@objectstack/platform-objects 6.8.1 → 6.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit/index.d.mts +128 -0
- package/dist/audit/index.d.ts +128 -0
- package/dist/identity/index.d.mts +160 -0
- package/dist/identity/index.d.ts +160 -0
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +195 -0
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +195 -1
- package/dist/index.mjs.map +1 -1
- package/dist/integration/index.d.mts +8 -0
- package/dist/integration/index.d.ts +8 -0
- package/dist/metadata/index.d.mts +16 -0
- package/dist/metadata/index.d.ts +16 -0
- package/dist/security/index.d.mts +3681 -1
- package/dist/security/index.d.ts +3681 -1
- package/dist/security/index.js +195 -0
- package/dist/security/index.js.map +1 -1
- package/dist/security/index.mjs +195 -1
- package/dist/security/index.mjs.map +1 -1
- package/dist/system/index.d.mts +24 -0
- package/dist/system/index.d.ts +24 -0
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -3430,6 +3430,200 @@ var SysSharingRule = data.ObjectSchema.create({
|
|
|
3430
3430
|
{ fields: ["organization_id"] }
|
|
3431
3431
|
]
|
|
3432
3432
|
});
|
|
3433
|
+
var SysShareLink = data.ObjectSchema.create({
|
|
3434
|
+
name: "sys_share_link",
|
|
3435
|
+
label: "Share Link",
|
|
3436
|
+
pluralLabel: "Share Links",
|
|
3437
|
+
icon: "link-2",
|
|
3438
|
+
isSystem: true,
|
|
3439
|
+
managedBy: "system",
|
|
3440
|
+
description: "Opaque capability token granting access to a single record. Notion/Figma-style public link sharing.",
|
|
3441
|
+
titleFormat: "{object_name}/{record_id} ({permission})",
|
|
3442
|
+
compactLayout: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
3443
|
+
listViews: {
|
|
3444
|
+
active_links: {
|
|
3445
|
+
type: "grid",
|
|
3446
|
+
name: "active_links",
|
|
3447
|
+
label: "Active",
|
|
3448
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
3449
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "use_count", "last_used_at"],
|
|
3450
|
+
filter: [{ field: "revoked_at", operator: "isNull" }],
|
|
3451
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
3452
|
+
pagination: { pageSize: 100 }
|
|
3453
|
+
},
|
|
3454
|
+
by_me: {
|
|
3455
|
+
type: "grid",
|
|
3456
|
+
name: "by_me",
|
|
3457
|
+
label: "Created by Me",
|
|
3458
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
3459
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at"],
|
|
3460
|
+
filter: [{ field: "created_by", operator: "equals", value: "{current_user_id}" }],
|
|
3461
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
3462
|
+
pagination: { pageSize: 100 }
|
|
3463
|
+
},
|
|
3464
|
+
revoked: {
|
|
3465
|
+
type: "grid",
|
|
3466
|
+
name: "revoked",
|
|
3467
|
+
label: "Revoked",
|
|
3468
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
3469
|
+
columns: ["object_name", "record_id", "revoked_at", "created_by"],
|
|
3470
|
+
filter: [{ field: "revoked_at", operator: "isNotNull" }],
|
|
3471
|
+
sort: [{ field: "revoked_at", order: "desc" }],
|
|
3472
|
+
pagination: { pageSize: 50 }
|
|
3473
|
+
},
|
|
3474
|
+
all_links: {
|
|
3475
|
+
type: "grid",
|
|
3476
|
+
name: "all_links",
|
|
3477
|
+
label: "All",
|
|
3478
|
+
data: { provider: "object", object: "sys_share_link" },
|
|
3479
|
+
