// system context, so SCIM provisioning is unaffected.
|
|
3803
|
+
requiredPermissions: ["manage_platform_settings"],
|
|
3649
3804
|
// ADR-0010 §3.7 — managed by better-auth; tenants may not edit schema.
|
|
3650
3805
|
protection: {
|
|
3651
3806
|
lock: "full",
|
|
@@ -4934,6 +5089,14 @@ var SysSecret = ObjectSchema.create({
|
|
|
4934
5089
|
icon: "key",
|
|
4935
5090
|
isSystem: true,
|
|
4936
5091
|
managedBy: "system",
|
|
5092
|
+
// [ADR-0066 D2/④] Secure-by-default: the environment's encrypted-secrets
|
|
5093
|
+
// store (settings/datasource credentials). Not covered by the wildcard `'*'`
|
|
5094
|
+
// grant — ordinary members get 403 from the generic data layer. Platform
|
|
5095
|
+
// admins retain access via the posture-gated superuser bypass. Internal
|
|
5096
|
+
// readers are unaffected: `engine.resolveSecret` reads at DRIVER level,
|
|
5097
|
+
// SettingsService / the datasource secret-binder read with no principal
|
|
5098
|
+
// (middleware falls open for principal-less internal calls).
|
|
5099
|
+
access: { default: "private" },
|
|
4937
5100
|
description: "Cipher store referenced by sys_setting handles. Never holds plaintext.",
|
|
4938
5101
|
highlightFields: ["namespace", "key", "kms_key_id", "version", "rotated_at"],
|
|
4939
5102
|
listViews: {
|
|
@@ -5281,21 +5444,33 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5281
5444
|
priority: BASE_PRIORITY,
|
|
5282
5445
|
items: [
|
|
5283
5446
|
{ id: "nav_users", type: "object", label: "Users", objectName: "sys_user", icon: "user" },
|
|
5447
|
+
// The ACTIVE organization's record page (Members / Invitations / Teams
|
|
5448
|
+
// tabs with the better-auth row actions), rendered inside the app shell
|
|
5449
|
+
// (ADR-0081). `{current_org_id}` resolves from the session's active
|
|
5450
|
+
// organization; unresolved (e.g. org-less admin before bootstrap) it
|
|
5451
|
+
// falls back to the sys_organization list — one row in single-org.
|
|
5452
|
+
{ id: "nav_organization", type: "object", label: "Organization", objectName: "sys_organization", recordId: "{current_org_id}", icon: "building-2" },
|
|
5284
5453
|
{ id: "nav_business_units", type: "object", label: "Business Units", objectName: "sys_business_unit", icon: "building", requiresObject: "sys_business_unit" },
|
|
5285
|
-
|
|
5454
|
+
// Teams / Invitations no longer gate on `org-scoping` (ADR-0081 D1):
|
|
5455
|
+
// the better-auth organization capability is always mounted, and
|
|
5456
|
+
// plugin-auth's single-org default-org bootstrap guarantees an org to
|
|
5457
|
+
// invite into — these are the OPEN member-management basics. Only the
|
|
5458
|
+
// org LIST below keeps the gate: browsing organizations is meaningful
|
|
5459
|
+
// only when more than one can exist (enterprise multi-org).
|
|
5460
|
+
{ id: "nav_teams", type: "object", label: "Teams", objectName: "sys_team", icon: "users-round" },
|
|
5286
5461
|
{ id: "nav_organizations", type: "object", label: "Organizations", objectName: "sys_organization", icon: "building-2", requiresService: "org-scoping" },
|
|
5287
|
-
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail"
|
|
5462
|
+
{ id: "nav_invitations", type: "object", label: "Invitations", objectName: "sys_invitation", icon: "mail" }
|
|
5288
5463
|
]
|
|
5289
5464
|
},
|
|
5290
5465
|
{
|
|
5291
5466
|
app: "setup",
|
|
5292
5467
|
group: "group_access_control",
|
|
5293
|
-
// Priority 300 keeps API Keys after plugin-security's
|
|
5468
|
+
// Priority 300 keeps API Keys after plugin-security's Positions / Permission
|
|
5294
5469
|
// Sets (100) and plugin-sharing's Sharing Rules / Record Shares (200),
|
|
5295
5470
|
// preserving the original menu order.
|
|
5296
5471
|
priority: 300,
|
|
5297
5472
|
items: [
|
|
5298
|
-
//
|
|
5473
|
+
// Positions / Permission Sets are contributed by @objectstack/plugin-security
|
|
5299
5474
|
// and Sharing Rules / Record Shares by @objectstack/plugin-sharing
|
|
5300
5475
|
// (ADR-0029 K2). Only API Keys (sys_api_key, an identity object owned by
|
|
5301
5476
|
// plugin-auth) remains a platform-objects base entry here.
|
|
@@ -5346,7 +5521,11 @@ var SETUP_NAV_CONTRIBUTIONS = [
|
|
|
5346
5521
|
priority: BASE_PRIORITY,
|
|
5347
5522
|
items: [
|
|
5348
5523
|
{ id: "nav_oauth_apps", type: "object", label: "OAuth Applications", objectName: "sys_oauth_application", icon: "app-window" },
|
|
5349
|
-
|
|
5524
|
+
// nav_jwks is capability-gated (like nav_api_keys): sys_jwks is
|
|
5525
|
+
// `access.default:'private'` (ADR-0066 ④ — signing keys), so a
|
|
5526
|
+
// non-admin's list request 403s server-side; gating the nav item keeps
|
|
5527
|
+
// the menu honest instead of showing an entry that can only error.
