@objectstack/platform-objects 6.8.1 → 6.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit/index.d.mts +128 -0
- package/dist/audit/index.d.ts +128 -0
- package/dist/identity/index.d.mts +160 -0
- package/dist/identity/index.d.ts +160 -0
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +195 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +195 -1
- package/dist/index.mjs.map +1 -1
- package/dist/integration/index.d.mts +8 -0
- package/dist/integration/index.d.ts +8 -0
- package/dist/metadata/index.d.mts +16 -0
- package/dist/metadata/index.d.ts +16 -0
- package/dist/security/index.d.mts +3681 -1
- package/dist/security/index.d.ts +3681 -1
- package/dist/security/index.js +195 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/index.mjs +195 -1
- package/dist/security/index.mjs.map +1 -1
- package/dist/system/index.d.mts +24 -0
- package/dist/system/index.d.ts +24 -0
- package/package.json +2 -2
package/dist/security/index.js
CHANGED
|
@@ -827,6 +827,200 @@ var SysSharingRule = data.ObjectSchema.create({
|
|
|
827
827
|
{ fields: ["organization_id"] }
|
|
828
828
|
]
|
|
829
829
|
});
|
|
830
|
+
var SysShareLink = data.ObjectSchema.create({
|
|
831
|
+
name: "sys_share_link",
|
|
832
|
+
label: "Share Link",
|
|
833
|
+
pluralLabel: "Share Links",
|
|
834
|
+
icon: "link-2",
|
|
835
|
+
isSystem: true,
|
|
836
|
+
managedBy: "system",
|
|
837
|
+
description: "Opaque capability token granting access to a single record. Notion/Figma-style public link sharing.",
|
|
838
|
+
titleFormat: "{object_name}/{record_id} ({permission})",
|
|
839
|
+
compactLayout: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
840
|
+
listViews: {
|
|
841
|
+
active_links: {
|
|
842
|
+
type: "grid",
|
|
843
|
+
name: "active_links",
|
|
844
|
+
label: "Active",
|
|
845
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
846
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "use_count", "last_used_at"],
|
|
847
|
+
filter: [{ field: "revoked_at", operator: "isNull" }],
|
|
848
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
849
|
+
pagination: { pageSize: 100 }
|
|
850
|
+
},
|
|
851
|
+
by_me: {
|
|
852
|
+
type: "grid",
|
|
853
|
+
name: "by_me",
|
|
854
|
+
label: "Created by Me",
|
|
855
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
856
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
857
|
+
filter: [{ field: "created_by", operator: "equals", value: "{current_user_id}" }],
|
|
858
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
859
|
+
pagination: { pageSize: 100 }
|
|
860
|
+
},
|
|
861
|
+
revoked: {
|
|
862
|
+
type: "grid",
|
|
863
|
+
name: "revoked",
|
|
864
|
+
label: "Revoked",
|
|
865
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
866
|
+
columns: ["object_name", "record_id", "revoked_at", "created_by"],
|
|
867
|
+
filter: [{ field: "revoked_at", operator: "isNotNull" }],
|
|
868
|
+
sort: [{ field: "revoked_at", order: "desc" }],
|
|
869
|
+
pagination: { pageSize: 50 }
|
|
870
|
+
},
|
|
871
|
+
all_links: {
|
|
872
|
+
type: "grid",
|
|
873
|
+
name: "all_links",
|
|
874
|
+
label: "All",
|
|
875
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
876
