npm - @objectstack/plugin-security - Versions diffs - 6.8.1 → 6.9.0 - Mend

@objectstack/plugin-security 6.8.1 → 6.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -927,6 +927,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -3366,6 +3374,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -5769,6 +5785,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -7694,6 +7718,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -8730,69 +8762,6 @@ declare const securityPluginManifestHeader: {
     description: string;
 };
-/**
- * ensureUserHasOrganization — auto-create a personal org for new users.
- *
- * In multi-tenant mode, every record visible through the default
- * `tenant_isolation` RLS policy must have an `organization_id`, and
- * every authenticated user must have an `activeOrganizationId` on their
- * session for that policy to evaluate to anything other than "deny
- * all". A user with zero `sys_member` rows, however, can sign in
- * successfully and reach the dashboard — the dashboard's
- * `RequireOrganization` guard has a single-tenant carve-out that lets
- * users with empty organization lists through, so they land on a UI
- * that simply hides every record. The standard remedy ("invite users
- * via an admin") doesn't apply to self-service signup.
- *
- * This helper, run right after a `sys_user` insert, ensures the new
- * user has at least one organization by creating a personal workspace
- * (named "<User>'s Workspace", slug `<username>-workspace`) and an
- * owner-role `sys_member` row. The user's session will pick this up as
- * their `activeOrganizationId` on the next sign-in / org-list refresh
- * (better-auth's `setActiveOrganization` runs lazily when the picker
- * sees exactly one membership).
- *
- * Idempotent: bails out if the user already has any `sys_member` row.
- * Slug collisions retry with a numeric suffix; a cap of 5 attempts
- * means a pathological username will fail loudly rather than loop.
- */
-interface EnsureOptions {
-    logger?: {
-        info: (message: string, meta?: Record<string, any>) => void;
-        warn: (message: string, meta?: Record<string, any>) => void;
-    };
-    /**
-     * Optional hook called after a personal org is successfully created.
-     * Used by SecurityPlugin to wire in `cloneTenantSeedData` so each
-     * new workspace gets its own copy of demo data. Pulled in via DI
-     * to keep this helper free of a hard import on the cloner (which
-     * keeps the tenant-claim and ensure-org test surfaces narrow).
-     */
-    cloneSeedData?: (ql: any, targetOrgId: string, opts: {
-        logger?: EnsureOptions['logger'];
-    }) => Promise<{
-        object: string;
-        count: number;
-    }[]>;
-}
-/**
- * Ensure `user` has at least one `sys_member` row. Creates a personal
- * organization owned by them if not.
- *
- * Returns `{ created: true, organizationId }` when a new org was made,
- * or `{ created: false, reason }` when the user already has memberships
- * or the operation was skipped.
- */
-declare function ensureUserHasOrganization(ql: any, user: {
-    id: string;
-    name?: string;
-    email?: string;
-}, options?: EnsureOptions): Promise<{
-    created: boolean;
-    organizationId?: string;
-    reason?: string;
-}>;
 interface CloneOptions {
     logger?: {
         info: (message: string, meta?: Record<string, any>) => void;
@@ -8804,4 +8773,4 @@ declare function cloneTenantSeedData(ql: any, targetOrgId: string, options?: Clo
     count: number;
 }[]>;
-export { FieldMasker, PermissionDeniedError, PermissionEvaluator, RLSCompiler, RLS_DENY_FILTER, SECURITY_PLUGIN_ID, SECURITY_PLUGIN_VERSION, SecurityPlugin, cloneTenantSeedData, ensureUserHasOrganization, isPermissionDeniedError, securityDefaultPermissionSets, securityObjects, securityPluginManifestHeader };
+export { FieldMasker, PermissionDeniedError, PermissionEvaluator, RLSCompiler, RLS_DENY_FILTER, SECURITY_PLUGIN_ID, SECURITY_PLUGIN_VERSION, SecurityPlugin, cloneTenantSeedData, isPermissionDeniedError, securityDefaultPermissionSets, securityObjects, securityPluginManifestHeader };

package/dist/index.d.ts CHANGED Viewed

@@ -927,6 +927,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -3366,6 +3374,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -5769,6 +5785,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -7694,6 +7718,14 @@ declare const securityObjects: ((Omit<{
     } | undefined;
     recordTypes?: string[] | undefined;
     sharingModel?: "read" | "full" | "private" | "read_write" | undefined;
+    publicSharing?: {
+        enabled: boolean;
+        allowedAudiences?: ("email" | "public" | "link_only" | "signed_in")[] | undefined;
+        allowedPermissions?: ("edit" | "view" | "comment")[] | undefined;
+        maxExpiryDays?: number | undefined;
+        redactFields?: string[] | undefined;
+        eligibility?: string | undefined;
+    } | undefined;
     keyPrefix?: string | undefined;
     detail?: {
         [x: string]: unknown;
@@ -8730,69 +8762,6 @@ declare const securityPluginManifestHeader: {
     description: string;
 };
-/**
- * ensureUserHasOrganization — auto-create a personal org for new users.
