@objectstack/platform-objects 6.8.0 → 6.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apps/index.js +33 -0
- package/dist/apps/index.js.map +1 -1
- package/dist/apps/index.mjs +33 -0
- package/dist/apps/index.mjs.map +1 -1
- package/dist/audit/index.d.mts +128 -0
- package/dist/audit/index.d.ts +128 -0
- package/dist/identity/index.d.mts +160 -0
- package/dist/identity/index.d.ts +160 -0
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +228 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +228 -1
- package/dist/index.mjs.map +1 -1
- package/dist/integration/index.d.mts +8 -0
- package/dist/integration/index.d.ts +8 -0
- package/dist/metadata/index.d.mts +16 -0
- package/dist/metadata/index.d.ts +16 -0
- package/dist/security/index.d.mts +3681 -1
- package/dist/security/index.d.ts +3681 -1
- package/dist/security/index.js +195 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/index.mjs +195 -1
- package/dist/security/index.mjs.map +1 -1
- package/dist/system/index.d.mts +24 -0
- package/dist/system/index.d.ts +24 -0
- package/package.json +2 -2
package/dist/security/index.mjs
CHANGED
|
@@ -825,6 +825,200 @@ var SysSharingRule = ObjectSchema.create({
|
|
|
825
825
|
{ fields: ["organization_id"] }
|
|
826
826
|
]
|
|
827
827
|
});
|
|
828
|
+
var SysShareLink = ObjectSchema.create({
|
|
829
|
+
name: "sys_share_link",
|
|
830
|
+
label: "Share Link",
|
|
831
|
+
pluralLabel: "Share Links",
|
|
832
|
+
icon: "link-2",
|
|
833
|
+
isSystem: true,
|
|
834
|
+
managedBy: "system",
|
|
835
|
+
description: "Opaque capability token granting access to a single record. Notion/Figma-style public link sharing.",
|
|
836
|
+
titleFormat: "{object_name}/{record_id} ({permission})",
|
|
837
|
+
compactLayout: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
838
|
+
listViews: {
|
|
839
|
+
active_links: {
|
|
840
|
+
type: "grid",
|
|
841
|
+
name: "active_links",
|
|
842
|
+
label: "Active",
|
|
843
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
844
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "use_count", "last_used_at"],
|
|
845
|
+
filter: [{ field: "revoked_at", operator: "isNull" }],
|
|
846
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
847
|
+
pagination: { pageSize: 100 }
|
|
848
|
+
},
|
|
849
|
+
by_me: {
|
|
850
|
+
type: "grid",
|
|
851
|
+
name: "by_me",
|
|
852
|
+
label: "Created by Me",
|
|
853
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
854
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
855
|
+
filter: [{ field: "created_by", operator: "equals", value: "{current_user_id}" }],
|
|
856
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
857
|
+
pagination: { pageSize: 100 }
|
|
858
|
+
},
|
|
859
|
+
revoked: {
|
|
860
|
+
type: "grid",
|
|
861
|
+
name: "revoked",
|
|
862
|
+
label: "Revoked",
|
|
863
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
864
|
+
columns: ["object_name", "record_id", "revoked_at", "created_by"],
|
|
865
|
+
filter: [{ field: "revoked_at", operator: "isNotNull" }],
|
|
866
|
+
sort: [{ field: "revoked_at", order: "desc" }],
|
|
867
|
+
pagination: { pageSize: 50 }
|
|
868
|
+
},
|
|
869
|
+
all_links: {
|
|
870
|
+
type: "grid",
|
|
871
|
+
name: "all_links",
|