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at", "created_at"],
|
|
877
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
878
|
+
pagination: { pageSize: 200 }
|
|
879
|
+
}
|
|
880
|
+
},
|
|
881
|
+
fields: {
|
|
882
|
+
id: data.Field.text({
|
|
883
|
+
label: "Link ID",
|
|
884
|
+
required: true,
|
|
885
|
+
readonly: true,
|
|
886
|
+
group: "System"
|
|
887
|
+
}),
|
|
888
|
+
// ── Token (the secret) ───────────────────────────────────────
|
|
889
|
+
token: data.Field.text({
|
|
890
|
+
label: "Token",
|
|
891
|
+
required: true,
|
|
892
|
+
maxLength: 64,
|
|
893
|
+
description: "Opaque URL-safe random token (\u2265 22 chars). The only secret in this row.",
|
|
894
|
+
group: "Token"
|
|
895
|
+
}),
|
|
896
|
+
// ── Target ───────────────────────────────────────────────────
|
|
897
|
+
object_name: data.Field.text({
|
|
898
|
+
label: "Object",
|
|
899
|
+
required: true,
|
|
900
|
+
maxLength: 100,
|
|
901
|
+
description: "Short object name of the shared record (e.g. ai_conversation, contracts_contract)",
|
|
902
|
+
group: "Target"
|
|
903
|
+
}),
|
|
904
|
+
record_id: data.Field.text({
|
|
905
|
+
label: "Record",
|
|
906
|
+
required: true,
|
|
907
|
+
maxLength: 100,
|
|
908
|
+
description: "Primary key of the shared record within object_name",
|
|
909
|
+
group: "Target"
|
|
910
|
+
}),
|
|
911
|
+
// ── Access Policy ────────────────────────────────────────────
|
|
912
|
+
permission: data.Field.select(
|
|
913
|
+
[
|
|
914
|
+
{ label: "View", value: "view" },
|
|
915
|
+
{ label: "Comment", value: "comment" },
|
|
916
|
+
{ label: "Edit", value: "edit" }
|
|
917
|
+
],
|
|
918
|
+
{
|
|
919
|
+
label: "Permission",
|
|
920
|
+
required: true,
|
|
921
|
+
defaultValue: "view",
|
|
922
|
+
description: "What the link holder can do with the record",
|
|
923
|
+
group: "Access Policy"
|
|
924
|
+
}
|
|
925
|
+
),
|
|
926
|
+
audience: data.Field.select(
|
|
927
|
+
[
|
|
928
|
+
{ label: "Public (indexable)", value: "public" },
|
|
929
|
+
{ label: "Anyone with the link", value: "link_only" },
|
|
930
|
+
{ label: "Signed-in users", value: "signed_in" },
|
|
931
|
+
{ label: "Specific emails", value: "email" }
|
|
932
|
+
],
|
|
933
|
+
{
|
|
934
|
+
label: "Audience",
|
|
935
|
+
required: true,
|
|
936
|
+
defaultValue: "link_only",
|
|
937
|
+
description: "Gating layer applied on top of the token check",
|
|
938
|
+
group: "Access Policy"
|
|
939
|
+
}
|
|
940
|
+
),
|
|
941
|
+
expires_at: data.Field.datetime({
|
|
942
|
+
label: "Expires At",
|
|
943
|
+
description: "When set, resolveToken returns null after this timestamp",
|
|
944
|
+
group: "Access Policy"
|
|
945
|
+
}),
|
|
946
|
+
email_allowlist: data.Field.json({
|
|
947
|
+
label: "Email Allowlist",
|
|
948
|
+
description: "Lowercased addresses checked when audience=email",
|
|
949
|
+
group: "Access Policy"
|
|
950
|
+
}),
|
|
951
|
+
password_hash: data.Field.text({
|
|
952
|
+
label: "Password Hash",
|
|
953
|
+
maxLength: 256,
|
|
954
|
+
description: "Argon2/bcrypt hash. When set, the UI prompts for a password before rendering.",
|
|
955
|
+
group: "Access Policy"
|
|
956
|
+
}),
|
|
957
|
+
redact_fields: data.Field.json({
|
|
958
|
+