- *
- * In multi-tenant mode, every record visible through the default
- * `tenant_isolation` RLS policy must have an `organization_id`, and
- * every authenticated user must have an `activeOrganizationId` on their
- * session for that policy to evaluate to anything other than "deny
- * all". A user with zero `sys_member` rows, however, can sign in
- * successfully and reach the dashboard — the dashboard's
- * `RequireOrganization` guard has a single-tenant carve-out that lets
- * users with empty organization lists through, so they land on a UI
- * that simply hides every record. The standard remedy ("invite users
- * via an admin") doesn't apply to self-service signup.
- *
- * This helper, run right after a `sys_user` insert, ensures the new
- * user has at least one organization by creating a personal workspace
- * (named "<User>'s Workspace", slug `<username>-workspace`) and an
- * owner-role `sys_member` row. The user's session will pick this up as
- * their `activeOrganizationId` on the next sign-in / org-list refresh
- * (better-auth's `setActiveOrganization` runs lazily when the picker
- * sees exactly one membership).
- *
- * Idempotent: bails out if the user already has any `sys_member` row.
- * Slug collisions retry with a numeric suffix; a cap of 5 attempts
- * means a pathological username will fail loudly rather than loop.
- */
-interface EnsureOptions {
-    logger?: {
-        info: (message: string, meta?: Record<string, any>) => void;
-        warn: (message: string, meta?: Record<string, any>) => void;
-    };
-    /**
-     * Optional hook called after a personal org is successfully created.
-     * Used by SecurityPlugin to wire in `cloneTenantSeedData` so each
-     * new workspace gets its own copy of demo data. Pulled in via DI
-     * to keep this helper free of a hard import on the cloner (which
-     * keeps the tenant-claim and ensure-org test surfaces narrow).
-     */
-    cloneSeedData?: (ql: any, targetOrgId: string, opts: {
-        logger?: EnsureOptions['logger'];
-    }) => Promise<{
-        object: string;
-        count: number;
-    }[]>;
-}
-/**
- * Ensure `user` has at least one `sys_member` row. Creates a personal
- * organization owned by them if not.
- *
- * Returns `{ created: true, organizationId }` when a new org was made,
- * or `{ created: false, reason }` when the user already has memberships
- * or the operation was skipped.
- */
-declare function ensureUserHasOrganization(ql: any, user: {
-    id: string;
-    name?: string;
-    email?: string;
-}, options?: EnsureOptions): Promise<{
-    created: boolean;
-    organizationId?: string;
-    reason?: string;
-}>;
 interface CloneOptions {
     logger?: {
         info: (message: string, meta?: Record<string, any>) => void;
@@ -8804,4 +8773,4 @@ declare function cloneTenantSeedData(ql: any, targetOrgId: string, options?: Clo
     count: number;
 }[]>;
-export { FieldMasker, PermissionDeniedError, PermissionEvaluator, RLSCompiler, RLS_DENY_FILTER, SECURITY_PLUGIN_ID, SECURITY_PLUGIN_VERSION, SecurityPlugin, cloneTenantSeedData, ensureUserHasOrganization, isPermissionDeniedError, securityDefaultPermissionSets, securityObjects, securityPluginManifestHeader };
+export { FieldMasker, PermissionDeniedError, PermissionEvaluator, RLSCompiler, RLS_DENY_FILTER, SECURITY_PLUGIN_ID, SECURITY_PLUGIN_VERSION, SecurityPlugin, cloneTenantSeedData, isPermissionDeniedError, securityDefaultPermissionSets, securityObjects, securityPluginManifestHeader };

package/dist/index.js CHANGED Viewed

@@ -29,7 +29,6 @@ __export(index_exports, {
   SECURITY_PLUGIN_VERSION: () => SECURITY_PLUGIN_VERSION,
   SecurityPlugin: () => SecurityPlugin,
   cloneTenantSeedData: () => cloneTenantSeedData,
-  ensureUserHasOrganization: () => ensureUserHasOrganization,
   isPermissionDeniedError: () => isPermissionDeniedError,
   securityDefaultPermissionSets: () => securityDefaultPermissionSets,
   securityObjects: () => securityObjects,
@@ -378,6 +377,7 @@ function genId(prefix) {
 }
