@objectstack/platform-objects 13.0.0 → 14.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -105,6 +105,62 @@ var SysUser = data.ObjectSchema.create({
105
105
  successMessage: "Account unlocked",
106
106
  refreshAfter: true
107
107
  },
108
+ {
109
+ // #2766 V1 — a platform admin can add a login-capable teammate without
110
+ // the email-dependent invite flow. Hits the plugin-auth wrapper route
111
+ // (NOT better-auth's stock /admin/create-user): the wrapper runs the
112
+ // ADR-0068 admin gate, drives the better-auth pipeline (scrypt hash +
113
+ // credential sys_account), stamps must_change_password, and — when
114
+ // "Generate temporary password" is picked — returns the password ONCE
115
+ // in the response for the result dialog. It is never persisted or logged.
116
+ name: "create_user",
117
+ label: "Create User",
118
+ icon: "user-plus",
119
+ variant: "secondary",
120
+ locations: ["list_toolbar"],
121
+ type: "api",
122
+ target: "/api/v1/auth/admin/create-user",
123
+ visible: "features.admin == true",
124
+ successMessage: "User created",
125
+ refreshAfter: true,
126
+ params: [
127
+ // The endpoint requires email OR phone (phone-only users get a
128
+ // placeholder address; requires auth.plugins.phoneNumber).
129
+ { field: "email", required: false },
130
+ {
131
+ name: "phoneNumber",
132
+ label: "Phone Number",
133
+ type: "text",
134
+ required: false,
135
+ helpText: "Sign-in phone number (E.164, e.g. +8613800000000). Required when no email is given."
136
+ },
137
+ { field: "name", required: false },
138
+ {
139
+ name: "generatePassword",
140
+ label: "Generate Temporary Password",
141
+ type: "boolean",
142
+ required: false,
143
+ defaultValue: true
144
+ },
145
+ { name: "password", label: "Password (leave empty to generate)", type: "text", required: false },
146
+ {
147
+ name: "mustChangePassword",
148
+ label: "Require Password Change On First Login",
149
+ type: "boolean",
150
+ required: false,
151
+ defaultValue: true
152
+ }
153
+ ],
154
+ resultDialog: {
155
+ title: "User Created",
156
+ description: "Copy the temporary password now \u2014 it is shown only once and never stored.",
157
+ acknowledge: "I have saved this password",
158
+ fields: [
159
+ { path: "user.email", label: "Email", format: "text" },
160
+ { path: "temporaryPassword", label: "Temporary Password", format: "secret" }
161
+ ]
162
+ }
163
+ },
108
164
  {
109
165
  name: "set_user_password",
110
166
  label: "Set Password",
@@ -112,13 +168,40 @@ var SysUser = data.ObjectSchema.create({
112
168
  variant: "secondary",
113
169
  locations: ["list_item"],
114
170
  type: "api",
171
+ // #2766 V1 — same path as better-auth's stock route, but served by the
172
+ // plugin-auth wrapper registered ahead of the catch-all: it accepts the
173
+ // ADR-0068 platform-admin signals (the stock handler only honors the
174
+ // legacy role scalar), can mint a temporary password, and stamps
175
+ // must_change_password.
115
176
  target: "/api/v1/auth/admin/set-user-password",
116
177
  recordIdParam: "userId",
117
178
  successMessage: "Password updated",
118
179
  refreshAfter: false,
119
180
  params: [
120
- { name: "newPassword", label: "New Password", type: "text", required: true }
121
- ]
181
+ {
182
+ name: "generatePassword",
183
+ label: "Generate Temporary Password",
184
+ type: "boolean",
185
+ required: false,
186
+ defaultValue: false
187
+ },
188
+ { name: "newPassword", label: "New Password (leave empty to generate)", type: "text", required: false },
189
+ {
190
+ name: "mustChangePassword",
191
+ label: "Require Password Change On Next Login",
192
+ type: "boolean",
193
+ required: false,
194
+ defaultValue: true
195
+ }
196
+ ],
197
+ resultDialog: {
198
+ title: "Password Updated",
199
+ description: "If a temporary password was generated, copy it now \u2014 it is shown only once and never stored.",
200
+ acknowledge: "Done",
201
+ fields: [
202
+ { path: "temporaryPassword", label: "Temporary Password", format: "secret" }
203
+ ]
204
+ }
122
205
  },
123
206
  {
124
207
  name: "set_user_role",
@@ -437,6 +520,37 @@ var SysUser = data.ObjectSchema.create({
437
520
  group: "Admin",
438
521
  description: "Timestamp of the last password change. Backs password_expiry_days; system-managed."