|
872
|
+
label: "All",
|
|
873
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
874
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at", "created_at"],
|
|
875
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
876
|
+
pagination: { pageSize: 200 }
|
|
877
|
+
}
|
|
878
|
+
},
|
|
879
|
+
fields: {
|
|
880
|
+
id: Field.text({
|
|
881
|
+
label: "Link ID",
|
|
882
|
+
required: true,
|
|
883
|
+
readonly: true,
|
|
884
|
+
group: "System"
|
|
885
|
+
}),
|
|
886
|
+
// ── Token (the secret) ───────────────────────────────────────
|
|
887
|
+
token: Field.text({
|
|
888
|
+
label: "Token",
|
|
889
|
+
required: true,
|
|
890
|
+
maxLength: 64,
|
|
891
|
+
description: "Opaque URL-safe random token (\u2265 22 chars). The only secret in this row.",
|
|
892
|
+
group: "Token"
|
|
893
|
+
}),
|
|
894
|
+
// ── Target ───────────────────────────────────────────────────
|
|
895
|
+
object_name: Field.text({
|
|
896
|
+
label: "Object",
|
|
897
|
+
required: true,
|
|
898
|
+
maxLength: 100,
|
|
899
|
+
description: "Short object name of the shared record (e.g. ai_conversation, contracts_contract)",
|
|
900
|
+
group: "Target"
|
|
901
|
+
}),
|
|
902
|
+
record_id: Field.text({
|
|
903
|
+
label: "Record",
|
|
904
|
+
required: true,
|
|
905
|
+
maxLength: 100,
|
|
906
|
+
description: "Primary key of the shared record within object_name",
|
|
907
|
+
group: "Target"
|
|
908
|
+
}),
|
|
909
|
+
// ── Access Policy ────────────────────────────────────────────
|
|
910
|
+
permission: Field.select(
|
|
911
|
+
[
|
|
912
|
+
{ label: "View", value: "view" },
|
|
913
|
+
{ label: "Comment", value: "comment" },
|
|
914
|
+
{ label: "Edit", value: "edit" }
|
|
915
|
+
],
|
|
916
|
+
{
|
|
917
|
+
label: "Permission",
|
|
918
|
+
required: true,
|
|
919
|
+
defaultValue: "view",
|
|
920
|
+
description: "What the link holder can do with the record",
|
|
921
|
+
group: "Access Policy"
|
|
922
|
+
}
|
|
923
|
+
),
|
|
924
|
+
audience: Field.select(
|
|
925
|
+
[
|
|
926
|
+
{ label: "Public (indexable)", value: "public" },
|
|
927
|
+
{ label: "Anyone with the link", value: "link_only" },
|
|
928
|
+
{ label: "Signed-in users", value: "signed_in" },
|
|
929
|
+
{ label: "Specific emails", value: "email" }
|
|
930
|
+
],
|
|
931
|
+
{
|
|
932
|
+
label: "Audience",
|
|
933
|
+
required: true,
|
|
934
|
+
defaultValue: "link_only",
|
|
935
|
+
description: "Gating layer applied on top of the token check",
|
|
936
|
+
group: "Access Policy"
|
|
937
|
+
}
|
|
938
|
+
),
|
|
939
|
+
expires_at: Field.datetime({
|
|
940
|
+
label: "Expires At",
|
|
941
|
+
description: "When set, resolveToken returns null after this timestamp",
|
|
942
|
+
group: "Access Policy"
|
|
943
|
+
}),
|
|
944
|
+
email_allowlist: Field.json({
|
|
945
|
+
label: "Email Allowlist",
|
|
946
|
+
description: "Lowercased addresses checked when audience=email",
|
|
947
|
+
group: "Access Policy"
|
|
948
|
+
}),
|
|
949
|
+
password_hash: Field.text({
|
|
950
|
+
label: "Password Hash",
|
|
951
|
+
maxLength: 256,
|
|
952
|
+
description: "Argon2/bcrypt hash. When set, the UI prompts for a password before rendering.",
|
|
953
|
+
group: "Access Policy"
|
|
954
|
+
}),
|
|
955
|
+
redact_fields: Field.json({
