@objectstack/plugin-security 3.2.4 → 3.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/.turbo/turbo-build.log +10 -10
  2. package/CHANGELOG.md +14 -0
  3. package/dist/index.d.mts +3615 -1
  4. package/dist/index.d.ts +3615 -1
  5. package/dist/index.js +152 -2
  6. package/dist/index.js.map +1 -1
  7. package/dist/index.mjs +149 -1
  8. package/dist/index.mjs.map +1 -1
  9. package/package.json +3 -3
  10. package/src/index.ts +3 -0
  11. package/src/objects/index.ts +10 -0
  12. package/src/objects/sys-permission-set.object.ts +94 -0
  13. package/src/objects/sys-role.object.ts +93 -0
package/src/objects/sys-permission-set.object.ts ADDED
@@ -0,0 +1,94 @@
1
+ // Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
2
+
3
+ import { ObjectSchema, Field } from '@objectstack/spec/data';
4
+
5
+ /**
6
+ * sys_permission_set — System Permission Set Object
7
+ *
8
+ * Named groupings of fine-grained permissions.
9
+ * Permission sets can be assigned to roles or directly to users
10
+ * for granular access control.
11
+ *
12
+ * @namespace sys
13
+ */
14
+ export const SysPermissionSet = ObjectSchema.create({
15
+ namespace: 'sys',
16
+ name: 'permission_set',
17
+ label: 'Permission Set',
18
+ pluralLabel: 'Permission Sets',
19
+ icon: 'lock',
20
+ isSystem: true,
21
+ description: 'Named permission groupings for fine-grained access control',
22
+ titleFormat: '{name}',
23
+ compactLayout: ['name', 'label', 'active'],
24
+
25
+ fields: {
26
+ id: Field.text({
27
+ label: 'Permission Set ID',
28
+ required: true,
29
+ readonly: true,
30
+ }),
31
+
32
+ created_at: Field.datetime({
33
+ label: 'Created At',
34
+ defaultValue: 'NOW()',
35
+ readonly: true,
36
+ }),
37
+
38
+ updated_at: Field.datetime({
39
+ label: 'Updated At',
40
+ defaultValue: 'NOW()',
41
+ readonly: true,
42
+ }),
43
+
44
+ name: Field.text({
45
+ label: 'API Name',
46
+ required: true,
47
+ searchable: true,
48
+ maxLength: 100,
49
+ description: 'Unique machine name for the permission set',
50
+ }),
51
+
52
+ label: Field.text({
53
+ label: 'Display Name',
54
+ required: true,
55
+ maxLength: 255,
56
+ }),
57
+
58
+ description: Field.textarea({
59
+ label: 'Description',
60
+ required: false,
61
+ }),
62
+
63
+ object_permissions: Field.textarea({
64
+ label: 'Object Permissions',
65
+ required: false,
66
+ description: 'JSON-serialized object-level CRUD permissions',
67
+ }),
68
+
69
+ field_permissions: Field.textarea({
70
+ label: 'Field Permissions',
71
+ required: false,
72
+ description: 'JSON-serialized field-level read/write permissions',
73
+ }),
74
+
75
+ active: Field.boolean({
76
+ label: 'Active',
77
+ defaultValue: true,
78
+ }),
79
+ },
80
+
81
+ indexes: [
82
+ { fields: ['name'], unique: true },
83
+ { fields: ['active'] },
84
+ ],
85
+
86
+ enable: {
87
+ trackHistory: true,
88
+ searchable: true,
89
+ apiEnabled: true,
90
+ apiMethods: ['get', 'list', 'create', 'update', 'delete'],
91
+ trash: true,
92
+ mru: true,
93
+ },
94
+ });
package/src/objects/sys-role.object.ts ADDED
@@ -0,0 +1,93 @@
1
+ // Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
2
+
3
+ import { ObjectSchema, Field } from '@objectstack/spec/data';
4
+
5
+ /**
6
+ * sys_role — System Role Object
7
+ *
8
+ * RBAC role definition for the ObjectStack platform.
9
+ * Roles group permissions and are assigned to users or members.
10
+ *
11
+ * @namespace sys
12
+ */
13
+ export const SysRole = ObjectSchema.create({
14
+ namespace: 'sys',
15
+ name: 'role',
16
+ label: 'Role',
17
+ pluralLabel: 'Roles',
18
+ icon: 'shield',
19
+ isSystem: true,
20
+ description: 'Role definitions for RBAC access control',
21
+ titleFormat: '{name}',
22
+ compactLayout: ['name', 'label', 'active'],
23
+
24
+ fields: {
25
+ id: Field.text({
26
+ label: 'Role ID',
27
+ required: true,
28
+ readonly: true,
29
+ }),
30
+
31
+ created_at: Field.datetime({
32
+ label: 'Created At',
33
+ defaultValue: 'NOW()',
34
+ readonly: true,
35
+ }),
36
+
37
+ updated_at: Field.datetime({
38
+ label: 'Updated At',
39
+ defaultValue: 'NOW()',
40
+ readonly: true,
41
+ }),
42
+
43
+ name: Field.text({
44
+ label: 'API Name',
45
+ required: true,
46
+ searchable: true,
47
+ maxLength: 100,
48
+ description: 'Unique machine name for the role (e.g. admin, editor, viewer)',
49
+ }),
50
+
51
+ label: Field.text({
52
+ label: 'Display Name',
53
+ required: true,
54
+ maxLength: 255,
55
+ }),
56
+
57
+ description: Field.textarea({
58
+ label: 'Description',
59
+ required: false,
60
+ }),
61
+
62
+ permissions: Field.textarea({
63
+ label: 'Permissions',
64
+ required: false,
65
+ description: 'JSON-serialized array of permission strings',
66
+ }),
67
+
68
+ active: Field.boolean({
69
+ label: 'Active',
70
+ defaultValue: true,
71
+ }),
72
+
73
+ is_default: Field.boolean({
74
+ label: 'Default Role',
75
+ defaultValue: false,
76
+ description: 'Automatically assigned to new users',
77
+ }),
78
+ },
79
+
80
+ indexes: [
81
+ { fields: ['name'], unique: true },
82
+ { fields: ['active'] },
83
+ ],
84
+
85
+ enable: {
86
+ trackHistory: true,
87
+ searchable: true,
88
+ apiEnabled: true,
89
+ apiMethods: ['get', 'list', 'create', 'update', 'delete'],
90
+ trash: true,
91
+ mru: true,
92
+ },
93
+ });