439
522
  }),
523
+ // #2766 V1.5 — phone-number sign-in identifier (better-auth phoneNumber
524
+ // plugin, mapped via buildPhoneNumberPluginSchema). Unique when present;
525
+ // null for email-only accounts. Written through better-auth, not CRUD.
526
+ phone_number: data.Field.text({
527
+ label: "Phone Number",
528
+ required: false,
529
+ readonly: true,
530
+ searchable: true,
531
+ maxLength: 32,
532
+ group: "Account",
533
+ description: "Sign-in phone number (E.164 recommended). Unique per user; managed by better-auth when the phoneNumber plugin is enabled."
534
+ }),
535
+ phone_number_verified: data.Field.boolean({
536
+ label: "Phone Verified",
537
+ defaultValue: false,
538
+ readonly: true,
539
+ group: "Account",
540
+ description: "Whether the phone number has been verified (OTP verification requires SMS infrastructure; false until that ships). System-managed."
541
+ }),
542
+ // #2766 V1 — admin-issued "must change password on next sign-in" flag.
543
+ // Set by the /admin/create-user and /admin/set-user-password routes when
544
+ // a temporary password is issued; enforced through the ADR-0069 authGate
545
+ // (surfaces as PASSWORD_EXPIRED); cleared by stampPasswordChangedAt once
546
+ // the user completes a password change.
547
+ must_change_password: data.Field.boolean({
548
+ label: "Must Change Password",
549
+ defaultValue: false,
550
+ readonly: true,
551
+ group: "Admin",
552
+ description: "When true, the user is blocked (403 PASSWORD_EXPIRED) until they change their password. Stamped by the admin user-management routes; system-managed."
553
+ }),
440
554
  // ADR-0069 D3 — when enforced MFA first applied to this user; starts the
441
555
  // grace clock. Stamped lazily at session validation; system-managed.
442
556
  mfa_required_at: data.Field.datetime({
@@ -534,7 +648,10 @@ var SysUser = data.ObjectSchema.create({
534
648
  },
535
649
  indexes: [
536
650
  { fields: ["email"], unique: true },
537
- { fields: ["created_at"], unique: false }
651
+ { fields: ["created_at"], unique: false },
652
+ // #2766 V1.5 — phone sign-in identifier; unique when present (null for
653
+ // email-only accounts), also the upsert match key for identity import.
654
+ { fields: ["phone_number"], unique: true }
538
655
  ],
539
656
  enable: {
540
657
  trackHistory: true,
@@ -5350,12 +5467,12 @@ var SETUP_NAV_CONTRIBUTIONS = [
5350
5467
  {
5351
5468
  app: "setup",
5352
5469
  group: "group_access_control",
5353
- // Priority 300 keeps API Keys after plugin-security's Roles / Permission
5470
+ // Priority 300 keeps API Keys after plugin-security's Positions / Permission
5354
5471
  // Sets (100) and plugin-sharing's Sharing Rules / Record Shares (200),
5355
5472
  // preserving the original menu order.
5356
5473
  priority: 300,
5357
5474
  items: [
5358
- // Roles / Permission Sets are contributed by @objectstack/plugin-security
5475
+ // Positions / Permission Sets are contributed by @objectstack/plugin-security
5359
5476
  // and Sharing Rules / Record Shares by @objectstack/plugin-sharing
5360
5477
  // (ADR-0029 K2). Only API Keys (sys_api_key, an identity object owned by
5361
5478
  // plugin-auth) remains a platform-objects base entry here.
