@objectstack/setup 9.4.0 → 9.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +22 -1
- package/dist/index.d.ts +22 -1
- package/dist/index.js +56 -1
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +56 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.d.mts
CHANGED
|
@@ -1,4 +1,25 @@
|
|
|
1
1
|
export { SETUP_APP, SETUP_NAV_CONTRIBUTIONS } from '@objectstack/platform-objects/apps';
|
|
2
|
+
import { Doc } from '@objectstack/spec/system';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Setup app overview doc (ADR-0046), registered in this package's manifest so
|
|
6
|
+
* it groups under "Setup" in the `/_console/docs` index.
|
|
7
|
+
*
|
|
8
|
+
* Authored inline rather than as a flat `src/docs/*.md` file because this is a
|
|
9
|
+
* TS-first code package built by tsup, not a user app built by `os build` —
|
|
10
|
+
* `defineStack({ docs })` / manifest `docs[]` is the supported path for those
|
|
11
|
+
* (see `DocSchema` in `@objectstack/spec/system`). Plain CommonMark + GFM, no
|
|
12
|
+
* images/MDX, per ADR-0046 §3.4.
|
|
13
|
+
*
|
|
14
|
+
* Principle (from the HotCRM reference docs): document only the *invisible*
|
|
15
|
+
* rules, not what the Setup UI already shows. Deliberately three short bullets —
|
|
16
|
+
* the Users/Roles/Permission-set screens cover the rest; this page exists for
|
|
17
|
+
* the handful of behaviours those screens don't reveal.
|
|
18
|
+
*
|
|
19
|
+
* `translations` carries per-locale variants (ADR-0046 i18n); the REST layer
|
|
20
|
+
* collapses the doc to the request's `Accept-Language` and serves one body.
|
|
21
|
+
*/
|
|
22
|
+
declare const SETUP_OVERVIEW_DOC: Doc;
|
|
2
23
|
|
|
3
24
|
/**
|
|
4
25
|
* `@objectstack/setup` — the Setup platform-administration app as its own
|
|
@@ -44,4 +65,4 @@ declare class SetupAppPlugin {
|
|
|
44
65
|
/** Convenience factory mirroring the rest of the plugin ecosystem. */
|
|
45
66
|
declare function createSetupAppPlugin(): SetupAppPlugin;
|
|
46
67
|
|
|
47
|
-
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
|
68
|
+
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SETUP_OVERVIEW_DOC, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,25 @@
|
|
|
1
1
|
export { SETUP_APP, SETUP_NAV_CONTRIBUTIONS } from '@objectstack/platform-objects/apps';
|
|
2
|
+
import { Doc } from '@objectstack/spec/system';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* Setup app overview doc (ADR-0046), registered in this package's manifest so
|
|
6
|
+
* it groups under "Setup" in the `/_console/docs` index.
|
|
7
|
+
*
|
|
8
|
+
* Authored inline rather than as a flat `src/docs/*.md` file because this is a
|
|
9
|
+
* TS-first code package built by tsup, not a user app built by `os build` —
|
|
10
|
+
* `defineStack({ docs })` / manifest `docs[]` is the supported path for those
|
|
11
|
+
* (see `DocSchema` in `@objectstack/spec/system`). Plain CommonMark + GFM, no
|
|
12
|
+
* images/MDX, per ADR-0046 §3.4.
|
|
13
|
+
*
|
|
14
|
+
* Principle (from the HotCRM reference docs): document only the *invisible*
|
|
15
|
+
* rules, not what the Setup UI already shows. Deliberately three short bullets —
|
|
16
|
+
* the Users/Roles/Permission-set screens cover the rest; this page exists for
|
|
17
|
+
* the handful of behaviours those screens don't reveal.
|
|
18
|
+
*
|
|
19
|
+
* `translations` carries per-locale variants (ADR-0046 i18n); the REST layer
|
|
20
|
+
* collapses the doc to the request's `Accept-Language` and serves one body.