|
|
5528
|
+
{ id: "nav_jwks", type: "object", label: "Signing Keys (JWKS)", objectName: "sys_jwks", icon: "key-round", requiredPermissions: ["manage_platform_settings"] },
|
|
5350
5529
|
// `sys_verification` (email/phone tokens) and `sys_device_code` (OAuth
|
|
5351
5530
|
// device-grant codes) deliberately omit `list` from their `apiMethods`
|
|
5352
5531
|
// (sensitive, ephemeral secrets — not browsable), so an object/list-view
|
|
@@ -6685,8 +6864,8 @@ var enObjects = {
|
|
|
6685
6864
|
user_id: {
|
|
6686
6865
|
label: "User"
|
|
6687
6866
|
},
|
|
6688
|
-
|
|
6689
|
-
label: "
|
|
6867
|
+
function_in_business_unit: {
|
|
6868
|
+
label: "Function in Business Unit",
|
|
6690
6869
|
help: "`lead` is the day-to-day head; `deputy` may stand in for the lead in approval routing.",
|
|
6691
6870
|
options: {
|
|
6692
6871
|
member: "member",
|
|
@@ -8638,12 +8817,13 @@ var en = {
|
|
|
8638
8817
|
nav_marketplace_installed: { label: "Installed Apps" },
|
|
8639
8818
|
// People & Organization
|
|
8640
8819
|
nav_users: { label: "Users" },
|
|
8820
|
+
nav_organization: { label: "Organization" },
|
|
8641
8821
|
nav_business_units: { label: "Business Units" },
|
|
8642
8822
|
nav_teams: { label: "Teams" },
|
|
8643
8823
|
nav_organizations: { label: "Organizations" },
|
|
8644
8824
|
nav_invitations: { label: "Invitations" },
|
|
8645
8825
|
// Access Control
|
|
8646
|
-
|
|
8826
|
+
nav_positions: { label: "Positions" },
|
|
8647
8827
|
nav_permission_sets: { label: "Permission Sets" },
|
|
8648
8828
|
nav_sharing_rules: { label: "Sharing Rules" },
|
|
8649
8829
|
nav_record_shares: { label: "Record Shares" },
|
|
@@ -9431,8 +9611,8 @@ var zhCNObjects = {
|
|
|
9431
9611
|
user_id: {
|
|
9432
9612
|
label: "\u7528\u6237"
|
|
9433
9613
|
},
|
|
9434
|
-
|
|
9435
|
-
label: "\u4E1A\u52A1\u5355\u5143\u5185\
|
|
9614
|
+
function_in_business_unit: {
|
|
9615
|
+
label: "\u4E1A\u52A1\u5355\u5143\u5185\u804C\u80FD",
|
|
9436
9616
|
help: "`lead` \u8868\u793A\u65E5\u5E38\u8D1F\u8D23\u4EBA\uFF1B`deputy` \u53EF\u5728\u5BA1\u6279\u8DEF\u7531\u4E2D\u4EE3\u66FF\u8D1F\u8D23\u4EBA\u3002",
|
|
9437
9617
|
options: {
|
|
9438
9618
|
member: "\u6210\u5458",
|
|
@@ -11381,16 +11561,18 @@ var zhCN = {
|
|
|
11381
11561
|
group_advanced: { label: "\u9AD8\u7EA7" },
|
|
11382
11562
|
nav_system_overview: { label: "\u7CFB\u7EDF\u6982\u89C8" },
|
|
11383
11563
|
nav_users: { label: "\u7528\u6237" },
|
|
11564
|
+
nav_organization: { label: "\u7EC4\u7EC7" },
|
|
11384
11565
|
nav_business_units: { label: "\u4E1A\u52A1\u5355\u5143" },
|
|
11385
11566
|
nav_teams: { label: "\u56E2\u961F" },
|
|
11386
11567
|
nav_organizations: { label: "\u7EC4\u7EC7" },
|
|
11387
11568
|
nav_invitations: { label: "\u9080\u8BF7" },
|
|
11388
|
-
|
|
11569
|
+
nav_positions: { label: "\u5C97\u4F4D" },
|
|
11389
11570
|
nav_capabilities: { label: "\u80FD\u529B" },
|
|
11390
11571
|
nav_permission_sets: { label: "\u6743\u9650\u96C6" },
|
|
11391
11572
|
nav_sharing_rules: { label: "\u5171\u4EAB\u89C4\u5219" },
|
|
11392
11573
|
nav_record_shares: { label: "\u8BB0\u5F55\u5171\u4EAB" },
|
|
11393
11574
|
nav_api_keys: { label: "API \u5BC6\u94A5" },
|
|
11575
|
+
nav_connect_agent: { label: "\u8FDE\u63A5\u667A\u80FD\u4F53" },
|
|
11394
11576
|
nav_approval_processes: { label: "\u5BA1\u6279\u6D41\u7A0B" },
|
|
11395
11577
|
nav_approval_requests: { label: "\u5BA1\u6279\u7533\u8BF7" },
|
|
11396
11578
|
nav_approval_actions: { label: "\u5BA1\u6279\u5386\u53F2" },
|
|
@@ -12140,8 +12322,8 @@ var jaJPObjects = {
|
|
|
12140
12322
|
user_id: {
|
|
12141
12323
|
label: "\u30E6\u30FC\u30B6\u30FC"
|
|
12142
12324
|
},
|
|
12143
|
-
|
|
12144
|
-
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\
|
|
12325
|
+
function_in_business_unit: {
|
|
12326
|
+
label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u5185\u306E\u8077\u80FD",
|
|
12145
12327
|
help: "`lead` \u306F\u65E5\u5E38\u306E\u8CAC\u4EFB\u8005\u3001`deputy` \u306F\u627F\u8A8D\u30EB\u30FC\u30C6\u30A3\u30F3\u30B0\u3067\u30EA\u30FC\u30C9\u306E\u4EE3\u7406\u3092\u52D9\u3081\u308B\u5834\u5408\u304C\u3042\u308A\u307E\u3059\u3002",
|
|
12146
12328
|
options: {
|
|
12147
12329
|
member: "\u30E1\u30F3\u30D0\u30FC",
|
|
@@ -14089,11 +14271,12 @@ var jaJP = {
|
|
|
14089
14271
|
group_advanced: { label: "\u8A73\u7D30" },
|
|
14090
14272
|
nav_system_overview: { label: "\u30B7\u30B9\u30C6\u30E0\u6982\u8981" },
|
|
14091
14273
|
nav_users: { label: "\u30E6\u30FC\u30B6\u30FC" },
|
|
14274
|
+
nav_organization: { label: "\u7D44\u7E54" },
|
|
14092
14275
|
nav_business_units: { label: "\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8" },