@@ -8708,7 +8825,7 @@ var en = {
8708
8825
  nav_organizations: { label: "Organizations" },
8709
8826
  nav_invitations: { label: "Invitations" },
8710
8827
  // Access Control
8711
- nav_roles: { label: "Roles" },
8828
+ nav_positions: { label: "Positions" },
8712
8829
  nav_permission_sets: { label: "Permission Sets" },
8713
8830
  nav_sharing_rules: { label: "Sharing Rules" },
8714
8831
  nav_record_shares: { label: "Record Shares" },
@@ -11451,12 +11568,13 @@ var zhCN = {
11451
11568
  nav_teams: { label: "\u56E2\u961F" },
11452
11569
  nav_organizations: { label: "\u7EC4\u7EC7" },
11453
11570
  nav_invitations: { label: "\u9080\u8BF7" },
11454
- nav_roles: { label: "\u89D2\u8272" },
11571
+ nav_positions: { label: "\u5C97\u4F4D" },
11455
11572
  nav_capabilities: { label: "\u80FD\u529B" },
11456
11573
  nav_permission_sets: { label: "\u6743\u9650\u96C6" },
11457
11574
  nav_sharing_rules: { label: "\u5171\u4EAB\u89C4\u5219" },
11458
11575
  nav_record_shares: { label: "\u8BB0\u5F55\u5171\u4EAB" },
11459
11576
  nav_api_keys: { label: "API \u5BC6\u94A5" },
11577
+ nav_connect_agent: { label: "\u8FDE\u63A5\u667A\u80FD\u4F53" },
11460
11578
  nav_approval_processes: { label: "\u5BA1\u6279\u6D41\u7A0B" },
11461
11579
  nav_approval_requests: { label: "\u5BA1\u6279\u7533\u8BF7" },
11462
11580
  nav_approval_actions: { label: "\u5BA1\u6279\u5386\u53F2" },
@@ -14160,7 +14278,7 @@ var jaJP = {
14160
14278
  nav_teams: { label: "\u30C1\u30FC\u30E0" },
14161
14279
  nav_organizations: { label: "\u7D44\u7E54" },
14162
14280
  nav_invitations: { label: "\u62DB\u5F85" },
14163
- nav_roles: { label: "\u30ED\u30FC\u30EB" },
14281
+ nav_positions: { label: "\u30DD\u30B8\u30B7\u30E7\u30F3" },
14164
14282
  nav_permission_sets: { label: "\u6A29\u9650\u30BB\u30C3\u30C8" },
14165
14283
  nav_sharing_rules: { label: "\u5171\u6709\u30EB\u30FC\u30EB" },
14166
14284
  nav_record_shares: { label: "\u30EC\u30B3\u30FC\u30C9\u5171\u6709" },
@@ -16867,7 +16985,7 @@ var esES = {
16867
16985
  nav_teams: { label: "Equipos" },
16868
16986
  nav_organizations: { label: "Organizaciones" },
16869
16987
  nav_invitations: { label: "Invitaciones" },
16870
- nav_roles: { label: "Roles" },
16988
+ nav_positions: { label: "Posiciones" },
16871
16989
  nav_permission_sets: { label: "Conjuntos de Permisos" },
16872
16990
  nav_sharing_rules: { label: "Reglas de Compartici\xF3n" },
16873
16991
  nav_record_shares: { label: "Registros Compartidos" },
@@ -17121,6 +17239,38 @@ var SysUserDetailPage = {
17121
17239
  type: "line",
17122
17240
  position: "top",
17123
17241
  items: [
17242
+ {
17243
+ label: "Positions",
17244
+ icon: "shield-check",
17245
+ children: [
17246
+ {
17247
+ // [ADR-0090 D3] Position assignments (岗位分派) — pure SDUI:
17248
+ // the Add picker creates sys_user_position rows storing the
17249
+ // position's MACHINE NAME (valueField: 'name'), and every
17250
+ // server-side rule (the D12 delegated-admin gate, audience-
17251
+ // anchor rejection) surfaces its error in the dialog.
17252
+ type: "record:related_list",
17253
+ properties: {
17254
+ objectName: "sys_user_position",
17255
+ relationshipField: "user_id",
17256
+ columns: ["position", "business_unit_id", "granted_by", "created_at"],
17257
+ sort: [{ field: "created_at", order: "desc" }],
17258
+ limit: 25,
17259
+ showViewAll: true,
17260
+ title: "Positions",
17261
+ add: {
17262
+ picker: {
17263
+ object: "sys_position",
17264
+ valueField: "name",
17265
+ labelField: "label"
17266
+ },
17267
+ linkField: "position",
17268
+ label: "Assign position"
17269
+ }
17270
+ }
17271
+ }
17272
+ ]
17273
+ },
17124
17274
  {
17125
17275
  label: "Sessions",
17126
17276
  icon: "monitor",
@@ -17327,6 +17477,84 @@ var SysUserDetailPage = {
17327
17477
  }
17328
17478
  };
17329
17479
 
17480
+ // src/pages/sys-position.page.ts
17481
+ var SysPositionDetailPage = {
17482
+ name: "sys_position_detail",
17483
+ label: "Position",
17484
+ type: "record",
17485
+ object: "sys_position",
17486
+ template: "default",
17487
+ kind: "slotted",
17488
+ isDefault: true,
17489
+ regions: [],
17490