|
|
21
|
+
*/
|
|
22
|
+
declare const SETUP_OVERVIEW_DOC: Doc;
|
|
2
23
|
|
|
3
24
|
/**
|
|
4
25
|
* `@objectstack/setup` — the Setup platform-administration app as its own
|
|
@@ -44,4 +65,4 @@ declare class SetupAppPlugin {
|
|
|
44
65
|
/** Convenience factory mirroring the rest of the plugin ecosystem. */
|
|
45
66
|
declare function createSetupAppPlugin(): SetupAppPlugin;
|
|
46
67
|
|
|
47
|
-
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
|
68
|
+
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SETUP_OVERVIEW_DOC, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,58 @@
|
|
|
2
2
|
|
|
3
3
|
var apps = require('@objectstack/platform-objects/apps');
|
|
4
4
|
|
|
5
|
+
// src/index.ts
|
|
6
|
+
|
|
7
|
+
// src/setup-overview.doc.ts
|
|
8
|
+
var SETUP_OVERVIEW_DOC = {
|
|
9
|
+
name: "setup_overview",
|
|
10
|
+
label: "Setup overview",
|
|
11
|
+
description: "The non-obvious rules behind Setup: identity vs access, additive permissions, and record visibility.",
|
|
12
|
+
content: `# Setup overview
|
|
13
|
+
|
|
14
|
+
Setup is the administrator app. Its screens are mostly self-explanatory \u2014 these
|
|
15
|
+
are the few rules behind them that the UI does not show. For everything else,
|
|
16
|
+
see <https://docs.objectstack.ai>.
|
|
17
|
+
|
|
18
|
+
- **A user is identity, not access.** Creating a \`sys_user\` lets someone sign
|
|
19
|
+
in; *what* they can do comes entirely from the roles and permission sets you
|
|
20
|
+
then assign. Deactivating a user revokes sign-in without deleting their
|
|
21
|
+
records, so ownership and history survive.
|
|
22
|
+
- **Access is additive.** A user's effective permissions are the *union* of
|
|
23
|
+
every permission set granted to them \u2014 you grant capability, you never
|
|
24
|
+
subtract it.
|
|
25
|
+
- **"Can't see a record" is almost always sharing, not permissions.**
|
|
26
|
+
Object-level permissions decide which *kinds* of records a user can touch;
|
|
27
|
+
sharing decides *which rows*. Visibility starts from the org-wide default and
|
|
28
|
+
is only ever widened by the role hierarchy and sharing rules \u2014 never silently
|
|
29
|
+
narrowed.
|
|
30
|
+
|
|
31
|
+
See <https://docs.objectstack.ai> for the full security model.
|
|
32
|
+
`,
|
|
33
|
+
translations: {
|
|
34
|
+
zh: {
|
|
35
|
+
label: "Setup \u6982\u89C8",
|
|
36
|
+
description: "Setup \u80CC\u540E\u770B\u4E0D\u89C1\u7684\u51E0\u6761\u89C4\u5219:\u8EAB\u4EFD\u2260\u6743\u9650\u3001\u6743\u9650\u53E0\u52A0\u3001\u8BB0\u5F55\u53EF\u89C1\u6027\u3002",
|
|
37
|
+
content: `# Setup \u6982\u89C8
|
|
38
|
+
|
|
39
|
+
Setup \u662F\u7BA1\u7406\u5458\u5E94\u7528\u3002\u5B83\u7684\u754C\u9762\u5927\u591A\u4E00\u76EE\u4E86\u7136\u2014\u2014\u4E0B\u9762\u8FD9\u51E0\u6761\u662F\u754C\u9762\u80CC\u540E\u3001UI \u6CA1\u6709\u660E\u8BF4\u7684
|
|
40
|
+
\u89C4\u5219\u3002\u5176\u4F59\u5185\u5BB9\u89C1 <https://docs.objectstack.ai>\u3002
|
|
41
|
+
|
|
42
|
+
- **\u7528\u6237\u662F\u8EAB\u4EFD,\u4E0D\u662F\u6743\u9650\u3002** \u521B\u5EFA\u4E00\u6761 \`sys_user\` \u53EA\u662F\u8BA9\u4EBA\u80FD\u767B\u5F55;\u4ED6*\u80FD\u505A\u4EC0\u4E48*
|
|
43
|
+
\u5B8C\u5168\u7531\u4F60\u968F\u540E\u5206\u914D\u7684\u89D2\u8272\u548C\u6743\u9650\u96C6\u51B3\u5B9A\u3002\u505C\u7528\u7528\u6237\u4F1A\u6536\u56DE\u767B\u5F55\u6743,\u4F46\u4E0D\u5220\u9664\u5176\u8BB0\u5F55,
|
|
44
|
+
\u5F52\u5C5E\u4E0E\u5386\u53F2\u56E0\u6B64\u5F97\u4EE5\u4FDD\u7559\u3002
