npm - @objectstack/platform-objects - Versions diffs - 6.5.1 → 6.6.0 - Mend

@objectstack/platform-objects 6.5.1 → 6.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/apps/index.d.mts +14 -0
package/dist/apps/index.d.ts +14 -0
package/dist/identity/index.d.mts +110 -1
package/dist/identity/index.d.ts +110 -1
package/dist/identity/index.js +120 -1
package/dist/identity/index.js.map +1 -1
package/dist/identity/index.mjs +120 -1
package/dist/identity/index.mjs.map +1 -1
package/dist/index.js +255 -1
package/dist/index.js.map +1 -1
package/dist/index.mjs +255 -1
package/dist/index.mjs.map +1 -1
package/dist/security/index.d.mts +150 -0
package/dist/security/index.d.ts +150 -0
package/dist/security/index.js +135 -0
package/dist/security/index.js.map +1 -1
package/dist/security/index.mjs +135 -0
package/dist/security/index.mjs.map +1 -1
package/package.json +2 -2

package/dist/security/index.d.mts CHANGED Viewed

@@ -688,6 +688,88 @@ declare const SysRole: Omit<{
     readonly displayNameField: "label";
     readonly titleFormat: "{label}";
     readonly compactLayout: ["label", "name", "active", "is_default"];
+    readonly actions: [{
+        readonly name: "activate_role";
+        readonly label: "Activate Role";
+        readonly icon: "circle-check";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Role activated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "deactivate_role";
+        readonly label: "Deactivate Role";
+        readonly icon: "circle-off";
+        readonly variant: "danger";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly active: false;
+        };
+        readonly confirmText: "Deactivate this role? Users with the role keep their assignment but the role stops granting permissions until re-activated.";
+        readonly successMessage: "Role deactivated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "set_default_role";
+        readonly label: "Set as Default";
+        readonly icon: "star";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly is_default: true;
+        };
+        readonly confirmText: "Make this the default role for new users? Existing users are unaffected.";
+        readonly successMessage: "Default role updated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "clone_role";
+        readonly label: "Clone Role";
+        readonly icon: "copy";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "POST";
+        readonly target: "/api/v1/data/sys_role";
+        readonly bodyExtra: {
+            readonly is_default: false;
+            readonly active: true;
+        };
+        readonly successMessage: "Role cloned";
+        readonly refreshAfter: true;
+        readonly params: [{
+            readonly name: "label";
+            readonly label: "New Display Name";
+            readonly type: "text";
+            readonly required: true;
+        }, {
+            readonly name: "name";
+            readonly label: "New API Name";
+            readonly type: "text";
+            readonly required: true;
+            readonly helpText: "Unique snake_case machine name";
+        }, {
+            readonly field: "description";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "permissions";
+            readonly defaultFromRow: true;
+        }];
+    }];
     readonly listViews: {
         readonly active: {
             readonly type: "grid";
@@ -3052,6 +3134,74 @@ declare const SysPermissionSet: Omit<{
     readonly displayNameField: "label";
     readonly titleFormat: "{label}";
     readonly compactLayout: ["label", "name", "active"];
+    readonly actions: [{
+        readonly name: "activate_permission_set";
+        readonly label: "Activate";
+        readonly icon: "circle-check";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_permission_set/{id}";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Permission set activated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "deactivate_permission_set";
+        readonly label: "Deactivate";
+        readonly icon: "circle-off";
+        readonly variant: "danger";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_permission_set/{id}";
+        readonly bodyExtra: {
+            readonly active: false;
+        };
+        readonly confirmText: "Deactivate this permission set? Existing assignments stay in place but stop granting access until re-activated.";
+        readonly successMessage: "Permission set deactivated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "clone_permission_set";
+        readonly label: "Clone";
+        readonly icon: "copy";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "POST";
+        readonly target: "/api/v1/data/sys_permission_set";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Permission set cloned";
+        readonly refreshAfter: true;
+        readonly params: [{
+            readonly name: "label";
+            readonly label: "New Display Name";
+            readonly type: "text";
+            readonly required: true;
+        }, {
+            readonly name: "name";
+            readonly label: "New API Name";
+            readonly type: "text";
+            readonly required: true;
+            readonly helpText: "Unique snake_case machine name";
+        }, {
+            readonly field: "description";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "object_permissions";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "field_permissions";
+            readonly defaultFromRow: true;
+        }];
+    }];
     readonly listViews: {
         readonly active: {
             readonly type: "grid";