|
|
14093
14276
|
nav_teams: { label: "\u30C1\u30FC\u30E0" },
|
|
14094
14277
|
nav_organizations: { label: "\u7D44\u7E54" },
|
|
14095
14278
|
nav_invitations: { label: "\u62DB\u5F85" },
|
|
14096
|
-
|
|
14279
|
+
nav_positions: { label: "\u30DD\u30B8\u30B7\u30E7\u30F3" },
|
|
14097
14280
|
nav_permission_sets: { label: "\u6A29\u9650\u30BB\u30C3\u30C8" },
|
|
14098
14281
|
nav_sharing_rules: { label: "\u5171\u6709\u30EB\u30FC\u30EB" },
|
|
14099
14282
|
nav_record_shares: { label: "\u30EC\u30B3\u30FC\u30C9\u5171\u6709" },
|
|
@@ -14846,8 +15029,8 @@ var esESObjects = {
|
|
|
14846
15029
|
user_id: {
|
|
14847
15030
|
label: "Usuario"
|
|
14848
15031
|
},
|
|
14849
|
-
|
|
14850
|
-
label: "
|
|
15032
|
+
function_in_business_unit: {
|
|
15033
|
+
label: "Funci\xF3n en la unidad de negocio",
|
|
14851
15034
|
help: "`lead` es el responsable del d\xEDa a d\xEDa; `deputy` puede sustituir al responsable en el enrutamiento de aprobaciones.",
|
|
14852
15035
|
options: {
|
|
14853
15036
|
member: "Miembro",
|
|
@@ -16795,11 +16978,12 @@ var esES = {
|
|
|
16795
16978
|
group_advanced: { label: "Avanzado" },
|
|
16796
16979
|
nav_system_overview: { label: "Resumen del Sistema" },
|
|
16797
16980
|
nav_users: { label: "Usuarios" },
|
|
16981
|
+
nav_organization: { label: "Organizaci\xF3n" },
|
|
16798
16982
|
nav_business_units: { label: "Unidades de negocio" },
|
|
16799
16983
|
nav_teams: { label: "Equipos" },
|
|
16800
16984
|
nav_organizations: { label: "Organizaciones" },
|
|
16801
16985
|
nav_invitations: { label: "Invitaciones" },
|
|
16802
|
-
|
|
16986
|
+
nav_positions: { label: "Posiciones" },
|
|
16803
16987
|
nav_permission_sets: { label: "Conjuntos de Permisos" },
|
|
16804
16988
|
nav_sharing_rules: { label: "Reglas de Compartici\xF3n" },
|
|
16805
16989
|
nav_record_shares: { label: "Registros Compartidos" },
|
|
@@ -17044,7 +17228,7 @@ var SysUserDetailPage = {
|
|
|
17044
17228
|
},
|
|
17045
17229
|
// ── Tabs: curated related lists ───────────────────────────────
|
|
17046
17230
|
// Only the 4 lists that are semantically about THIS user account.
|
|
17047
|
-
// Everything else (
|
|
17231
|
+
// Everything else (sys_position created_by, sys_email_template
|
|
17048
17232
|
// updated_by, …) is incidental authorship metadata and would only
|
|
17049
17233
|
// create noise.
|
|
17050
17234
|
tabs: {
|
|
@@ -17053,6 +17237,38 @@ var SysUserDetailPage = {
|
|
|
17053
17237
|
type: "line",
|
|
17054
17238
|
position: "top",
|
|
17055
17239
|
items: [
|
|
17240
|
+
{
|
|
17241
|
+
label: "Positions",
|
|
17242
|
+
icon: "shield-check",
|
|
17243
|
+
children: [
|
|
17244
|
+
{
|
|
17245
|
+
// [ADR-0090 D3] Position assignments (岗位分派) — pure SDUI:
|
|
17246
|
+
// the Add picker creates sys_user_position rows storing the
|
|
17247
|
+
// position's MACHINE NAME (valueField: 'name'), and every
|
|
17248
|
+
// server-side rule (the D12 delegated-admin gate, audience-
|
|
17249
|
+
// anchor rejection) surfaces its error in the dialog.
|
|
17250
|
+
type: "record:related_list",
|
|
17251
|
+
properties: {
|
|
17252
|
+
objectName: "sys_user_position",
|
|
17253
|
+
relationshipField: "user_id",
|
|
17254
|
+
columns: ["position", "business_unit_id", "granted_by", "created_at"],
|
|
17255
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
17256
|
+
limit: 25,
|
|
17257
|
+
showViewAll: true,
|
|
17258
|
+
title: "Positions",
|
|
17259
|
+
add: {
|
|
17260
|
+
picker: {
|
|
17261
|
+
object: "sys_position",
|
|
17262
|
+
valueField: "name",
|
|
17263
|
+
labelField: "label"
|
|
17264
|
+
},
|
|
17265
|
+
linkField: "position",
|
|
17266
|
+
label: "Assign position"
|
|
17267
|
+
}
|
|
17268
|
+
}
|
|
17269
|
+
}
|
|
17270
|
+
]
|
|
17271
|
+
},
|
|
17056
17272
|
{
|
|
17057
17273
|
label: "Sessions",
|
|
17058
17274
|
icon: "monitor",
|
|
@@ -17259,6 +17475,84 @@ var SysUserDetailPage = {
|
|
|
17259
17475
|
}
|
|
17260
17476
|
};
|
|
17261
17477
|
|
|
17478
|
+
// src/pages/sys-position.page.ts
|
|
17479
|
+
var SysPositionDetailPage = {
|
|
17480
|
+
name: "sys_position_detail",
|
|
17481
|
+
label: "Position",
|
|
17482
|
+
type: "record",
|
|
17483
|
+
object: "sys_position",
|
|
17484
|
+
template: "default",
|
|
17485
|
+
kind: "slotted",
|
|
17486
|
+
isDefault: true,
|
|
17487
|
+
regions: [],
|
|
17488
|
+
slots: {
|
|
17489
|
+
tabs: {
|
|
17490
|
+
type: "page:tabs",
|
|
17491
|
+
properties: {
|
|
17492
|
+
type: "line",
|
|
17493
|
+
position: "top",
|
|
17494
|
+
items: [
|
|
17495
|
+
{
|
|
17496
|
+
label: "Holders",
|
|
17497
|
+
icon: "users",
|
|
17498
|
+
children: [