|
|
45
|
+
- **\u6743\u9650\u662F\u53E0\u52A0\u7684\u3002** \u7528\u6237\u7684\u6700\u7EC8\u6743\u9650\u662F\u5176\u6240\u6709\u6743\u9650\u96C6\u7684*\u5E76\u96C6*\u2014\u2014\u4F60\u662F\u5728\u6388\u4E88\u80FD\u529B,
|
|
46
|
+
\u4ECE\u4E0D\u505A\u51CF\u6CD5\u3002
|
|
47
|
+
- **"\u770B\u4E0D\u5230\u67D0\u6761\u8BB0\u5F55"\u51E0\u4E4E\u603B\u662F\u5171\u4EAB\u95EE\u9898,\u4E0D\u662F\u6743\u9650\u95EE\u9898\u3002** \u5BF9\u8C61\u7EA7\u6743\u9650\u51B3\u5B9A\u7528\u6237\u80FD\u78B0
|
|
48
|
+
*\u54EA\u7C7B*\u8BB0\u5F55;\u5171\u4EAB\u51B3\u5B9A*\u54EA\u4E9B\u884C*\u3002\u53EF\u89C1\u6027\u4ECE\u7EC4\u7EC7\u7EA7\u9ED8\u8BA4\u51FA\u53D1,\u53EA\u4F1A\u88AB\u89D2\u8272\u5C42\u7EA7\u548C\u5171\u4EAB\u89C4\u5219
|
|
49
|
+
*\u653E\u5BBD*,\u7EDD\u4E0D\u4F1A\u88AB\u6084\u6084\u6536\u7A84\u3002
|
|
50
|
+
|
|
51
|
+
\u5B8C\u6574\u5B89\u5168\u6A21\u578B\u89C1 <https://docs.objectstack.ai>\u3002
|
|
52
|
+
`
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
};
|
|
56
|
+
|
|
5
57
|
// src/index.ts
|
|
6
58
|
var SETUP_APP_PACKAGE_ID = "com.objectstack.setup";
|
|
7
59
|
var SETUP_APP_NAMESPACE = "setup";
|
|
@@ -33,7 +85,9 @@ var SetupAppPlugin = class {
|
|
|
33
85
|
manifest.register({
|
|
34
86
|
...setupAppManifestHeader,
|
|
35
87
|
apps: [apps.SETUP_APP],
|
|
36
|
-
navigationContributions: apps.SETUP_NAV_CONTRIBUTIONS
|
|
88
|
+
navigationContributions: apps.SETUP_NAV_CONTRIBUTIONS,
|
|
89
|
+
// ADR-0046 package docs — grouped under "Setup" at /_console/docs.
|
|
90
|
+
docs: [SETUP_OVERVIEW_DOC]
|
|
37
91
|
});
|
|
38
92
|
}
|
|
39
93
|
};
|
|
@@ -52,6 +106,7 @@ Object.defineProperty(exports, "SETUP_NAV_CONTRIBUTIONS", {
|
|
|
52
106
|
exports.SETUP_APP_NAMESPACE = SETUP_APP_NAMESPACE;
|
|
53
107
|
exports.SETUP_APP_PACKAGE_ID = SETUP_APP_PACKAGE_ID;
|
|
54
108
|
exports.SETUP_APP_VERSION = SETUP_APP_VERSION;
|
|
109
|
+
exports.SETUP_OVERVIEW_DOC = SETUP_OVERVIEW_DOC;
|
|
55
110
|
exports.SetupAppPlugin = SetupAppPlugin;
|
|
56
111
|
exports.createSetupAppPlugin = createSetupAppPlugin;
|
|
57
112
|
exports.setupAppManifestHeader = setupAppManifestHeader;
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"names":["SETUP_APP","SETUP_NAV_CONTRIBUTIONS"],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../src/setup-overview.doc.ts","../src/index.ts"],"names":["SETUP_APP","SETUP_NAV_CONTRIBUTIONS"],"mappings":";;;;;;;AAsBO,IAAM,kBAAA,GAA0B;AAAA,EACrC,IAAA,EAAM,gBAAA;AAAA,EACN,KAAA,EAAO,gBAAA;AAAA,EACP,WAAA,EAAa,sGAAA;AAAA,EACb,OAAA,EAAS,CAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA,CAAA;AAAA,EAqBT,YAAA,EAAc;AAAA,IACZ,EAAA,EAAI;AAAA,MACF,KAAA,EAAO,oBAAA;AAAA,MACP,WAAA,EAAa,2KAAA;AAAA,MACb,OAAA,EAAS,CAAA;;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAgBX;AAEJ;;;AChDO,IAAM,oBAAA,GAAuB;AAC7B,IAAM,mBAAA,GAAsB;AAC5B,IAAM,iBAAA,GAAoB;AAG1B,IAAM,sBAAA,GAAyB;AAAA,EACpC,EAAA,EAAI,oBAAA;AAAA,EACJ,SAAA,EAAW,mBAAA;AAAA,EACX,OAAA,EAAS,iBAAA;AAAA,EACT,IAAA,EAAM,QAAA;AAAA,EACN,KAAA,EAAO,QAAA;AAAA,EACP,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,uDAAA;AAAA,EACb,YAAA,EAAc,CAAC,6BAA6B;AAC9C;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAArB,WAAA,GAAA;AACL,IAAA,IAAA,CAAS,IAAA,GAAO,oBAAA;AAChB,IAAA,IAAA,CAAS,IAAA,GAAO,UAAA;AAChB,IAAA,IAAA,CAAS,OAAA,GAAU,iBAAA;AAGnB;AAAA;AAAA,IAAA,IAAA,CAAS,YAAA,GAAyB,CAAC,sBAAsB,CAAA;AAAA,EAAA;AAAA,EAEzD,MAAM,KAAK,IAAA,EAA0B;AAAA,EAErC;AAAA,EAEA,MAAM,MAAM,GAAA,EAAyB;AACnC,IAAA,MAAM,QAAA,GAAW,GAAA,EAAK,UAAA,GAAa,UAAU,CAAA;AAC7C,IAAA,IAAI,CAAC,QAAA,IAAY,OAAO,QAAA,CAAS,aAAa,UAAA,EAAY;AAC1D,IAAA,QAAA,CAAS,QAAA,CAAS;AAAA,MAChB,GAAG,sBAAA;AAAA,MACH,IAAA,EAAM,CAACA,cAAS,CAAA;AAAA,MAChB,uBAAA,EAAyBC,4BAAA;AAAA;AAAA,MAEzB,IAAA,EAAM,CAAC,kBAAkB;AAAA,KAC1B,CAAA;AAAA,EACH;AACF;AAGO,SAAS,oBAAA,GAAuC;AACrD,EAAA,OAAO,IAAI,cAAA,EAAe;AAC5B","file":"index.js","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { Doc } from '@objectstack/spec/system';\n\n/**\n * Setup app overview doc (ADR-0046), registered in this package's manifest so\n * it groups under \"Setup\" in the `/_console/docs` index.\n *\n * Authored inline rather than as a flat `src/docs/*.md` file because this is a\n * TS-first code package built by tsup, not a user app built by `os build` —\n * `defineStack({ docs })` / manifest `docs[]` is the supported path for those\n * (see `DocSchema` in `@objectstack/spec/system`). Plain CommonMark + GFM, no\n * images/MDX, per ADR-0046 §3.4.\n *\n * Principle (from the HotCRM reference docs): document only the *invisible*\n * rules, not what the Setup UI already shows. Deliberately three short bullets —\n * the Users/Roles/Permission-set screens cover the rest; this page exists for\n * the handful of behaviours those screens don't reveal.\n *\n * `translations` carries per-locale variants (ADR-0046 i18n); the REST layer\n * collapses the doc to the request's `Accept-Language` and serves one body.\n */\nexport const SETUP_OVERVIEW_DOC: Doc = {\n name: 'setup_overview',\n label: 'Setup overview',\n description: 'The non-obvious rules behind Setup: identity vs access, additive permissions, and record visibility.',\n content: `# Setup overview\n\nSetup is the administrator app. Its screens are mostly self-explanatory — these\nare the few rules behind them that the UI does not show. For everything else,\nsee <https://docs.objectstack.ai>.\n\n- **A user is identity, not access.** Creating a \\`sys_user\\` lets someone sign\n in; *what* they can do comes entirely from the roles and permission sets you\n then assign. Deactivating a user revokes sign-in without deleting their\n records, so ownership and history survive.\n- **Access is additive.** A user's effective permissions are the *union* of\n every permission set granted to them — you grant capability, you never\n subtract it.\n- **\"Can't see a record\" is almost always sharing, not permissions.**\n Object-level permissions decide which *kinds* of records a user can touch;\n sharing decides *which rows*. Visibility starts from the org-wide default and\n is only ever widened by the role hierarchy and sharing rules — never silently\n narrowed.\n\nSee <https://docs.objectstack.ai> for the full security model.\n`,\n translations: {\n zh: {\n label: 'Setup 概览',\n description: 'Setup 背后看不见的几条规则:身份≠权限、权限叠加、记录可见性。',\n content: `# Setup 概览\n\nSetup 是管理员应用。它的界面大多一目了然——下面这几条是界面背后、UI 没有明说的\n规则。其余内容见 <https://docs.objectstack.ai>。\n\n- **用户是身份,不是权限。** 创建一条 \\`sys_user\\` 只是让人能登录;他*能做什么*\n 完全由你随后分配的角色和权限集决定。停用用户会收回登录权,但不删除其记录,\n 归属与历史因此得以保留。\n- **权限是叠加的。** 用户的最终权限是其所有权限集的*并集*——你是在授予能力,\n 从不做减法。\n- **\"看不到某条记录\"几乎总是共享问题,不是权限问题。** 对象级权限决定用户能碰\n *哪类*记录;共享决定*哪些行*。可见性从组织级默认出发,只会被角色层级和共享规则\n *放宽*,绝不会被悄悄收窄。\n\n完整安全模型见 <https://docs.objectstack.ai>。\n`,\n },\n },\n};\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\n/**\n * `@objectstack/setup` — the Setup platform-administration app as its own\n * ObjectStack package (ADR-0048: one app per package).