 async function bootstrapPlatformAdmin(ql, bootstrapPermissionSets, options = {}) {
   const logger = options.logger;
+  const multiTenant = options.multiTenant === true;
   if (!ql || typeof ql.find !== "function" || typeof ql.insert !== "function") {
     return { seeded: 0, adminPromoted: false, reason: "objectql_unavailable" };
   }
@@ -439,7 +439,48 @@ async function bootstrapPlatformAdmin(ql, bootstrapPermissionSets, options = {})
     return { seeded: seededCount, adminPromoted: false, reason: "insert_failed" };
   }
   logger?.info?.(`[security] first user promoted to platform admin: ${target.email ?? target.id}`);
-  return { seeded: seededCount, adminPromoted: true };
+  let defaultOrgCreated = false;
+  let defaultOrgId;
+  if (multiTenant) {
+    const memberships = await tryFind(ql, "sys_member", { user_id: target.id }, 1);
+    if (memberships.length === 0) {
+      const existingDefault = await tryFind(ql, "sys_organization", { slug: "default" }, 1);
+      if (existingDefault.length > 0 && existingDefault[0].id) {
+        defaultOrgId = String(existingDefault[0].id);
+      } else {
+        const newOrgId = genId("org");
+        const orgRow = await tryInsert(ql, "sys_organization", {
+          id: newOrgId,
+          name: "Default Organization",
+          slug: "default",
+          logo: null,
+          metadata: null
+        });
+        if (orgRow) {
+          defaultOrgId = orgRow?.id ?? newOrgId;
+          defaultOrgCreated = true;
+        } else {
+          logger?.warn?.("[security] failed to create default organization for platform admin");
+        }
+      }
+      if (defaultOrgId) {
+        const memRow = await tryInsert(ql, "sys_member", {
+          id: genId("mem"),
+          organization_id: defaultOrgId,
+          user_id: target.id,
+          role: "owner"
+        });
+        if (memRow) {
+          logger?.info?.(
+            `[security] bound platform admin to default organization (${defaultOrgId}): ${target.email ?? target.id}`
+          );
+        } else {
+          logger?.warn?.("[security] failed to bind platform admin to default organization");
+        }
+      }
+    }
+  }
+  return { seeded: seededCount, adminPromoted: true, defaultOrgCreated, defaultOrgId };
 }
 // src/claim-orphan-tenant-rows.ts
@@ -688,126 +729,6 @@ async function cloneTenantSeedData(ql, targetOrgId, options = {}) {
   return summary;
 }
-// src/ensure-user-has-organization.ts
-var SYSTEM_CTX4 = { isSystem: true };
-function genId2(prefix) {
-  const rand = Math.random().toString(36).slice(2, 10);
-  const ts = Date.now().toString(36);
-  return `${prefix}_${ts}${rand}`;
-}
-function slugify(input, fallback = "workspace") {
-  const cleaned = input.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
-  return cleaned || fallback;
-}
-function deriveSlugFallback(user) {
-  if (user.email) {
-    const local = user.email.split("@")[0] ?? "";
-    const localSlug = local.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 40);
-    if (localSlug) return localSlug;
-  }
-  const idTail = user.id.replace(/[^a-z0-9]/gi, "").slice(-8).toLowerCase();
-  return idTail ? `user-${idTail}` : "user";
-}
-function deriveBaseName(user) {
-  if (user.name && user.name.trim()) return user.name.trim();
-  if (user.email) {
-    const local = user.email.split("@")[0];
-    if (local) return local;
-  }
-  return user.id;
-}
-async function tryFind2(ql, object, where, limit = 1) {
-  try {
-    const rows = await ql.find(object, { where, limit }, { context: SYSTEM_CTX4 });
-    return Array.isArray(rows) ? rows : [];
-  } catch {
-    return [];
-  }
-}
-async function ensureUserHasOrganization(ql, user, options = {}) {
-  const logger = options.logger;
-  const cloneSeedData = options.cloneSeedData;
-  if (!ql || typeof ql.find !== "function" || typeof ql.insert !== "function") {
-    return { created: false, reason: "objectql_unavailable" };
-  }
-  if (!user?.id) return { created: false, reason: "invalid_user" };