label: "Per-Link Redactions",
|
|
959
|
+
description: "Extra fields stripped from the response, on top of the object-default set",
|
|
960
|
+
group: "Access Policy"
|
|
961
|
+
}),
|
|
962
|
+
label: data.Field.text({
|
|
963
|
+
label: "Label",
|
|
964
|
+
maxLength: 200,
|
|
965
|
+
description: 'Free-text shown in the share dialog (e.g. "ACME Q3 contract")',
|
|
966
|
+
group: "Metadata"
|
|
967
|
+
}),
|
|
968
|
+
// ── Lifecycle ────────────────────────────────────────────────
|
|
969
|
+
revoked_at: data.Field.datetime({
|
|
970
|
+
label: "Revoked At",
|
|
971
|
+
readonly: true,
|
|
972
|
+
description: "When set, the link is permanently disabled",
|
|
973
|
+
group: "Lifecycle"
|
|
974
|
+
}),
|
|
975
|
+
created_by: data.Field.lookup("sys_user", {
|
|
976
|
+
label: "Created By",
|
|
977
|
+
readonly: true,
|
|
978
|
+
description: "Issuer of the link",
|
|
979
|
+
group: "Lifecycle"
|
|
980
|
+
}),
|
|
981
|
+
created_at: data.Field.datetime({
|
|
982
|
+
label: "Created At",
|
|
983
|
+
required: true,
|
|
984
|
+
defaultValue: "NOW()",
|
|
985
|
+
readonly: true,
|
|
986
|
+
group: "Lifecycle"
|
|
987
|
+
}),
|
|
988
|
+
last_used_at: data.Field.datetime({
|
|
989
|
+
label: "Last Used At",
|
|
990
|
+
readonly: true,
|
|
991
|
+
description: "Stamped by resolveToken; used by the dashboard to highlight active links",
|
|
992
|
+
group: "Lifecycle"
|
|
993
|
+
}),
|
|
994
|
+
use_count: data.Field.number({
|
|
995
|
+
label: "Use Count",
|
|
996
|
+
defaultValue: 0,
|
|
997
|
+
readonly: true,
|
|
998
|
+
description: "Incremented by resolveToken on every successful resolution",
|
|
999
|
+
group: "Lifecycle"
|
|
1000
|
+
})
|
|
1001
|
+
},
|
|
1002
|
+
indexes: [
|
|
1003
|
+
// Hot path: resolveToken — one row lookup per public request.
|
|
1004
|
+
{ fields: ["token"], unique: true },
|
|
1005
|
+
// Management UI: "all links for this record".
|
|
1006
|
+
{ fields: ["object_name", "record_id"] },
|
|
1007
|
+
// "Active links I issued".
|
|
1008
|
+
{ fields: ["created_by", "revoked_at"] },
|
|
1009
|
+
// Reaper for expired rows (background sweep).
|
|
1010
|
+
{ fields: ["expires_at"] }
|
|
1011
|
+
],
|
|
1012
|
+
enable: {
|
|
1013
|
+
trackHistory: false,
|
|
1014
|
+
searchable: false,
|
|
1015
|
+
apiEnabled: true,
|
|
1016
|
+
// The /api/v1/share-links endpoints are the authoritative surface;
|
|
1017
|
+
// the generic data API is exposed read-only for the admin grid.
|
|
1018
|
+
apiMethods: ["get", "list"],
|
|
1019
|
+
trash: false,
|
|
1020
|
+
mru: false,
|
|
1021
|
+
clone: false
|
|
1022
|
+
}
|
|
1023
|
+
});
|
|
830
1024
|
var BETTER_AUTH_MANAGED_OBJECTS = [
|
|
831
1025
|
"sys_user",
|
|
832
1026
|
"sys_account",
|
|
@@ -1112,6 +1306,7 @@ exports.SysPermissionSet = SysPermissionSet;
|
|
|
1112
1306
|
exports.SysRecordShare = SysRecordShare;
|
|
1113
1307
|
exports.SysRole = SysRole;
|
|
1114
1308
|
exports.SysRolePermissionSet = SysRolePermissionSet;
|
|
1309
|
+
exports.SysShareLink = SysShareLink;
|
|
1115
1310
|
exports.SysSharingRule = SysSharingRule;
|
|
1116
1311
|
exports.SysUserPermissionSet = SysUserPermissionSet;
|
|
1117
1312
|
exports.defaultPermissionSets = defaultPermissionSets;
|