\n *\n * Like `@objectstack/studio`, Setup is a console navigation-shell app\n * (`AppSchema`) given a distinct package id (`com.objectstack.setup`) so\n * `/apps/<packageId>` resolves to exactly this app. Setup also ships the\n * baseline navigation contributions other packages extend into the Setup app.\n *\n * NOTE (transitional): `SETUP_APP` / `SETUP_NAV_CONTRIBUTIONS` are still\n * imported from `@objectstack/platform-objects/apps`, and this package is NOT\n * yet wired into the dev/serve plugin set — that boot-path switch lands\n * separately so it can be verified against a live `os dev` boot.\n */\n\nimport { SETUP_APP, SETUP_NAV_CONTRIBUTIONS } from '@objectstack/platform-objects/apps';\n\nimport { SETUP_OVERVIEW_DOC } from './setup-overview.doc.js';\n\nexport const SETUP_APP_PACKAGE_ID = 'com.objectstack.setup';\nexport const SETUP_APP_NAMESPACE = 'setup';\nexport const SETUP_APP_VERSION = '9.3.0';\n\n/** Manifest header for the Setup app package. */\nexport const setupAppManifestHeader = {\n id: SETUP_APP_PACKAGE_ID,\n namespace: SETUP_APP_NAMESPACE,\n version: SETUP_APP_VERSION,\n type: 'plugin' as const,\n scope: 'system' as const,\n name: 'Setup',\n description: 'ObjectStack Setup — platform administration app.',\n dependencies: ['com.objectstack.plugin-auth'],\n};\n\n/**\n * Thin plugin that registers the Setup app manifest (app + its baseline nav\n * contributions). Structurally typed against the kernel `Plugin` contract.\n */\nexport class SetupAppPlugin {\n readonly name = SETUP_APP_PACKAGE_ID;\n readonly type = 'standard';\n readonly version = SETUP_APP_VERSION;\n // Kernel plugin dependency is matched by plugin NAME (AuthPlugin.name =\n // 'com.objectstack.auth'), not by package id.\n readonly dependencies: string[] = ['com.objectstack.auth'];\n\n async init(_ctx: any): Promise<void> {\n // No-op: registration happens in start() once the manifest service exists.\n }\n\n async start(ctx: any): Promise<void> {\n const manifest = ctx?.getService?.('manifest');\n if (!manifest || typeof manifest.register !== 'function') return;\n manifest.register({\n ...setupAppManifestHeader,\n apps: [SETUP_APP],\n navigationContributions: SETUP_NAV_CONTRIBUTIONS,\n // ADR-0046 package docs — grouped under \"Setup\" at /_console/docs.\n docs: [SETUP_OVERVIEW_DOC],\n });\n }\n}\n\n/** Convenience factory mirroring the rest of the plugin ecosystem. */\nexport function createSetupAppPlugin(): SetupAppPlugin {\n return new SetupAppPlugin();\n}\n\nexport { SETUP_APP, SETUP_NAV_CONTRIBUTIONS };\nexport { SETUP_OVERVIEW_DOC };\n"]}
|
package/dist/index.mjs
CHANGED
|
@@ -1,6 +1,58 @@
|
|
|
1
1
|
import { SETUP_NAV_CONTRIBUTIONS, SETUP_APP } from '@objectstack/platform-objects/apps';
|
|
2
2
|
export { SETUP_APP, SETUP_NAV_CONTRIBUTIONS } from '@objectstack/platform-objects/apps';
|
|
3
3
|
|
|
4
|
+
// src/index.ts
|
|
5
|
+
|
|
6
|
+
// src/setup-overview.doc.ts
|
|
7
|
+
var SETUP_OVERVIEW_DOC = {
|
|
8
|
+
name: "setup_overview",
|
|
9
|
+
label: "Setup overview",
|
|
10
|
+
description: "The non-obvious rules behind Setup: identity vs access, additive permissions, and record visibility.",
|
|
11
|
+
content: `# Setup overview
|
|
12
|
+
|
|
13
|
+
Setup is the administrator app. Its screens are mostly self-explanatory \u2014 these
|
|
14
|
+
are the few rules behind them that the UI does not show. For everything else,
|
|
15
|
+
see <https://docs.objectstack.ai>.