+ slots: {
17491
+ tabs: {
17492
+ type: "page:tabs",
17493
+ properties: {
17494
+ type: "line",
17495
+ position: "top",
17496
+ items: [
17497
+ {
17498
+ label: "Holders",
17499
+ icon: "users",
17500
+ children: [
17501
+ {
17502
+ type: "record:related_list",
17503
+ properties: {
17504
+ objectName: "sys_user_position",
17505
+ relationshipField: "position",
17506
+ relationshipValueField: "name",
17507
+ columns: ["user_id", "business_unit_id", "granted_by", "created_at"],
17508
+ sort: [{ field: "created_at", order: "desc" }],
17509
+ limit: 25,
17510
+ showViewAll: true,
17511
+ title: "Holders",
17512
+ add: {
17513
+ picker: {
17514
+ object: "sys_user",
17515
+ labelField: "name"
17516
+ },
17517
+ linkField: "user_id",
17518
+ label: "Assign user"
17519
+ }
17520
+ }
17521
+ }
17522
+ ]
17523
+ },
17524
+ {
17525
+ label: "Permission Sets",
17526
+ icon: "lock",
17527
+ children: [
17528
+ {
17529
+ type: "record:related_list",
17530
+ properties: {
17531
+ objectName: "sys_position_permission_set",
17532
+ relationshipField: "position_id",
17533
+ columns: ["permission_set_id", "created_at"],
17534
+ sort: [{ field: "created_at", order: "desc" }],
17535
+ limit: 25,
17536
+ showViewAll: true,
17537
+ title: "Permission Sets",
17538
+ add: {
17539
+ picker: {
17540
+ object: "sys_permission_set",
17541
+ labelField: "label"
17542
+ },
17543
+ linkField: "permission_set_id",
17544
+ label: "Bind permission set"
17545
+ }
17546
+ }
17547
+ }
17548
+ ]
17549
+ }
17550
+ ]
17551
+ }
17552
+ },
17553
+ // No Chatter feed on an RBAC primitive.
17554
+ discussion: []
17555
+ }
17556
+ };
17557
+
17330
17558
  // src/apps/translations/en.metadata-forms.generated.ts
17331
17559
  var enMetadataForms = {
17332
17560
  object: {
@@ -18658,67 +18886,12 @@ var enMetadataForms = {
18658
18886
  }
18659
18887
  }
18660
18888
  },
18661
- profile: {
18662
- label: "Profile",
18889
+ position: {
18890
+ label: "Position",
18663
18891
  sections: {
18664
- identity: {
18665
- label: "Identity",
18666
- description: "Permission Sets stack on top of a Profile to grant additional access. Profiles are the base set assigned 1:1 to each user."
18667
- },
18668
- system_permissions: {
18669
- label: "System Permissions",
18670
- description: "High-level capabilities not tied to a specific object \u2014 e.g. manage_users, view_audit_logs."
18671
- },
18672
- object_and_field_permissions: {
18673
- label: "Object & Field Permissions",
18674
- description: "Per-object CRUD + per-field FLS. Edit via the matrix editor or paste JSON here."
18675
- },
18676
- tab_and_row_level_security: {
18677
- label: "Tab & Row-Level Security",
18678
- description: "Tab visibility, RLS policies, and custom context variables for predicate evaluation."
18679
- }
18680
- },
18681
- fields: {
18682
- name: {
18683
- label: "Name",
18684
- helpText: "Machine name (snake_case)"
18685
- },
18686
- label: {
18687
- label: "Label",
18688
- helpText: "Display label for admins"
18689
- },
18690
- systemPermissions: {
18691
- label: "System Permissions",
18692
- helpText: "List of system capability keys"
18693
- },
18694
- objects: {
18695
- label: "Objects",
18696
- helpText: '{ "account": { allowRead: true, allowEdit: true, ... } }'
18697
- },
18698
- fields: {
18699
- label: "Fields",
18700
- helpText: '{ "account.amount": { readable: true, editable: false } }'
18701
- },
18702
- tabPermissions: {
18703
- label: "Tab Permissions",
18704
- helpText: '{ "app_crm": "visible", "app_admin": "hidden" }'
18705
- },
18706
- rowLevelSecurity: {
18707
- label: "Row Level Security",
18708
- helpText: "Array of RLS policies (see rls.zod.ts)"
18709
- },
18710
- contextVariables: {
18711
- label: "Context Variables",
18712
- helpText: "Custom variables referenced in RLS predicates"
18713
- }
18714
- }
18715
- },
18716
- role: {
18717
- label: "Role",
18718
- sections: {
18719
- role: {
18720
- label: "Role",
18721
- description: "Roles compose a hierarchy used for record sharing (sales VP \u2192 sales mgr \u2192 sales rep). Permissions themselves live on Permission Sets and Profiles."
