@objectstack/plugin-security 9.5.1 → 9.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +4 -4
  2. package/dist/index.d.ts +4 -4
  3. package/dist/index.js +11 -3
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +11 -3
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +6 -6
package/dist/index.mjs CHANGED
@@ -1,7 +1,12 @@
1
1
  var __defProp = Object.defineProperty;
2
2
  var __getOwnPropNames = Object.getOwnPropertyNames;
3
- var __esm = (fn, res) => function __init() {
4
- return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
3
+ var __esm = (fn, res, err) => function __init() {
4
+ if (err) throw err[0];
5
+ try {
6
+ return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
7
+ } catch (e) {
8
+ throw err = [e], e;
9
+ }
5
10
  };
6
11
  var __export = (target, all) => {
7
12
  for (var name in all)
@@ -896,6 +901,7 @@ var OPERATION_TO_PERMISSION = {
896
901
  update: "allowEdit",
897
902
  delete: "allowDelete"
898
903
  };
904
+ var DESTRUCTIVE_OPERATIONS = /* @__PURE__ */ new Set(["transfer", "restore", "purge"]);
899
905
  var PermissionEvaluator = class {
900
906
  /**
901
907
  * Check if an operation is allowed on an object for the given permission sets.
@@ -903,7 +909,9 @@ var PermissionEvaluator = class {
903
909
  */
904
910
  checkObjectPermission(operation, objectName, permissionSets) {
905
911
  const permKey = OPERATION_TO_PERMISSION[operation];
906
- if (!permKey) return true;
912
+ if (!permKey) {
913
+ return !DESTRUCTIVE_OPERATIONS.has(operation);
914
+ }
907
915
  for (const ps of permissionSets) {
908
916
  const objPerm = ps.objects?.[objectName] ?? ps.objects?.["*"];
909
917
  if (objPerm) {