|
|
16
|
+
|
|
17
|
+
- **A user is identity, not access.** Creating a \`sys_user\` lets someone sign
|
|
18
|
+
in; *what* they can do comes entirely from the roles and permission sets you
|
|
19
|
+
then assign. Deactivating a user revokes sign-in without deleting their
|
|
20
|
+
records, so ownership and history survive.
|
|
21
|
+
- **Access is additive.** A user's effective permissions are the *union* of
|
|
22
|
+
every permission set granted to them \u2014 you grant capability, you never
|
|
23
|
+
subtract it.
|
|
24
|
+
- **"Can't see a record" is almost always sharing, not permissions.**
|
|
25
|
+
Object-level permissions decide which *kinds* of records a user can touch;
|
|
26
|
+
sharing decides *which rows*. Visibility starts from the org-wide default and
|
|
27
|
+
is only ever widened by the role hierarchy and sharing rules \u2014 never silently
|
|
28
|
+
narrowed.
|
|
29
|
+
|
|
30
|
+
See <https://docs.objectstack.ai> for the full security model.
|
|
31
|
+
`,
|
|
32
|
+
translations: {
|
|
33
|
+
zh: {
|
|
34
|
+
label: "Setup \u6982\u89C8",
|
|
35
|
+
description: "Setup \u80CC\u540E\u770B\u4E0D\u89C1\u7684\u51E0\u6761\u89C4\u5219:\u8EAB\u4EFD\u2260\u6743\u9650\u3001\u6743\u9650\u53E0\u52A0\u3001\u8BB0\u5F55\u53EF\u89C1\u6027\u3002",
|
|
36
|
+
content: `# Setup \u6982\u89C8
|
|
37
|
+
|
|
38
|
+
Setup \u662F\u7BA1\u7406\u5458\u5E94\u7528\u3002\u5B83\u7684\u754C\u9762\u5927\u591A\u4E00\u76EE\u4E86\u7136\u2014\u2014\u4E0B\u9762\u8FD9\u51E0\u6761\u662F\u754C\u9762\u80CC\u540E\u3001UI \u6CA1\u6709\u660E\u8BF4\u7684
|
|
39
|
+
\u89C4\u5219\u3002\u5176\u4F59\u5185\u5BB9\u89C1 <https://docs.objectstack.ai>\u3002
|
|
40
|
+
|
|
41
|
+
- **\u7528\u6237\u662F\u8EAB\u4EFD,\u4E0D\u662F\u6743\u9650\u3002** \u521B\u5EFA\u4E00\u6761 \`sys_user\` \u53EA\u662F\u8BA9\u4EBA\u80FD\u767B\u5F55;\u4ED6*\u80FD\u505A\u4EC0\u4E48*
|
|
42
|
+
\u5B8C\u5168\u7531\u4F60\u968F\u540E\u5206\u914D\u7684\u89D2\u8272\u548C\u6743\u9650\u96C6\u51B3\u5B9A\u3002\u505C\u7528\u7528\u6237\u4F1A\u6536\u56DE\u767B\u5F55\u6743,\u4F46\u4E0D\u5220\u9664\u5176\u8BB0\u5F55,
|
|
43
|
+
\u5F52\u5C5E\u4E0E\u5386\u53F2\u56E0\u6B64\u5F97\u4EE5\u4FDD\u7559\u3002
|
|
44
|
+
- **\u6743\u9650\u662F\u53E0\u52A0\u7684\u3002** \u7528\u6237\u7684\u6700\u7EC8\u6743\u9650\u662F\u5176\u6240\u6709\u6743\u9650\u96C6\u7684*\u5E76\u96C6*\u2014\u2014\u4F60\u662F\u5728\u6388\u4E88\u80FD\u529B,
|
|
45
|
+
\u4ECE\u4E0D\u505A\u51CF\u6CD5\u3002
|
|
46
|
+
- **"\u770B\u4E0D\u5230\u67D0\u6761\u8BB0\u5F55"\u51E0\u4E4E\u603B\u662F\u5171\u4EAB\u95EE\u9898,\u4E0D\u662F\u6743\u9650\u95EE\u9898\u3002** \u5BF9\u8C61\u7EA7\u6743\u9650\u51B3\u5B9A\u7528\u6237\u80FD\u78B0
|
|
47
|
+
*\u54EA\u7C7B*\u8BB0\u5F55;\u5171\u4EAB\u51B3\u5B9A*\u54EA\u4E9B\u884C*\u3002\u53EF\u89C1\u6027\u4ECE\u7EC4\u7EC7\u7EA7\u9ED8\u8BA4\u51FA\u53D1,\u53EA\u4F1A\u88AB\u89D2\u8272\u5C42\u7EA7\u548C\u5171\u4EAB\u89C4\u5219