18892
+ position: {
18893
+ label: "Position",
18894
+ description: "A position is a flat, assignable bundle of permission sets (e.g. sales_rep, sales_manager). Capability lives on permission sets; visibility depth lives on the business-unit tree."
18722
18895
  }
18723
18896
  },
18724
18897
  fields: {
@@ -18729,10 +18902,6 @@ var enMetadataForms = {
18729
18902
  label: {
18730
18903
  label: "Label"
18731
18904
  },
18732
- parent: {
18733
- label: "Parent",
18734
- helpText: "Parent role machine name (Reports To)"
18735
- },
18736
18905
  description: {
18737
18906
  label: "Description"
18738
18907
  }
@@ -20288,67 +20457,12 @@ var zhCNMetadataForms = {
20288
20457
  }
20289
20458
  }
20290
20459
  },
20291
- profile: {
20292
- label: "\u914D\u7F6E\u6587\u4EF6",
20460
+ position: {
20461
+ label: "\u5C97\u4F4D",
20293
20462
  sections: {
20294
- identity: {
20295
- label: "\u6807\u8BC6",
20296
- description: "\u6743\u9650\u96C6\u53E0\u52A0\u5728\u914D\u7F6E\u6587\u4EF6\u4E4B\u4E0A\u4EE5\u6388\u4E88\u989D\u5916\u7684\u8BBF\u95EE\u6743\u9650\u3002\u914D\u7F6E\u6587\u4EF6\u662F\u6309 1:1 \u5206\u914D\u7ED9\u6BCF\u4E2A\u7528\u6237\u7684\u57FA\u7840\u96C6\u5408\u3002"
20297
- },
20298
- system_permissions: {
20299
- label: "\u7CFB\u7EDF\u6743\u9650",
20300
- description: "\u4E0E\u7279\u5B9A\u5BF9\u8C61\u65E0\u5173\u7684\u9AD8\u7EA7\u80FD\u529B\u2014\u2014\u4F8B\u5982 manage_users\u3001view_audit_logs\u3002"
20301
- },
20302
- object_and_field_permissions: {
20303
- label: "\u5BF9\u8C61\u4E0E\u5B57\u6BB5\u6743\u9650",
20304
- description: "\u6309\u5BF9\u8C61\u7684\u589E\u5220\u6539\u67E5 + \u6309\u5B57\u6BB5\u7684\u5B57\u6BB5\u7EA7\u5B89\u5168\uFF08FLS\uFF09\u3002\u53EF\u901A\u8FC7\u77E9\u9635\u7F16\u8F91\u5668\u7F16\u8F91\uFF0C\u6216\u5728\u6B64\u5904\u7C98\u8D34 JSON\u3002"
20305
- },
20306
- tab_and_row_level_security: {
20307
- label: "\u6807\u7B7E\u9875\u4E0E\u884C\u7EA7\u5B89\u5168",
20308
- description: "\u6807\u7B7E\u9875\u53EF\u89C1\u6027\u3001RLS \u7B56\u7565\uFF0C\u4EE5\u53CA\u7528\u4E8E\u8C13\u8BCD\u6C42\u503C\u7684\u81EA\u5B9A\u4E49\u4E0A\u4E0B\u6587\u53D8\u91CF\u3002"
20309
- }
20310
- },
20311
- fields: {
20312
- name: {
20313
- label: "\u540D\u79F0",
20314
- helpText: "\u673A\u5668\u540D\uFF08snake_case\uFF09"
20315
- },
20316
- label: {
20317
- label: "\u663E\u793A\u540D\u79F0",
20318
- helpText: "\u9762\u5411\u7BA1\u7406\u5458\u663E\u793A\u7684\u6807\u7B7E"
20319
- },
20320
- systemPermissions: {
20321
- label: "\u7CFB\u7EDF\u6743\u9650",
20322
- helpText: "\u7CFB\u7EDF\u80FD\u529B\u952E\u5217\u8868"
20323
- },
20324
- objects: {
20325
- label: "\u5BF9\u8C61\u6743\u9650",
20326
- helpText: '\u793A\u4F8B\uFF1A{ "account": { allowRead: true, allowEdit: true, ... } }'
20327
- },
20328
- fields: {
20329
- label: "\u5B57\u6BB5",
20330
- helpText: '\u793A\u4F8B\uFF1A{ "account.amount": { readable: true, editable: false } }'
20331
- },
20332
- tabPermissions: {
20333
- label: "\u6807\u7B7E\u9875\u6743\u9650",
20334
- helpText: '\u793A\u4F8B\uFF1A{ "app_crm": "visible", "app_admin": "hidden" }'
20335
- },
20336
- rowLevelSecurity: {
20337
- label: "\u884C\u7EA7\u5B89\u5168",
20338