|
|
17499
|
+
{
|
|
17500
|
+
type: "record:related_list",
|
|
17501
|
+
properties: {
|
|
17502
|
+
objectName: "sys_user_position",
|
|
17503
|
+
relationshipField: "position",
|
|
17504
|
+
relationshipValueField: "name",
|
|
17505
|
+
columns: ["user_id", "business_unit_id", "granted_by", "created_at"],
|
|
17506
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
17507
|
+
limit: 25,
|
|
17508
|
+
showViewAll: true,
|
|
17509
|
+
title: "Holders",
|
|
17510
|
+
add: {
|
|
17511
|
+
picker: {
|
|
17512
|
+
object: "sys_user",
|
|
17513
|
+
labelField: "name"
|
|
17514
|
+
},
|
|
17515
|
+
linkField: "user_id",
|
|
17516
|
+
label: "Assign user"
|
|
17517
|
+
}
|
|
17518
|
+
}
|
|
17519
|
+
}
|
|
17520
|
+
]
|
|
17521
|
+
},
|
|
17522
|
+
{
|
|
17523
|
+
label: "Permission Sets",
|
|
17524
|
+
icon: "lock",
|
|
17525
|
+
children: [
|
|
17526
|
+
{
|
|
17527
|
+
type: "record:related_list",
|
|
17528
|
+
properties: {
|
|
17529
|
+
objectName: "sys_position_permission_set",
|
|
17530
|
+
relationshipField: "position_id",
|
|
17531
|
+
columns: ["permission_set_id", "created_at"],
|
|
17532
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
17533
|
+
limit: 25,
|
|
17534
|
+
showViewAll: true,
|
|
17535
|
+
title: "Permission Sets",
|
|
17536
|
+
add: {
|
|
17537
|
+
picker: {
|
|
17538
|
+
object: "sys_permission_set",
|
|
17539
|
+
labelField: "label"
|
|
17540
|
+
},
|
|
17541
|
+
linkField: "permission_set_id",
|
|
17542
|
+
label: "Bind permission set"
|
|
17543
|
+
}
|
|
17544
|
+
}
|
|
17545
|
+
}
|
|
17546
|
+
]
|
|
17547
|
+
}
|
|
17548
|
+
]
|
|
17549
|
+
}
|
|
17550
|
+
},
|
|
17551
|
+
// No Chatter feed on an RBAC primitive.
|
|
17552
|
+
discussion: []
|
|
17553
|
+
}
|
|
17554
|
+
};
|
|
17555
|
+
|
|
17262
17556
|
// src/apps/translations/en.metadata-forms.generated.ts
|
|
17263
17557
|
var enMetadataForms = {
|
|
17264
17558
|
object: {
|
|
@@ -18564,69 +18858,6 @@ var enMetadataForms = {
|
|
|
18564
18858
|
label: "Label",
|
|
18565
18859
|
helpText: "Display label for admins"
|
|
18566
18860
|
},
|
|
18567
|
-
isProfile: {
|
|
18568
|
-
label: "Is Profile",
|
|
18569
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18570
|
-
},
|
|
18571
|
-
systemPermissions: {
|
|
18572
|
-
label: "System Permissions",
|
|
18573
|
-
helpText: "List of system capability keys"
|
|
18574
|
-
},
|
|
18575
|
-
objects: {
|
|
18576
|
-
label: "Objects",
|
|
18577
|
-
helpText: '{ "account": { allowRead: true, allowEdit: true, ... } }'
|
|
18578
|
-
},
|
|
18579
|
-
fields: {
|
|
18580
|
-
label: "Fields",
|
|
18581
|
-
helpText: '{ "account.amount": { readable: true, editable: false } }'
|
|
18582
|
-
},
|
|
18583
|
-
tabPermissions: {
|
|
18584
|
-
label: "Tab Permissions",
|
|
18585
|
-
helpText: '{ "app_crm": "visible", "app_admin": "hidden" }'
|
|
18586
|
-
},
|
|
18587
|
-
rowLevelSecurity: {
|
|
18588
|
-
label: "Row Level Security",
|
|
18589
|
-
helpText: "Array of RLS policies (see rls.zod.ts)"
|
|
18590
|
-
},
|
|
18591
|
-
contextVariables: {
|
|
18592
|
-
label: "Context Variables",
|
|
18593
|
-
helpText: "Custom variables referenced in RLS predicates"
|
|
18594
|
-
}
|
|
18595
|
-
}
|
|
18596
|
-
},
|
|
18597
|
-
profile: {
|
|
18598
|
-
label: "Profile",
|
|
18599
|
-
sections: {
|
|
18600
|
-
identity: {
|
|
18601
|
-
label: "Identity",
|
|
18602
|
-
description: "Permission Sets stack on top of a Profile to grant additional access. Profiles are the base set assigned 1:1 to each user."
|
|
18603
|
-
},
|
|
18604
|
-
system_permissions: {
|
|
18605
|
-
label: "System Permissions",
|
|
18606
|
-
description: "High-level capabilities not tied to a specific object \u2014 e.g. manage_users, view_audit_logs."
|
|
18607
|
-
},
|
|
18608
|
-
object_and_field_permissions: {
|
|
18609
|
-
label: "Object & Field Permissions",
|
|
18610
|
-
description: "Per-object CRUD + per-field FLS. Edit via the matrix editor or paste JSON here."
|
|
18611
|
-
},
|
|
18612
|
-
tab_and_row_level_security: {
|
|
18613
|
-
label: "Tab & Row-Level Security",
|
|
18614
|
-
description: "Tab visibility, RLS policies, and custom context variables for predicate evaluation."
|
|
18615
|
-
}
|
|
18616
|
-
},
|
|
18617
|
-
fields: {
|
|
18618
|
-
name: {
|
|
18619
|
-
label: "Name",
|
|
18620
|
-
helpText: "Machine name (snake_case)"
|
|
18621
|
-
},
|
|
18622
|
-
label: {
|
|
18623
|
-
label: "Label",
|
|
18624
|
-
helpText: "Display label for admins"
|
|
18625
|
-
},
|
|
18626
|
-
isProfile: {
|
|
18627
|
-
label: "Is Profile",
|
|
18628
|
-
helpText: "Profile = base set assigned to users. Permission Set = additive grant."