|
|
48
|
+
*\u653E\u5BBD*,\u7EDD\u4E0D\u4F1A\u88AB\u6084\u6084\u6536\u7A84\u3002
|
|
49
|
+
|
|
50
|
+
\u5B8C\u6574\u5B89\u5168\u6A21\u578B\u89C1 <https://docs.objectstack.ai>\u3002
|
|
51
|
+
`
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
};
|
|
55
|
+
|
|
4
56
|
// src/index.ts
|
|
5
57
|
var SETUP_APP_PACKAGE_ID = "com.objectstack.setup";
|
|
6
58
|
var SETUP_APP_NAMESPACE = "setup";
|
|
@@ -32,7 +84,9 @@ var SetupAppPlugin = class {
|
|
|
32
84
|
manifest.register({
|
|
33
85
|
...setupAppManifestHeader,
|
|
34
86
|
apps: [SETUP_APP],
|
|
35
|
-
navigationContributions: SETUP_NAV_CONTRIBUTIONS
|
|
87
|
+
navigationContributions: SETUP_NAV_CONTRIBUTIONS,
|
|
88
|
+
// ADR-0046 package docs — grouped under "Setup" at /_console/docs.
|
|
89
|
+
docs: [SETUP_OVERVIEW_DOC]
|
|
36
90
|
});
|
|
37
91
|
}
|
|
38
92
|
};
|
|
@@ -40,6 +94,6 @@ function createSetupAppPlugin() {
|
|
|
40
94
|
return new SetupAppPlugin();
|
|
41
95
|
}
|
|
42
96
|
|
|
43
|
-
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
|
97
|
+
export { SETUP_APP_NAMESPACE, SETUP_APP_PACKAGE_ID, SETUP_APP_VERSION, SETUP_OVERVIEW_DOC, SetupAppPlugin, createSetupAppPlugin, setupAppManifestHeader };
|
|
44
98
|
//# sourceMappingURL=index.mjs.map
|
|
45
99
|
//# sourceMappingURL=index.mjs.map
|
package/dist/index.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"sources":["../src/setup-overview.doc.ts","../src/index.ts"],"names":[],"mappings":";;;;;;AAsBO,IAAM,kBAAA,GAA0B;AAAA,EACrC,IAAA,EAAM,gBAAA;AAAA,EACN,KAAA,EAAO,gBAAA;AAAA,EACP,WAAA,EAAa,sGAAA;AAAA,EACb,OAAA,EAAS,CAAA;;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA,CAAA;AAAA,EAqBT,YAAA,EAAc;AAAA,IACZ,EAAA,EAAI;AAAA,MACF,KAAA,EAAO,oBAAA;AAAA,MACP,WAAA,EAAa,2KAAA;AAAA,MACb,OAAA,EAAS,CAAA;;AAAA;AAAA;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;AAAA;AAAA;AAAA;AAgBX;AAEJ;;;AChDO,IAAM,oBAAA,GAAuB;AAC7B,IAAM,mBAAA,GAAsB;AAC5B,IAAM,iBAAA,GAAoB;AAG1B,IAAM,sBAAA,GAAyB;AAAA,EACpC,EAAA,EAAI,oBAAA;AAAA,EACJ,SAAA,EAAW,mBAAA;AAAA,EACX,OAAA,EAAS,iBAAA;AAAA,EACT,IAAA,EAAM,QAAA;AAAA,EACN,KAAA,EAAO,QAAA;AAAA,EACP,IAAA,EAAM,OAAA;AAAA,EACN,WAAA,EAAa,uDAAA;AAAA,EACb,YAAA,EAAc,CAAC,6BAA6B;AAC9C;AAMO,IAAM,iBAAN,MAAqB;AAAA,EAArB,WAAA,GAAA;AACL,IAAA,IAAA,CAAS,IAAA,GAAO,oBAAA;AAChB,IAAA,IAAA,CAAS,IAAA,GAAO,UAAA;AAChB,IAAA,IAAA,CAAS,OAAA,GAAU,iBAAA;AAGnB;AAAA;AAAA,IAAA,IAAA,CAAS,YAAA,GAAyB,CAAC,sBAAsB,CAAA;AAAA,EAAA;AAAA,EAEzD,MAAM,KAAK,IAAA,EAA0B;AAAA,EAErC;AAAA,EAEA,MAAM,MAAM,GAAA,EAAyB;AACnC,IAAA,MAAM,QAAA,GAAW,GAAA,EAAK,UAAA,GAAa,UAAU,CAAA;AAC7C,IAAA,IAAI,CAAC,QAAA,IAAY,OAAO,QAAA,CAAS,aAAa,UAAA,EAAY;AAC1D,IAAA,QAAA,CAAS,QAAA,CAAS;AAAA,MAChB,GAAG,sBAAA;AAAA,MACH,IAAA,EAAM,CAAC,SAAS,CAAA;AAAA,MAChB,uBAAA,EAAyB,uBAAA;AAAA;AAAA,MAEzB,IAAA,EAAM,CAAC,kBAAkB;AAAA,KAC1B,CAAA;AAAA,EACH;AACF;AAGO,SAAS,oBAAA,GAAuC;AACrD,EAAA,OAAO,IAAI,cAAA,EAAe;AAC5B","file":"index.mjs","sourcesContent":["// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\nimport type { Doc } from '@objectstack/spec/system';\n\n/**\n * Setup app overview doc (ADR-0046), registered in this package's manifest so\n * it groups under \"Setup\" in the `/_console/docs` index.