columns: ["object_name", "record_id", "permission", "audience", "expires_at", "revoked_at", "created_at"],
|
|
3480
|
+
sort: [{ field: "created_at", order: "desc" }],
|
|
3481
|
+
pagination: { pageSize: 200 }
|
|
3482
|
+
}
|
|
3483
|
+
},
|
|
3484
|
+
fields: {
|
|
3485
|
+
id: data.Field.text({
|
|
3486
|
+
label: "Link ID",
|
|
3487
|
+
required: true,
|
|
3488
|
+
readonly: true,
|
|
3489
|
+
group: "System"
|
|
3490
|
+
}),
|
|
3491
|
+
// ── Token (the secret) ───────────────────────────────────────
|
|
3492
|
+
token: data.Field.text({
|
|
3493
|
+
label: "Token",
|
|
3494
|
+
required: true,
|
|
3495
|
+
maxLength: 64,
|
|
3496
|
+
description: "Opaque URL-safe random token (\u2265 22 chars). The only secret in this row.",
|
|
3497
|
+
group: "Token"
|
|
3498
|
+
}),
|
|
3499
|
+
// ── Target ───────────────────────────────────────────────────
|
|
3500
|
+
object_name: data.Field.text({
|
|
3501
|
+
label: "Object",
|
|
3502
|
+
required: true,
|
|
3503
|
+
maxLength: 100,
|
|
3504
|
+
description: "Short object name of the shared record (e.g. ai_conversation, contracts_contract)",
|
|
3505
|
+
group: "Target"
|
|
3506
|
+
}),
|
|
3507
|
+
record_id: data.Field.text({
|
|
3508
|
+
label: "Record",
|
|
3509
|
+
required: true,
|
|
3510
|
+
maxLength: 100,
|
|
3511
|
+
description: "Primary key of the shared record within object_name",
|
|
3512
|
+
group: "Target"
|
|
3513
|
+
}),
|
|
3514
|
+
// ── Access Policy ────────────────────────────────────────────
|
|
3515
|
+
permission: data.Field.select(
|
|
3516
|
+
[
|
|
3517
|
+
{ label: "View", value: "view" },
|
|
3518
|
+
{ label: "Comment", value: "comment" },
|
|
3519
|
+
{ label: "Edit", value: "edit" }
|
|
3520
|
+
],
|
|
3521
|
+
{
|
|
3522
|
+
label: "Permission",
|
|
3523
|
+
required: true,
|
|
3524
|
+
defaultValue: "view",
|
|
3525
|
+
description: "What the link holder can do with the record",
|
|
3526
|
+
group: "Access Policy"
|
|
3527
|
+
}
|
|
3528
|
+
),
|
|
3529
|
+
audience: data.Field.select(
|
|
3530
|
+
[
|
|
3531
|
+
{ label: "Public (indexable)", value: "public" },
|
|
3532
|
+
{ label: "Anyone with the link", value: "link_only" },
|
|
3533
|
+
{ label: "Signed-in users", value: "signed_in" },
|
|
3534
|
+
{ label: "Specific emails", value: "email" }
|
|
3535
|
+
],
|
|
3536
|
+
{
|
|
3537
|
+
label: "Audience",
|
|
3538
|
+
required: true,
|
|
3539
|
+
defaultValue: "link_only",
|
|
3540
|
+
description: "Gating layer applied on top of the token check",
|
|
3541
|
+
group: "Access Policy"
|
|
3542
|
+
}
|
|
3543
|
+
),
|
|
3544
|
+
expires_at: data.Field.datetime({
|
|
3545
|
+
label: "Expires At",
|
|
3546
|
+
description: "When set, resolveToken returns null after this timestamp",
|
|
3547
|
+
group: "Access Policy"
|
|
3548
|
+
}),
|
|
3549
|
+
email_allowlist: data.Field.json({
|
|
3550
|
+
label: "Email Allowlist",
|
|
3551
|
+
description: "Lowercased addresses checked when audience=email",
|
|
3552
|
+
group: "Access Policy"
|
|
3553
|
+
}),
|
|
3554
|
+
password_hash: data.Field.text({
|
|
3555
|
+
label: "Password Hash",
|
|
3556
|
+
maxLength: 256,
|
|
3557
|
+
description: "Argon2/bcrypt hash. When set, the UI prompts for a password before rendering.",
|
|
3558
|
+
group: "Access Policy"
|
|
3559
|