|
|
18629
|
-
},
|
|
18630
18861
|
systemPermissions: {
|
|
18631
18862
|
label: "System Permissions",
|
|
18632
18863
|
helpText: "List of system capability keys"
|
|
@@ -18653,12 +18884,12 @@ var enMetadataForms = {
|
|
|
18653
18884
|
}
|
|
18654
18885
|
}
|
|
18655
18886
|
},
|
|
18656
|
-
|
|
18657
|
-
label: "
|
|
18887
|
+
position: {
|
|
18888
|
+
label: "Position",
|
|
18658
18889
|
sections: {
|
|
18659
|
-
|
|
18660
|
-
label: "
|
|
18661
|
-
description: "
|
|
18890
|
+
position: {
|
|
18891
|
+
label: "Position",
|
|
18892
|
+
description: "A position is a flat, assignable bundle of permission sets (e.g. sales_rep, sales_manager). Capability lives on permission sets; visibility depth lives on the business-unit tree."
|
|
18662
18893
|
}
|
|
18663
18894
|
},
|
|
18664
18895
|
fields: {
|
|
@@ -18669,10 +18900,6 @@ var enMetadataForms = {
|
|
|
18669
18900
|
label: {
|
|
18670
18901
|
label: "Label"
|
|
18671
18902
|
},
|
|
18672
|
-
parent: {
|
|
18673
|
-
label: "Parent",
|
|
18674
|
-
helpText: "Parent role machine name (Reports To)"
|
|
18675
|
-
},
|
|
18676
18903
|
description: {
|
|
18677
18904
|
label: "Description"
|
|
18678
18905
|
}
|
|
@@ -20202,10 +20429,6 @@ var zhCNMetadataForms = {
|
|
|
20202
20429
|
label: "\u663E\u793A\u540D\u79F0",
|
|
20203
20430
|
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u7684\u663E\u793A\u6807\u7B7E"
|
|
20204
20431
|
},
|
|
20205
|
-
isProfile: {
|
|
20206
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20207
|
-
helpText: "\u52FE\u9009\u540E\u4F5C\u4E3A\u5B8C\u6574\u914D\u7F6E\u6587\u4EF6\uFF08\u800C\u975E\u9644\u52A0\u6743\u9650\u96C6\uFF09"
|
|
20208
|
-
},
|
|
20209
20432
|
systemPermissions: {
|
|
20210
20433
|
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20211
20434
|
helpText: "\u5E94\u7528\u8BBF\u95EE\u3001API\u3001\u7BA1\u7406\u64CD\u4F5C"
|
|
@@ -20232,71 +20455,12 @@ var zhCNMetadataForms = {
|
|
|
20232
20455
|
}
|
|
20233
20456
|
}
|
|
20234
20457
|
},
|
|
20235
|
-
|
|
20236
|
-
label: "\
|
|
20458
|
+
position: {
|
|
20459
|
+
label: "\u5C97\u4F4D",
|
|
20237
20460
|
sections: {
|
|
20238
|
-
|
|
20239
|
-
label: "\
|
|
20240
|
-
description: "\
|
|
20241
|
-
},
|
|
20242
|
-
system_permissions: {
|
|
20243
|
-
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20244
|
-
description: "\u4E0E\u7279\u5B9A\u5BF9\u8C61\u65E0\u5173\u7684\u9AD8\u7EA7\u80FD\u529B\u2014\u2014\u4F8B\u5982 manage_users\u3001view_audit_logs\u3002"
|
|
20245
|
-
},
|
|
20246
|
-
object_and_field_permissions: {
|
|
20247
|
-
label: "\u5BF9\u8C61\u4E0E\u5B57\u6BB5\u6743\u9650",
|
|
20248
|
-
description: "\u6309\u5BF9\u8C61\u7684\u589E\u5220\u6539\u67E5 + \u6309\u5B57\u6BB5\u7684\u5B57\u6BB5\u7EA7\u5B89\u5168\uFF08FLS\uFF09\u3002\u53EF\u901A\u8FC7\u77E9\u9635\u7F16\u8F91\u5668\u7F16\u8F91\uFF0C\u6216\u5728\u6B64\u5904\u7C98\u8D34 JSON\u3002"
|
|
20249
|
-
},
|
|
20250
|
-
tab_and_row_level_security: {
|
|
20251
|
-
label: "\u6807\u7B7E\u9875\u4E0E\u884C\u7EA7\u5B89\u5168",
|
|
20252
|
-
description: "\u6807\u7B7E\u9875\u53EF\u89C1\u6027\u3001RLS \u7B56\u7565\uFF0C\u4EE5\u53CA\u7528\u4E8E\u8C13\u8BCD\u6C42\u503C\u7684\u81EA\u5B9A\u4E49\u4E0A\u4E0B\u6587\u53D8\u91CF\u3002"
|
|
20253
|
-
}
|
|
20254
|
-
},
|
|
20255
|
-
fields: {
|
|
20256
|
-
name: {
|
|
20257
|
-
label: "\u540D\u79F0",
|
|
20258
|
-
helpText: "\u673A\u5668\u540D\uFF08snake_case\uFF09"
|
|
20259
|
-
},
|
|
20260
|
-
label: {
|
|
20261
|
-
label: "\u663E\u793A\u540D\u79F0",
|
|
20262
|
-
helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
|
|
20263
|
-
},
|
|
20264
|
-
isProfile: {
|
|
20265
|
-
label: "\u662F\u5426\u914D\u7F6E\u6587\u4EF6",
|
|
20266
|
-
helpText: "\u914D\u7F6E\u6587\u4EF6 = \u5206\u914D\u7ED9\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002\u6743\u9650\u96C6 = \u9644\u52A0\u6388\u4E88\u3002"
|
|
20267
|
-
},
|
|
20268
|
-
systemPermissions: {
|
|
20269
|
-
label: "\u7CFB\u7EDF\u6743\u9650",
|
|
20270
|
-
helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
|
|
20271
|
-
},
|
|
20272
|
-
objects: {
|
|
20273
|
-
label: "\u5BF9\u8C61\u6743\u9650",
|
|
20274
|
-
helpText: '\u793A\u4F8B\uFF1A{ "account": { allowRead: true, allowEdit: true, ... } }'
|
|
20275
|
-
},
|
|
20276
|
-
fields: {
|
|
20277
|
-
label: "\u5B57\u6BB5",
|
|
20278
|
-
helpText: '\u793A\u4F8B\uFF1A{ "account.amount": { readable: true, editable: false } }'
|
|
20279
|
-
},
|
|
20280
|
-
tabPermissions: {
|
|
20281
|
-
label: "\u6807\u7B7E\u9875\u6743\u9650",