|
|
956
|
+
label: "Per-Link Redactions",
|
|
957
|
+
description: "Extra fields stripped from the response, on top of the object-default set",
|
|
958
|
+
group: "Access Policy"
|
|
959
|
+
}),
|
|
960
|
+
label: Field.text({
|
|
961
|
+
label: "Label",
|
|
962
|
+
maxLength: 200,
|
|
963
|
+
description: 'Free-text shown in the share dialog (e.g. "ACME Q3 contract")',
|
|
964
|
+
group: "Metadata"
|
|
965
|
+
}),
|
|
966
|
+
// ── Lifecycle ────────────────────────────────────────────────
|
|
967
|
+
revoked_at: Field.datetime({
|
|
968
|
+
label: "Revoked At",
|
|
969
|
+
readonly: true,
|
|
970
|
+
description: "When set, the link is permanently disabled",
|
|
971
|
+
group: "Lifecycle"
|
|
972
|
+
}),
|
|
973
|
+
created_by: Field.lookup("sys_user", {
|
|
974
|
+
label: "Created By",
|
|
975
|
+
readonly: true,
|
|
976
|
+
description: "Issuer of the link",
|
|
977
|
+
group: "Lifecycle"
|
|
978
|
+
}),
|
|
979
|
+
created_at: Field.datetime({
|
|
980
|
+
label: "Created At",
|
|
981
|
+
required: true,
|
|
982
|
+
defaultValue: "NOW()",
|
|
983
|
+
readonly: true,
|
|
984
|
+
group: "Lifecycle"
|
|
985
|
+
}),
|
|
986
|
+
last_used_at: Field.datetime({
|
|
987
|
+
label: "Last Used At",
|
|
988
|
+
readonly: true,
|
|
989
|
+
description: "Stamped by resolveToken; used by the dashboard to highlight active links",
|
|
990
|
+
group: "Lifecycle"
|
|
991
|
+
}),
|
|
992
|
+
use_count: Field.number({
|
|
993
|
+
label: "Use Count",
|
|
994
|
+
defaultValue: 0,
|
|
995
|
+
readonly: true,
|
|
996
|
+
description: "Incremented by resolveToken on every successful resolution",
|
|
997
|
+
group: "Lifecycle"
|
|
998
|
+
})
|
|
999
|
+
},
|
|
1000
|
+
indexes: [
|
|
1001
|
+
// Hot path: resolveToken — one row lookup per public request.
|
|
1002
|
+
{ fields: ["token"], unique: true },
|
|
1003
|
+
// Management UI: "all links for this record".
|
|
1004
|
+
{ fields: ["object_name", "record_id"] },
|
|
1005
|
+
// "Active links I issued".
|
|
1006
|
+
{ fields: ["created_by", "revoked_at"] },
|
|
1007
|
+
// Reaper for expired rows (background sweep).
|
|
1008
|
+
{ fields: ["expires_at"] }
|
|
1009
|
+
],
|
|
1010
|
+
enable: {
|
|
1011
|
+
trackHistory: false,
|
|
1012
|
+
searchable: false,
|
|
1013
|
+
apiEnabled: true,
|
|
1014
|
+
// The /api/v1/share-links endpoints are the authoritative surface;
|
|
1015
|
+
// the generic data API is exposed read-only for the admin grid.
|
|
1016
|
+
apiMethods: ["get", "list"],
|
|
1017
|
+
trash: false,
|
|
1018
|
+
mru: false,
|
|
1019
|
+
clone: false
|
|
1020
|
+
}
|
|
1021
|
+
});
|
|
828
1022
|
var BETTER_AUTH_MANAGED_OBJECTS = [
|
|
829
1023
|
"sys_user",
|
|
830
1024
|
"sys_account",
|
|
@@ -1106,6 +1300,6 @@ var defaultPermissionSets = [
|
|
|
1106
1300
|
})
|
|
1107
1301
|
];
|
|
1108
1302
|
|
|
1109
|
-
export { SysPermissionSet, SysRecordShare, SysRole, SysRolePermissionSet, SysSharingRule, SysUserPermissionSet, defaultPermissionSets };
|
|
1303
|
+
export { SysPermissionSet, SysRecordShare, SysRole, SysRolePermissionSet, SysShareLink, SysSharingRule, SysUserPermissionSet, defaultPermissionSets };
|
|
1110
1304
|
//# sourceMappingURL=index.mjs.map
|
|
1111
1305
|
//# sourceMappingURL=index.mjs.map
|