- helpText: "RLS \u7B56\u7565\u6570\u7EC4\uFF08\u53C2\u89C1 rls.zod.ts\uFF09"
20339
- },
20340
- contextVariables: {
20341
- label: "\u4E0A\u4E0B\u6587\u53D8\u91CF",
20342
- helpText: "RLS \u8C13\u8BCD\u4E2D\u5F15\u7528\u7684\u81EA\u5B9A\u4E49\u53D8\u91CF"
20343
- }
20344
- }
20345
- },
20346
- role: {
20347
- label: "\u89D2\u8272",
20348
- sections: {
20349
- role: {
20350
- label: "\u89D2\u8272\u5B9A\u4E49",
20351
- description: "\u89D2\u8272\u540D\u79F0\u4E0E\u7EE7\u627F\u5173\u7CFB"
20463
+ position: {
20464
+ label: "\u5C97\u4F4D",
20465
+ description: "\u5C97\u4F4D\u662F\u6241\u5E73\u7684\u3001\u53EF\u5206\u914D\u7684\u6743\u9650\u96C6\u7EC4\u5408(\u5982 sales_rep\u3001sales_manager)\u3002\u80FD\u529B\u5728\u6743\u9650\u96C6\u4E0A;\u53EF\u89C1\u8303\u56F4\u6DF1\u5EA6\u5728\u4E1A\u52A1\u5355\u5143\u6811\u4E0A\u3002"
20352
20466
  }
20353
20467
  },
20354
20468
  fields: {
@@ -20359,10 +20473,6 @@ var zhCNMetadataForms = {
20359
20473
  label: {
20360
20474
  label: "\u663E\u793A\u540D\u79F0"
20361
20475
  },
20362
- parent: {
20363
- label: "\u7236\u7EA7",
20364
- helpText: "\u7EE7\u627F\u7236\u89D2\u8272\u7684\u6743\u9650"
20365
- },
20366
20476
  description: {
20367
20477
  label: "\u63CF\u8FF0"
20368
20478
  }
@@ -21918,67 +22028,12 @@ var jaJPMetadataForms = {
21918
22028
  }
21919
22029
  }
21920
22030
  },
21921
- profile: {
21922
- label: "\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB",
21923
- sections: {
21924
- identity: {
21925
- label: "ID",
21926
- description: "\u6A29\u9650\u30BB\u30C3\u30C8\u306F\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u306B\u8FFD\u52A0\u30A2\u30AF\u30BB\u30B9\u6A29\u3092\u91CD\u306D\u308B\u3002\u30D7\u30ED\u30D5\u30A1\u30A4\u30EB\u306F\u5404\u30E6\u30FC\u30B6\u30FC\u306B 1:1 \u3067\u5272\u308A\u5F53\u3066\u308B\u57FA\u672C\u30BB\u30C3\u30C8\u3002"
21927
- },
21928
- system_permissions: {
21929
- label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21930
- description: "\u7279\u5B9A\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u306B\u7D10\u3065\u304B\u306A\u3044\u9AD8\u30EC\u30D9\u30EB\u6A5F\u80FD \u2014 \u4F8B: manage_users, view_audit_logs\u3002"
21931
- },
21932
- object_and_field_permissions: {
21933
- label: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u3068\u30D5\u30A3\u30FC\u30EB\u30C9\u6A29\u9650",
21934
- description: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u5358\u4F4D\u306E CRUD + \u30D5\u30A3\u30FC\u30EB\u30C9\u5358\u4F4D\u306E FLS\u3002\u30DE\u30C8\u30EA\u30C3\u30AF\u30B9\u30A8\u30C7\u30A3\u30BF\u30FC\u3067\u7DE8\u96C6\u3001\u307E\u305F\u306F\u3053\u3053\u306B JSON \u3092\u8CBC\u308A\u4ED8\u3051\u3002"
21935
- },
21936
- tab_and_row_level_security: {
21937
- label: "\u30BF\u30D6\u3068\u884C\u30EC\u30D9\u30EB\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3",
21938
- description: "\u30BF\u30D6\u8868\u793A\u3001RLS \u30DD\u30EA\u30B7\u30FC\u3001\u8FF0\u8A9E\u8A55\u4FA1\u7528\u30AB\u30B9\u30BF\u30E0\u30B3\u30F3\u30C6\u30AD\u30B9\u30C8\u5909\u6570\u3002"
21939
- }
21940
- },
21941
- fields: {
21942
- name: {
21943
- label: "\u540D\u524D",
21944
- helpText: "\u30DE\u30B7\u30F3\u540D\uFF08snake_case\uFF09"
21945