|
|
20282
|
-
helpText: '\u793A\u4F8B\uFF1A{ "app_crm": "visible", "app_admin": "hidden" }'
|
|
20283
|
-
},
|
|
20284
|
-
rowLevelSecurity: {
|
|
20285
|
-
label: "\u884C\u7EA7\u5B89\u5168",
|
|
20286
|
-
helpText: "RLS \u7B56\u7565\u6570\u7EC4\uFF08\u53C2\u89C1 rls.zod.ts\uFF09"
|
|
20287
|
-
},
|
|
20288
|
-
contextVariables: {
|
|
20289
|
-
label: "\u4E0A\u4E0B\u6587\u53D8\u91CF",
|
|
20290
|
-
helpText: "RLS \u8C13\u8BCD\u4E2D\u5F15\u7528\u7684\u81EA\u5B9A\u4E49\u53D8\u91CF"
|
|
20291
|
-
}
|
|
20292
|
-
}
|
|
20293
|
-
},
|
|
20294
|
-
role: {
|
|
20295
|
-
label: "\u89D2\u8272",
|
|
20296
|
-
sections: {
|
|
20297
|
-
role: {
|
|
20298
|
-
label: "\u89D2\u8272\u5B9A\u4E49",
|
|
20299
|
-
description: "\u89D2\u8272\u540D\u79F0\u4E0E\u7EE7\u627F\u5173\u7CFB"
|
|
20461
|
+
position: {
|
|
20462
|
+
label: "\u5C97\u4F4D",
|
|
20463
|
+
description: "\u5C97\u4F4D\u662F\u6241\u5E73\u7684\u3001\u53EF\u5206\u914D\u7684\u6743\u9650\u96C6\u7EC4\u5408(\u5982 sales_rep\u3001sales_manager)\u3002\u80FD\u529B\u5728\u6743\u9650\u96C6\u4E0A;\u53EF\u89C1\u8303\u56F4\u6DF1\u5EA6\u5728\u4E1A\u52A1\u5355\u5143\u6811\u4E0A\u3002"
|
|
20300
20464
|
}
|
|
20301
20465
|
},
|
|
20302
20466
|
fields: {
|
|
@@ -20307,10 +20471,6 @@ var zhCNMetadataForms = {
|
|
|
20307
20471
|
label: {
|
|
20308
20472
|
label: "\u663E\u793A\u540D\u79F0"
|
|
20309
20473
|
},
|
|
20310
|
-
parent: {
|
|
20311
|
-
label: "\u7236\u7EA7",
|
|
20312
|
-
helpText: "\u7EE7\u627F\u7236\u89D2\u8272\u7684\u6743\u9650"
|
|
20313
|
-
},
|
|
20314
20474
|
description: {
|
|
20315
20475
|
label: "\u63CF\u8FF0"
|
|
20316
20476
|
}
|
|
@@ -21840,10 +22000,6 @@ var jaJPMetadataForms = {
|
|
|
21840
22000
|
label: "\u8868\u793A\u540D",
|
|
21841
22001
|
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21842
22002
|
},
|
|
21843
|
-
isProfile: {
|
|
21844
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21845
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21846
|
-
},
|
|
21847
22003
|
systemPermissions: {
|
|
21848
22004
|
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21849
22005
|
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
@@ -21870,71 +22026,12 @@ var jaJPMetadataForms = {
|
|
|
21870
22026
|
}
|
|
21871
22027
|
}
|
|
21872
22028
|
},
|
|
21873
|
-
|
|
21874
|
-
label: "\
|
|
22029
|
+
position: {
|
|
22030
|
+
label: "\u30DD\u30B8\u30B7\u30E7\u30F3",
|
|
21875
22031
|
sections: {
|
|
21876
|
-
|
|
21877
|
-
label: "
|
|
21878
|
-
description: "\u6A29\u9650\u30BB\u30C3\u30C8\
|
|
21879
|
-
},
|
|
21880
|
-
system_permissions: {
|
|
21881
|
-
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21882
|
-
description: "\u7279\u5B9A\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306B\u7D10\u3065\u304B\u306A\u3044\u9AD8\u30EC\u30D9\u30EB\u6A5F\u80FD \u2014 \u4F8B: manage_users, view_audit_logs\u3002"
|
|
21883
|
-
},
|
|
21884
|
-
object_and_field_permissions: {
|
|
21885
|
-
label: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u3068\u30D5\u30A3\u30FC\u30EB\u30C9\u6A29\u9650",
|
|
21886
|
-
description: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u5358\u4F4D\u306E CRUD + \u30D5\u30A3\u30FC\u30EB\u30C9\u5358\u4F4D\u306E FLS\u3002\u30DE\u30C8\u30EA\u30C3\u30AF\u30B9\u30A8\u30C7\u30A3\u30BF\u30FC\u3067\u7DE8\u96C6\u3001\u307E\u305F\u306F\u3053\u3053\u306B JSON \u3092\u8CBC\u308A\u4ED8\u3051\u3002"
|
|
21887
|
-
},
|
|
21888
|
-
tab_and_row_level_security: {
|
|
21889
|
-
label: "\u30BF\u30D6\u3068\u884C\u30EC\u30D9\u30EB\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3",
|
|
21890
|
-
description: "\u30BF\u30D6\u8868\u793A\u3001RLS \u30DD\u30EA\u30B7\u30FC\u3001\u8FF0\u8A9E\u8A55\u4FA1\u7528\u30AB\u30B9\u30BF\u30E0\u30B3\u30F3\u30C6\u30AD\u30B9\u30C8\u5909\u6570\u3002"
|
|
21891
|
-
}
|
|
21892
|
-
},
|
|
21893
|
-
fields: {
|
|
21894
|
-
name: {
|
|
21895
|
-
label: "\u540D\u524D",
|
|
21896
|
-
helpText: "\u30DE\u30B7\u30F3\u540D\uFF08snake_case\uFF09"
|
|
21897
|
-
},
|
|
21898
|
-
label: {
|
|
21899
|
-
label: "\u8868\u793A\u540D",
|
|
21900
|
-
helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
|
|
21901
|
-
},
|
|
21902
|
-
isProfile: {
|
|
21903
|
-
label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u304B",
|
|
21904
|
-
helpText: "Profile = \u30E6\u30FC\u30B6\u30FC\u306B\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002Permission Set = \u8FFD\u52A0\u6A29\u9650\u3002"
|
|
21905
|
-
},
|
|
21906
|
-
systemPermissions: {
|
|