package/dist/security/index.d.ts CHANGED Viewed

@@ -688,6 +688,88 @@ declare const SysRole: Omit<{
     readonly displayNameField: "label";
     readonly titleFormat: "{label}";
     readonly compactLayout: ["label", "name", "active", "is_default"];
+    readonly actions: [{
+        readonly name: "activate_role";
+        readonly label: "Activate Role";
+        readonly icon: "circle-check";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Role activated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "deactivate_role";
+        readonly label: "Deactivate Role";
+        readonly icon: "circle-off";
+        readonly variant: "danger";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly active: false;
+        };
+        readonly confirmText: "Deactivate this role? Users with the role keep their assignment but the role stops granting permissions until re-activated.";
+        readonly successMessage: "Role deactivated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "set_default_role";
+        readonly label: "Set as Default";
+        readonly icon: "star";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_role/{id}";
+        readonly bodyExtra: {
+            readonly is_default: true;
+        };
+        readonly confirmText: "Make this the default role for new users? Existing users are unaffected.";
+        readonly successMessage: "Default role updated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "clone_role";
+        readonly label: "Clone Role";
+        readonly icon: "copy";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "POST";
+        readonly target: "/api/v1/data/sys_role";
+        readonly bodyExtra: {
+            readonly is_default: false;
+            readonly active: true;
+        };
+        readonly successMessage: "Role cloned";
+        readonly refreshAfter: true;
+        readonly params: [{
+            readonly name: "label";
+            readonly label: "New Display Name";
+            readonly type: "text";
+            readonly required: true;
+        }, {
+            readonly name: "name";
+            readonly label: "New API Name";
+            readonly type: "text";
+            readonly required: true;
+            readonly helpText: "Unique snake_case machine name";
+        }, {
+            readonly field: "description";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "permissions";
+            readonly defaultFromRow: true;
+        }];
+    }];
     readonly listViews: {
         readonly active: {
             readonly type: "grid";
@@ -3052,6 +3134,74 @@ declare const SysPermissionSet: Omit<{
     readonly displayNameField: "label";
     readonly titleFormat: "{label}";
     readonly compactLayout: ["label", "name", "active"];
+    readonly actions: [{
+        readonly name: "activate_permission_set";
+        readonly label: "Activate";
+        readonly icon: "circle-check";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_permission_set/{id}";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Permission set activated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "deactivate_permission_set";
+        readonly label: "Deactivate";
+        readonly icon: "circle-off";
+        readonly variant: "danger";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "PATCH";
+        readonly target: "/api/v1/data/sys_permission_set/{id}";
+        readonly bodyExtra: {
+            readonly active: false;
+        };
+        readonly confirmText: "Deactivate this permission set? Existing assignments stay in place but stop granting access until re-activated.";
+        readonly successMessage: "Permission set deactivated";
+        readonly refreshAfter: true;
+    }, {
+        readonly name: "clone_permission_set";
+        readonly label: "Clone";
+        readonly icon: "copy";
+        readonly variant: "secondary";
+        readonly mode: "custom";
+        readonly locations: ["list_item", "record_header"];
+        readonly type: "api";
+        readonly method: "POST";
+        readonly target: "/api/v1/data/sys_permission_set";
+        readonly bodyExtra: {
+            readonly active: true;
+        };
+        readonly successMessage: "Permission set cloned";
+        readonly refreshAfter: true;
+        readonly params: [{
+            readonly name: "label";
+            readonly label: "New Display Name";
+            readonly type: "text";
+            readonly required: true;
+        }, {
+            readonly name: "name";
+            readonly label: "New API Name";
+            readonly type: "text";
+            readonly required: true;
+            readonly helpText: "Unique snake_case machine name";
+        }, {
+            readonly field: "description";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "object_permissions";
+            readonly defaultFromRow: true;
+        }, {
+            readonly field: "field_permissions";
+            readonly defaultFromRow: true;
+        }];
+    }];
     readonly listViews: {
         readonly active: {
             readonly type: "grid";

