@objectstack/plugin-security 6.8.1 → 7.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +13 -17
  2. package/dist/index.d.mts +832 -276
  3. package/dist/index.d.ts +832 -276
  4. package/dist/index.js +213 -457
  5. package/dist/index.js.map +1 -1
  6. package/dist/index.mjs +211 -455
  7. package/dist/index.mjs.map +1 -1
  8. package/package.json +4 -4
package/README.md CHANGED
@@ -35,29 +35,25 @@ await kernel.bootstrap();
35
35
 
36
36
  ### Multi-tenant vs single-tenant
37
37
 
38
- `SecurityPlugin` defaults to **multi-tenant** mode. In this mode it:
38
+ `SecurityPlugin` is single-tenant by default. It enforces RBAC, owner-based RLS, and Field-Level Security regardless of mode.
39
39
 
40
- - Auto-injects `organization_id = ctx.tenantId` on insert when the target object declares an `organization_id` field.
41
- - Honours the wildcard `tenant_isolation` RLS policy
42
- (`organization_id = current_user.organization_id`) shipped with the
43
- default `member_default` / `viewer_readonly` permission sets.
44
-
45
- For single-tenant deployments, switch it off:
40
+ For **multi-tenant** (logical row-level Organization scoping) install [`@objectstack/plugin-org-scoping`](../plugin-org-scoping/README.md) *before* SecurityPlugin:
46
41
 
47
42
  ```typescript
48
- kernel.use(new SecurityPlugin({ multiTenant: false }));
43
+ import { OrgScopingPlugin } from '@objectstack/plugin-org-scoping';
44
+
45
+ await kernel.use(new OrgScopingPlugin()); // MUST be BEFORE SecurityPlugin
46
+ await kernel.use(new SecurityPlugin());
49
47
  ```
50
48
 
51
- This skips the per-insert metadata lookup that drives `organization_id`
52
- auto-injection (the `owner_id` injection still runs) and strips wildcard
53
- `current_user.organization_id` policies from the per-request policy
54
- set so the field-existence safety net never has to drop them
55
- individually. Field-Level Security, owner-based RLS, and per-object
56
- CRUD checks operate identically regardless of this flag.
49
+ SecurityPlugin probes `getService('org-scoping')` at start time:
50
+
51
+ - **Service present** → keeps the wildcard `tenant_isolation` RLS policy (`organization_id = current_user.organization_id`) shipped with the default `member_default` / `viewer_readonly` permission sets.
52
+ - **Service absent** → strips those wildcard policies so single-tenant deployments aren't filtered to zero rows.
53
+
54
+ `organization_id` auto-injection on insert is provided by OrgScopingPlugin; `owner_id` auto-injection always runs in SecurityPlugin regardless.
57
55
 
58
- In CLI / dev-server mode the same switch is exposed via the
59
- `OS_MULTI_TENANT` environment variable (default `true`); set
60
- `OS_MULTI_TENANT=false` before `objectstack serve` / `pnpm dev` to disable.
56
+ In CLI / dev-server mode the `OS_MULTI_TENANT` environment variable (default `false`) toggles whether the runtime registers `OrgScopingPlugin` alongside `SecurityPlugin`. Set `OS_MULTI_TENANT=true` before `objectstack serve` / `pnpm dev` to enable.
61
57
 
62
58
  ## Key Exports
63
59