21907
|
-
label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
|
|
21908
|
-
helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
|
|
21909
|
-
},
|
|
21910
|
-
objects: {
|
|
21911
|
-
label: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u6A29\u9650",
|
|
21912
|
-
helpText: '\u4F8B: { "account": { allowRead: true, allowEdit: true, ... } }'
|
|
21913
|
-
},
|
|
21914
|
-
fields: {
|
|
21915
|
-
label: "\u30D5\u30A3\u30FC\u30EB\u30C9",
|
|
21916
|
-
helpText: '\u4F8B: { "account.amount": { readable: true, editable: false } }'
|
|
21917
|
-
},
|
|
21918
|
-
tabPermissions: {
|
|
21919
|
-
label: "\u30BF\u30D6\u6A29\u9650",
|
|
21920
|
-
helpText: '\u4F8B: { "app_crm": "visible", "app_admin": "hidden" }'
|
|
21921
|
-
},
|
|
21922
|
-
rowLevelSecurity: {
|
|
21923
|
-
label: "\u884C\u30EC\u30D9\u30EB\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3",
|
|
21924
|
-
helpText: "RLS \u30DD\u30EA\u30B7\u30FC\u306E\u914D\u5217\uFF08rls.zod.ts \u53C2\u7167\uFF09"
|
|
21925
|
-
},
|
|
21926
|
-
contextVariables: {
|
|
21927
|
-
label: "\u30B3\u30F3\u30C6\u30AD\u30B9\u30C8\u5909\u6570",
|
|
21928
|
-
helpText: "RLS \u8FF0\u8A9E\u3067\u53C2\u7167\u3059\u308B\u30AB\u30B9\u30BF\u30E0\u5909\u6570"
|
|
21929
|
-
}
|
|
21930
|
-
}
|
|
21931
|
-
},
|
|
21932
|
-
role: {
|
|
21933
|
-
label: "\u30ED\u30FC\u30EB",
|
|
21934
|
-
sections: {
|
|
21935
|
-
role: {
|
|
21936
|
-
label: "\u30ED\u30FC\u30EB",
|
|
21937
|
-
description: "\u30ED\u30FC\u30EB\u306F\u30EC\u30B3\u30FC\u30C9\u5171\u6709\u306B\u4F7F\u3046\u968E\u5C64\u3092\u69CB\u6210\uFF08sales VP \u2192 sales mgr \u2192 sales rep\uFF09\u3002\u6A29\u9650\u81EA\u4F53\u306F Permission Sets \u3068 Profiles \u306B\u5B58\u5728\u3002"
|
|
22032
|
+
position: {
|
|
22033
|
+
label: "\u30DD\u30B8\u30B7\u30E7\u30F3",
|
|
22034
|
+
description: "\u30DD\u30B8\u30B7\u30E7\u30F3\u306F\u6A29\u9650\u30BB\u30C3\u30C8\u3092\u307E\u3068\u3081\u3066\u5272\u308A\u5F53\u3066\u308B\u30D5\u30E9\u30C3\u30C8\u306A\u5358\u4F4D(\u4F8B: sales_rep\u3001sales_manager)\u3002\u80FD\u529B\u306F\u6A29\u9650\u30BB\u30C3\u30C8\u306B\u3001\u53EF\u8996\u7BC4\u56F2\u306E\u6DF1\u3055\u306F\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u30C4\u30EA\u30FC\u306B\u3042\u308A\u307E\u3059\u3002"
|
|
21938
22035
|
}
|
|
21939
22036
|
},
|
|
21940
22037
|
fields: {
|
|
@@ -21945,10 +22042,6 @@ var jaJPMetadataForms = {
|
|
|
21945
22042
|
label: {
|
|
21946
22043
|
label: "\u8868\u793A\u540D"
|
|
21947
22044
|
},
|
|
21948
|
-
parent: {
|
|
21949
|
-
label: "\u89AA",
|
|
21950
|
-
helpText: "\u89AA\u30ED\u30FC\u30EB\u306E\u30DE\u30B7\u30F3\u540D\uFF08Reports To\uFF09"
|
|
21951
|
-
},
|
|
21952
22045
|
description: {
|
|
21953
22046
|
label: "\u8AAC\u660E"
|
|
21954
22047
|
}
|
|
@@ -23478,69 +23571,6 @@ var esESMetadataForms = {
|
|
|
23478
23571
|
label: "Etiqueta",
|
|
23479
23572
|
helpText: "Etiqueta mostrada para administradores"
|
|
23480
23573
|
},
|
|
23481
|
-
isProfile: {
|
|
23482
|
-
label: "Es perfil",
|
|
23483
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23484
|
-
},
|
|
23485
|
-
systemPermissions: {
|
|
23486
|
-
label: "Permisos del sistema",
|
|
23487
|
-
helpText: "Lista de claves de capacidades del sistema"
|
|
23488
|
-
},
|
|
23489
|
-
objects: {
|
|
23490
|
-
label: "Permisos de objeto",
|
|
23491
|
-
helpText: 'Ejemplo: { "account": { allowRead: true, allowEdit: true, ... } }'
|
|
23492
|
-
},
|
|
23493
|
-
fields: {
|
|
23494
|
-
label: "Campos",
|
|
23495
|
-
helpText: 'Ejemplo: { "account.amount": { readable: true, editable: false } }'
|
|
23496
|
-
},
|
|
23497
|
-
tabPermissions: {
|
|
23498
|
-
label: "Permisos de pesta\xF1a",
|
|
23499
|
-
helpText: 'Ejemplo: { "app_crm": "visible", "app_admin": "hidden" }'
|
|
23500
|
-
},
|
|
23501
|
-
rowLevelSecurity: {
|
|
23502
|
-
label: "Seguridad a nivel de fila",
|
|
23503
|
-
helpText: "Array de pol\xEDticas RLS (ver rls.zod.ts)"
|
|
23504
|
-
},
|
|
23505
|
-
contextVariables: {
|
|
23506
|
-
label: "Variables de contexto",
|
|
23507
|
-
helpText: "Variables personalizadas referenciadas en predicados RLS"
|
|
23508
|
-
}
|
|
23509
|
-
}
|
|
23510
|
-
},
|
|
23511
|
-
profile: {
|
|
23512
|
-
label: "Perfil",
|
|
23513
|
-
sections: {
|
|
23514
|
-
identity: {
|
|
23515
|
-
label: "Identidad",
|
|
23516
|
-
description: "Los conjuntos de permisos se apilan sobre un perfil para conceder acceso adicional. Los perfiles son el conjunto base asignado 1:1 a cada usuario."