-  const existing = await tryFind2(ql, "sys_member", { user_id: user.id }, 1);
-  if (existing.length > 0) {
-    return { created: false, reason: "already_member" };
-  }
-  const base = deriveBaseName(user);
-  const orgName = `${base}'s Workspace`;
-  const slugFallback = deriveSlugFallback(user);
-  const baseSlug = slugify(base, slugFallback);
-  let slug = `${baseSlug}-workspace`;
-  for (let attempt = 1; attempt <= 5; attempt += 1) {
-    const collision = await tryFind2(ql, "sys_organization", { slug }, 1);
-    if (collision.length === 0) break;
-    slug = `${baseSlug}-workspace-${attempt + 1}`;
-    if (attempt === 5) {
-      logger?.warn?.(
-        `[security] could not find a free slug for personal org of ${user.email ?? user.id}`
-      );
-      return { created: false, reason: "slug_exhausted" };
-    }
-  }
-  const orgId = genId2("org");
-  let orgRow = null;
-  try {
-    orgRow = await ql.insert(
-      "sys_organization",
-      { id: orgId, name: orgName, slug, logo: null, metadata: null },
-      { context: SYSTEM_CTX4 }
-    );
-  } catch (e) {
-    logger?.warn?.(`[security] failed to create personal org for ${user.email ?? user.id}`, {
-      error: e.message
-    });
-    return { created: false, reason: "org_insert_failed" };
-  }
-  const finalOrgId = orgRow?.id ?? orgId;
-  try {
-    await ql.insert(
-      "sys_member",
-      {
-        id: genId2("mem"),
-        organization_id: finalOrgId,
-        user_id: user.id,
-        role: "owner"
-      },
-      { context: SYSTEM_CTX4 }
-    );
-  } catch (e) {
-    logger?.warn?.(`[security] failed to create owner-member row for ${user.email ?? user.id}`, {
-      error: e.message
-    });
-    return { created: false, reason: "member_insert_failed", organizationId: finalOrgId };
-  }
-  logger?.info?.(
-    `[security] created personal organization "${orgName}" (${finalOrgId}) for ${user.email ?? user.id}`
-  );
-  if (cloneSeedData) {
-    void cloneSeedData(ql, finalOrgId, { logger }).then(
-      (summary) => {
-        if (summary.length > 0) {
-          const total = summary.reduce((s, c) => s + c.count, 0);
-          logger?.info?.(
-            `[security] cloned ${total} seed row(s) into personal organization ${finalOrgId}`,
-            { breakdown: summary }
-          );
-        }
-      },
-      (e) => {
-        logger?.warn?.("[security] cloneTenantSeedData failed", {
-          organizationId: finalOrgId,
-          error: e.message
-        });
-      }
-    );
-  }
-  return { created: true, organizationId: finalOrgId };
-}
 // src/manifest.ts
 var import_security = require("@objectstack/platform-objects/security");
 var SECURITY_PLUGIN_ID = "com.objectstack.plugin-security";
@@ -1042,7 +963,8 @@ var SecurityPlugin = class {
     const runBootstrap = async () => {
       try {
         const report = await bootstrapPlatformAdmin(ql, this.bootstrapPermissionSets, {
-          logger: ctx.logger
+          logger: ctx.logger,
+          multiTenant: this.multiTenant
         });
         bootstrapRanOnce = true;
         ctx.logger.info("[security] platform bootstrap complete", report);
@@ -1063,21 +985,6 @@ var SecurityPlugin = class {
         if (bootstrapRanOnce) {
           await runBootstrap();
         }
-        if (this.multiTenant) {
-          const newUser = opCtx?.result ?? opCtx?.data;
-          if (newUser?.id) {
-            try {
-              await ensureUserHasOrganization(ql, newUser, {
-                logger: ctx.logger,
-                cloneSeedData: cloneTenantSeedData
-              });
-            } catch (e) {
-              ctx.logger.warn("[security] ensure-user-has-organization failed", {
-                error: e.message
-              });
-            }
-          }
-        }
       }
     });
     if (this.multiTenant) {
@@ -1255,7 +1162,6 @@ var SecurityPlugin = class {
   SECURITY_PLUGIN_VERSION,
   SecurityPlugin,
   cloneTenantSeedData,
-  ensureUserHasOrganization,
   isPermissionDeniedError,
   securityDefaultPermissionSets,
   securityObjects,