package/dist/security/index.js CHANGED Viewed

@@ -15,6 +15,83 @@ var SysRole = data.ObjectSchema.create({
   displayNameField: "label",
   titleFormat: "{label}",
   compactLayout: ["label", "name", "active", "is_default"],
+  // Custom actions — system roles drive RBAC and are edited rarely but
+  // require the four high-frequency sysadmin affordances every IdP
+  // (Salesforce, ServiceNow, Okta) ships: activate/deactivate (lifecycle
+  // without losing assignments), mark default (auto-assign to new users),
+  // and clone (template for new roles). All operations hit the generic
+  // data CRUD endpoint exposed by `apiEnabled` — no custom server route
+  // required because `managedBy: 'config'` allows direct mutation.
+  actions: [
+    {
+      name: "activate_role",
+      label: "Activate Role",
+      icon: "circle-check",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { active: true },
+      successMessage: "Role activated",
+      refreshAfter: true
+    },
+    {
+      name: "deactivate_role",
+      label: "Deactivate Role",
+      icon: "circle-off",
+      variant: "danger",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { active: false },
+      confirmText: "Deactivate this role? Users with the role keep their assignment but the role stops granting permissions until re-activated.",
+      successMessage: "Role deactivated",
+      refreshAfter: true
+    },
+    {
+      name: "set_default_role",
+      label: "Set as Default",
+      icon: "star",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_role/{id}",
+      bodyExtra: { is_default: true },
+      confirmText: "Make this the default role for new users? Existing users are unaffected.",
+      successMessage: "Default role updated",
+      refreshAfter: true
+    },
+    {
+      // Clone — POST a new sys_role row pre-filled from the source. The
+      // dialog asks only for the new API name / label so the operator
+      // can rename atomically; permissions JSON is copied wholesale via
+      // defaultFromRow.
+      name: "clone_role",
+      label: "Clone Role",
+      icon: "copy",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/data/sys_role",
+      bodyExtra: { is_default: false, active: true },
+      successMessage: "Role cloned",
+      refreshAfter: true,
+      params: [
+        { name: "label", label: "New Display Name", type: "text", required: true },
+        { name: "name", label: "New API Name", type: "text", required: true, helpText: "Unique snake_case machine name" },
+        { field: "description", defaultFromRow: true },
+        { field: "permissions", defaultFromRow: true }
+      ]
+    }
+  ],
   listViews: {
     active: {
       type: "grid",
@@ -141,6 +218,64 @@ var SysPermissionSet = data.ObjectSchema.create({
   displayNameField: "label",
   titleFormat: "{label}",
   compactLayout: ["label", "name", "active"],
+  // Custom actions — permission sets are templates assigned to roles or
+  // users (via sys_role_permission_set / sys_user_permission_set). The
+  // sysadmin operations that don't live on the parent-detail tabs are
+  // lifecycle (activate/deactivate without losing assignments) and
+  // clone (build a new permset by tweaking an existing one). Both hit
+  // the generic data CRUD endpoint — managedBy: 'config' permits it.
+  actions: [
+    {
+      name: "activate_permission_set",
+      label: "Activate",
+      icon: "circle-check",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_permission_set/{id}",
+      bodyExtra: { active: true },
+      successMessage: "Permission set activated",
+      refreshAfter: true
+    },
+    {
+      name: "deactivate_permission_set",
+      label: "Deactivate",
+      icon: "circle-off",
+      variant: "danger",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "PATCH",
+      target: "/api/v1/data/sys_permission_set/{id}",
+      bodyExtra: { active: false },
+      confirmText: "Deactivate this permission set? Existing assignments stay in place but stop granting access until re-activated.",
+      successMessage: "Permission set deactivated",
+      refreshAfter: true
+    },
+    {
+      name: "clone_permission_set",
+      label: "Clone",
+      icon: "copy",
+      variant: "secondary",
+      mode: "custom",
+      locations: ["list_item", "record_header"],
+      type: "api",
+      method: "POST",
+      target: "/api/v1/data/sys_permission_set",
+      bodyExtra: { active: true },
+      successMessage: "Permission set cloned",
+      refreshAfter: true,
+      params: [
+        { name: "label", label: "New Display Name", type: "text", required: true },
+        { name: "name", label: "New API Name", type: "text", required: true, helpText: "Unique snake_case machine name" },
+        { field: "description", defaultFromRow: true },
+        { field: "object_permissions", defaultFromRow: true },
+        { field: "field_permissions", defaultFromRow: true }
+      ]
+    }
+  ],
   listViews: {
     active: {
       type: "grid",