- },
21946
- label: {
21947
- label: "\u8868\u793A\u540D",
21948
- helpText: "\u7BA1\u7406\u8005\u5411\u3051\u8868\u793A\u30E9\u30D9\u30EB"
21949
- },
21950
- systemPermissions: {
21951
- label: "\u30B7\u30B9\u30C6\u30E0\u6A29\u9650",
21952
- helpText: "\u30B7\u30B9\u30C6\u30E0\u6A5F\u80FD\u30AD\u30FC\u306E\u30EA\u30B9\u30C8"
21953
- },
21954
- objects: {
21955
- label: "\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u6A29\u9650",
21956
- helpText: '\u4F8B: { "account": { allowRead: true, allowEdit: true, ... } }'
21957
- },
21958
- fields: {
21959
- label: "\u30D5\u30A3\u30FC\u30EB\u30C9",
21960
- helpText: '\u4F8B: { "account.amount": { readable: true, editable: false } }'
21961
- },
21962
- tabPermissions: {
21963
- label: "\u30BF\u30D6\u6A29\u9650",
21964
- helpText: '\u4F8B: { "app_crm": "visible", "app_admin": "hidden" }'
21965
- },
21966
- rowLevelSecurity: {
21967
- label: "\u884C\u30EC\u30D9\u30EB\u30BB\u30AD\u30E5\u30EA\u30C6\u30A3",
21968
- helpText: "RLS \u30DD\u30EA\u30B7\u30FC\u306E\u914D\u5217\uFF08rls.zod.ts \u53C2\u7167\uFF09"
21969
- },
21970
- contextVariables: {
21971
- label: "\u30B3\u30F3\u30C6\u30AD\u30B9\u30C8\u5909\u6570",
21972
- helpText: "RLS \u8FF0\u8A9E\u3067\u53C2\u7167\u3059\u308B\u30AB\u30B9\u30BF\u30E0\u5909\u6570"
21973
- }
21974
- }
21975
- },
21976
- role: {
21977
- label: "\u30ED\u30FC\u30EB",
22031
+ position: {
22032
+ label: "\u30DD\u30B8\u30B7\u30E7\u30F3",
21978
22033
  sections: {
21979
- role: {
21980
- label: "\u30ED\u30FC\u30EB",
21981
- description: "\u30ED\u30FC\u30EB\u306F\u30EC\u30B3\u30FC\u30C9\u5171\u6709\u306B\u4F7F\u3046\u968E\u5C64\u3092\u69CB\u6210\uFF08sales VP \u2192 sales mgr \u2192 sales rep\uFF09\u3002\u6A29\u9650\u81EA\u4F53\u306F Permission Sets \u3068 Profiles \u306B\u5B58\u5728\u3002"
22034
+ position: {
22035
+ label: "\u30DD\u30B8\u30B7\u30E7\u30F3",
22036
+ description: "\u30DD\u30B8\u30B7\u30E7\u30F3\u306F\u6A29\u9650\u30BB\u30C3\u30C8\u3092\u307E\u3068\u3081\u3066\u5272\u308A\u5F53\u3066\u308B\u30D5\u30E9\u30C3\u30C8\u306A\u5358\u4F4D(\u4F8B: sales_rep\u3001sales_manager)\u3002\u80FD\u529B\u306F\u6A29\u9650\u30BB\u30C3\u30C8\u306B\u3001\u53EF\u8996\u7BC4\u56F2\u306E\u6DF1\u3055\u306F\u30D3\u30B8\u30CD\u30B9\u30E6\u30CB\u30C3\u30C8\u30C4\u30EA\u30FC\u306B\u3042\u308A\u307E\u3059\u3002"
21982
22037
  }
21983
22038
  },
21984
22039
  fields: {
@@ -21989,10 +22044,6 @@ var jaJPMetadataForms = {
21989
22044
  label: {
21990
22045
  label: "\u8868\u793A\u540D"
21991
22046
  },
21992
- parent: {
21993
- label: "\u89AA",
21994
- helpText: "\u89AA\u30ED\u30FC\u30EB\u306E\u30DE\u30B7\u30F3\u540D\uFF08Reports To\uFF09"
21995
- },
21996
22047
  description: {
21997
22048
  label: "\u8AAC\u660E"
21998
22049
  }
@@ -23548,67 +23599,12 @@ var esESMetadataForms = {
23548
23599
  }
23549
23600
  }
23550
23601
  },
23551
- profile: {
23552
- label: "Perfil",
23602
+ position: {
23603
+ label: "Posici\xF3n",
23553
23604
  sections: {
23554
- identity: {
23555
- label: "Identidad",
23556
- description: "Los conjuntos de permisos se apilan sobre un perfil para conceder acceso adicional. Los perfiles son el conjunto base asignado 1:1 a cada usuario."