+
}),
|
|
3560
|
+
redact_fields: data.Field.json({
|
|
3561
|
+
label: "Per-Link Redactions",
|
|
3562
|
+
description: "Extra fields stripped from the response, on top of the object-default set",
|
|
3563
|
+
group: "Access Policy"
|
|
3564
|
+
}),
|
|
3565
|
+
label: data.Field.text({
|
|
3566
|
+
label: "Label",
|
|
3567
|
+
maxLength: 200,
|
|
3568
|
+
description: 'Free-text shown in the share dialog (e.g. "ACME Q3 contract")',
|
|
3569
|
+
group: "Metadata"
|
|
3570
|
+
}),
|
|
3571
|
+
// ── Lifecycle ────────────────────────────────────────────────
|
|
3572
|
+
revoked_at: data.Field.datetime({
|
|
3573
|
+
label: "Revoked At",
|
|
3574
|
+
readonly: true,
|
|
3575
|
+
description: "When set, the link is permanently disabled",
|
|
3576
|
+
group: "Lifecycle"
|
|
3577
|
+
}),
|
|
3578
|
+
created_by: data.Field.lookup("sys_user", {
|
|
3579
|
+
label: "Created By",
|
|
3580
|
+
readonly: true,
|
|
3581
|
+
description: "Issuer of the link",
|
|
3582
|
+
group: "Lifecycle"
|
|
3583
|
+
}),
|
|
3584
|
+
created_at: data.Field.datetime({
|
|
3585
|
+
label: "Created At",
|
|
3586
|
+
required: true,
|
|
3587
|
+
defaultValue: "NOW()",
|
|
3588
|
+
readonly: true,
|
|
3589
|
+
group: "Lifecycle"
|
|
3590
|
+
}),
|
|
3591
|
+
last_used_at: data.Field.datetime({
|
|
3592
|
+
label: "Last Used At",
|
|
3593
|
+
readonly: true,
|
|
3594
|
+
description: "Stamped by resolveToken; used by the dashboard to highlight active links",
|
|
3595
|
+
group: "Lifecycle"
|
|
3596
|
+
}),
|
|
3597
|
+
use_count: data.Field.number({
|
|
3598
|
+
label: "Use Count",
|
|
3599
|
+
defaultValue: 0,
|
|
3600
|
+
readonly: true,
|
|
3601
|
+
description: "Incremented by resolveToken on every successful resolution",
|
|
3602
|
+
group: "Lifecycle"
|
|
3603
|
+
})
|
|
3604
|
+
},
|
|
3605
|
+
indexes: [
|
|
3606
|
+
// Hot path: resolveToken — one row lookup per public request.
|
|
3607
|
+
{ fields: ["token"], unique: true },
|
|
3608
|
+
// Management UI: "all links for this record".
|
|
3609
|
+
{ fields: ["object_name", "record_id"] },
|
|
3610
|
+
// "Active links I issued".
|
|
3611
|
+
{ fields: ["created_by", "revoked_at"] },
|
|
3612
|
+
// Reaper for expired rows (background sweep).
|
|
3613
|
+
{ fields: ["expires_at"] }
|
|
3614
|
+
],
|
|
3615
|
+
enable: {
|
|
3616
|
+
trackHistory: false,
|
|
3617
|
+
searchable: false,
|
|
3618
|
+
apiEnabled: true,
|
|
3619
|
+
// The /api/v1/share-links endpoints are the authoritative surface;
|
|
3620
|
+
// the generic data API is exposed read-only for the admin grid.
|
|
3621
|
+
apiMethods: ["get", "list"],
|
|
3622
|
+
trash: false,
|
|
3623
|
+
mru: false,
|
|
3624
|
+
clone: false
|
|
3625
|
+
}
|
|
3626
|
+
});
|
|
3433
3627
|
var BETTER_AUTH_MANAGED_OBJECTS = [
|
|
3434
3628
|
"sys_user",
|
|
3435
3629
|
"sys_account",
|
|
@@ -19133,6 +19327,7 @@ exports.SysSecret = SysSecret;
|
|
|
19133
19327
|
exports.SysSession = SysSession;
|
|
19134
19328
|
exports.SysSetting = SysSetting;
|
|
19135
19329
|
exports.SysSettingAudit = SysSettingAudit;
|
|
19330
|
+
exports.SysShareLink = SysShareLink;
|
|
19136
19331
|
exports.SysSharingRule = SysSharingRule;
|
|
19137
19332
|
exports.SysTeam = SysTeam;
|
|
19138
19333
|
exports.SysTeamMember = SysTeamMember;
|