|
|
23517
|
-
},
|
|
23518
|
-
system_permissions: {
|
|
23519
|
-
label: "Permisos del sistema",
|
|
23520
|
-
description: "Capacidades de alto nivel no vinculadas a un objeto espec\xEDfico \u2014 p. ej. manage_users, view_audit_logs."
|
|
23521
|
-
},
|
|
23522
|
-
object_and_field_permissions: {
|
|
23523
|
-
label: "Permisos de objeto y campo",
|
|
23524
|
-
description: "CRUD por objeto + FLS por campo. Edita mediante el editor matricial o pega JSON aqu\xED."
|
|
23525
|
-
},
|
|
23526
|
-
tab_and_row_level_security: {
|
|
23527
|
-
label: "Pesta\xF1a y seguridad a nivel de fila",
|
|
23528
|
-
description: "Visibilidad de pesta\xF1as, pol\xEDticas RLS y variables de contexto personalizadas para evaluar predicados."
|
|
23529
|
-
}
|
|
23530
|
-
},
|
|
23531
|
-
fields: {
|
|
23532
|
-
name: {
|
|
23533
|
-
label: "Nombre",
|
|
23534
|
-
helpText: "Nombre de m\xE1quina (snake_case)"
|
|
23535
|
-
},
|
|
23536
|
-
label: {
|
|
23537
|
-
label: "Etiqueta",
|
|
23538
|
-
helpText: "Etiqueta mostrada para administradores"
|
|
23539
|
-
},
|
|
23540
|
-
isProfile: {
|
|
23541
|
-
label: "Es perfil",
|
|
23542
|
-
helpText: "Profile = conjunto base asignado a usuarios. Permission Set = concesi\xF3n adicional."
|
|
23543
|
-
},
|
|
23544
23574
|
systemPermissions: {
|
|
23545
23575
|
label: "Permisos del sistema",
|
|
23546
23576
|
helpText: "Lista de claves de capacidades del sistema"
|
|
@@ -23567,12 +23597,12 @@ var esESMetadataForms = {
|
|
|
23567
23597
|
}
|
|
23568
23598
|
}
|
|
23569
23599
|
},
|
|
23570
|
-
|
|
23571
|
-
label: "
|
|
23600
|
+
position: {
|
|
23601
|
+
label: "Posici\xF3n",
|
|
23572
23602
|
sections: {
|
|
23573
|
-
|
|
23574
|
-
label: "
|
|
23575
|
-
description: "
|
|
23603
|
+
position: {
|
|
23604
|
+
label: "Posici\xF3n",
|
|
23605
|
+
description: "Una posici\xF3n es un conjunto plano y asignable de permission sets (p. ej. sales_rep, sales_manager). La capacidad reside en los permission sets; la profundidad de visibilidad en el \xE1rbol de unidades de negocio."
|
|
23576
23606
|
}
|
|
23577
23607
|
},
|
|
23578
23608
|
fields: {
|
|
@@ -23583,10 +23613,6 @@ var esESMetadataForms = {
|
|
|
23583
23613
|
label: {
|
|
23584
23614
|
label: "Etiqueta"
|
|
23585
23615
|
},
|
|
23586
|
-
parent: {
|
|
23587
|
-
label: "Padre",
|
|
23588
|
-
helpText: "Nombre de m\xE1quina del rol padre (Reports To)"
|
|
23589
|
-
},
|
|
23590
23616
|
description: {
|
|
23591
23617
|
label: "Descripci\xF3n"
|
|
23592
23618
|
}
|
|
@@ -23868,6 +23894,6 @@ function createPlatformObjectsPlugin() {
|
|
|
23868
23894
|
return new PlatformObjectsPlugin();
|
|
23869
23895
|
}
|
|
23870
23896
|
|
|
23871
|
-
export { ACCOUNT_APP, MetadataFormsTranslations, PlatformObjectsPlugin, SETUP_APP, SETUP_NAV_CONTRIBUTIONS, STUDIO_APP, SetupAppTranslations, SysAccount, SysApiKey, SysAttachment, SysBusinessUnit, SysBusinessUnitMember, SysDeviceCode, SysEmail, SysEmailTemplate, SysImportJob, SysInvitation, SysJob, SysJobQueue, SysJobRun, SysJwks, SysMember, SysNotification, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysOrganization, SysOrganizationDetailPage, SysReportSchedule, SysSavedReport, SysScimProvider, SysSecret, SysSession, SysSetting, SysSettingAudit, SysSsoProvider, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserDetailPage, SysUserPreference, SysVerification, SystemOverviewDashboard, SystemOverviewDatasets, createPlatformObjectsPlugin, en, esES, jaJP, zhCN };
|
|
23897
|
+
export { ACCOUNT_APP, MetadataFormsTranslations, PlatformObjectsPlugin, SETUP_APP, SETUP_NAV_CONTRIBUTIONS, STUDIO_APP, SetupAppTranslations, SysAccount, SysApiKey, SysAttachment, SysBusinessUnit, SysBusinessUnitMember, SysDeviceCode, SysEmail, SysEmailTemplate, SysImportJob, SysInvitation, SysJob, SysJobQueue, SysJobRun, SysJwks, SysMember, SysNotification, SysOauthAccessToken, SysOauthApplication, SysOauthConsent, SysOauthRefreshToken, SysOrganization, SysOrganizationDetailPage, SysPositionDetailPage, SysReportSchedule, SysSavedReport, SysScimProvider, SysSecret, SysSession, SysSetting, SysSettingAudit, SysSsoProvider, SysTeam, SysTeamMember, SysTwoFactor, SysUser, SysUserDetailPage, SysUserPreference, SysVerification, SystemOverviewDashboard, SystemOverviewDatasets, createPlatformObjectsPlugin, en, esES, jaJP, zhCN };
|
|
23872
23898
|
//# sourceMappingURL=index.mjs.map
|
|
23873
23899
|
//# sourceMappingURL=index.mjs.map
|