23557
- },
23558
- system_permissions: {
23559
- label: "Permisos del sistema",
23560
- description: "Capacidades de alto nivel no vinculadas a un objeto espec\xEDfico \u2014 p. ej. manage_users, view_audit_logs."
23561
- },
23562
- object_and_field_permissions: {
23563
- label: "Permisos de objeto y campo",
23564
- description: "CRUD por objeto + FLS por campo. Edita mediante el editor matricial o pega JSON aqu\xED."
23565
- },
23566
- tab_and_row_level_security: {
23567
- label: "Pesta\xF1a y seguridad a nivel de fila",
23568
- description: "Visibilidad de pesta\xF1as, pol\xEDticas RLS y variables de contexto personalizadas para evaluar predicados."
23569
- }
23570
- },
23571
- fields: {
23572
- name: {
23573
- label: "Nombre",
23574
- helpText: "Nombre de m\xE1quina (snake_case)"
23575
- },
23576
- label: {
23577
- label: "Etiqueta",
23578
- helpText: "Etiqueta mostrada para administradores"
23579
- },
23580
- systemPermissions: {
23581
- label: "Permisos del sistema",
23582
- helpText: "Lista de claves de capacidades del sistema"
23583
- },
23584
- objects: {
23585
- label: "Permisos de objeto",
23586
- helpText: 'Ejemplo: { "account": { allowRead: true, allowEdit: true, ... } }'
23587
- },
23588
- fields: {
23589
- label: "Campos",
23590
- helpText: 'Ejemplo: { "account.amount": { readable: true, editable: false } }'
23591
- },
23592
- tabPermissions: {
23593
- label: "Permisos de pesta\xF1a",
23594
- helpText: 'Ejemplo: { "app_crm": "visible", "app_admin": "hidden" }'
23595
- },
23596
- rowLevelSecurity: {
23597
- label: "Seguridad a nivel de fila",
23598
- helpText: "Array de pol\xEDticas RLS (ver rls.zod.ts)"
23599
- },
23600
- contextVariables: {
23601
- label: "Variables de contexto",
23602
- helpText: "Variables personalizadas referenciadas en predicados RLS"
23603
- }
23604
- }
23605
- },
23606
- role: {
23607
- label: "Rol",
23608
- sections: {
23609
- role: {
23610
- label: "Rol",
23611
- description: "Los roles componen una jerarqu\xEDa usada para compartir registros (sales VP \u2192 sales mgr \u2192 sales rep). Los permisos en s\xED residen en Permission Sets y Profiles."
23605
+ position: {
23606
+ label: "Posici\xF3n",
23607
+ description: "Una posici\xF3n es un conjunto plano y asignable de permission sets (p. ej. sales_rep, sales_manager). La capacidad reside en los permission sets; la profundidad de visibilidad en el \xE1rbol de unidades de negocio."
23612
23608
  }
23613
23609
  },
23614
23610
  fields: {
@@ -23619,10 +23615,6 @@ var esESMetadataForms = {
23619
23615
  label: {
23620
23616
  label: "Etiqueta"
23621
23617
  },
23622
- parent: {
23623
- label: "Padre",
23624
- helpText: "Nombre de m\xE1quina del rol padre (Reports To)"
23625
- },
23626
23618
  description: {
23627
23619
  label: "Descripci\xF3n"
23628
23620
  }
@@ -23953,6 +23945,7 @@ exports.SysOauthConsent = SysOauthConsent;
23953
23945
  exports.SysOauthRefreshToken = SysOauthRefreshToken;
23954
23946
  exports.SysOrganization = SysOrganization;
23955
23947
  exports.SysOrganizationDetailPage = SysOrganizationDetailPage;
23948
+ exports.SysPositionDetailPage = SysPositionDetailPage;
23956
23949
  exports.SysReportSchedule = SysReportSchedule;
23957
23950
  exports.SysSavedReport = SysSavedReport;
23958
23951
  exports.SysScimProvider = SysScimProvider;