\n *\n * Authored inline rather than as a flat `src/docs/*.md` file because this is a\n * TS-first code package built by tsup, not a user app built by `os build` —\n * `defineStack({ docs })` / manifest `docs[]` is the supported path for those\n * (see `DocSchema` in `@objectstack/spec/system`). Plain CommonMark + GFM, no\n * images/MDX, per ADR-0046 §3.4.\n *\n * Principle (from the HotCRM reference docs): document only the *invisible*\n * rules, not what the Setup UI already shows. Deliberately three short bullets —\n * the Users/Roles/Permission-set screens cover the rest; this page exists for\n * the handful of behaviours those screens don't reveal.\n *\n * `translations` carries per-locale variants (ADR-0046 i18n); the REST layer\n * collapses the doc to the request's `Accept-Language` and serves one body.\n */\nexport const SETUP_OVERVIEW_DOC: Doc = {\n name: 'setup_overview',\n label: 'Setup overview',\n description: 'The non-obvious rules behind Setup: identity vs access, additive permissions, and record visibility.',\n content: `# Setup overview\n\nSetup is the administrator app. Its screens are mostly self-explanatory — these\nare the few rules behind them that the UI does not show. For everything else,\nsee <https://docs.objectstack.ai>.\n\n- **A user is identity, not access.** Creating a \\`sys_user\\` lets someone sign\n in; *what* they can do comes entirely from the roles and permission sets you\n then assign. Deactivating a user revokes sign-in without deleting their\n records, so ownership and history survive.\n- **Access is additive.** A user's effective permissions are the *union* of\n every permission set granted to them — you grant capability, you never\n subtract it.\n- **\"Can't see a record\" is almost always sharing, not permissions.**\n Object-level permissions decide which *kinds* of records a user can touch;\n sharing decides *which rows*. Visibility starts from the org-wide default and\n is only ever widened by the role hierarchy and sharing rules — never silently\n narrowed.\n\nSee <https://docs.objectstack.ai> for the full security model.\n`,\n translations: {\n zh: {\n label: 'Setup 概览',\n description: 'Setup 背后看不见的几条规则:身份≠权限、权限叠加、记录可见性。',\n content: `# Setup 概览\n\nSetup 是管理员应用。它的界面大多一目了然——下面这几条是界面背后、UI 没有明说的\n规则。其余内容见 <https://docs.objectstack.ai>。\n\n- **用户是身份,不是权限。** 创建一条 \\`sys_user\\` 只是让人能登录;他*能做什么*\n 完全由你随后分配的角色和权限集决定。停用用户会收回登录权,但不删除其记录,\n 归属与历史因此得以保留。\n- **权限是叠加的。** 用户的最终权限是其所有权限集的*并集*——你是在授予能力,\n 从不做减法。\n- **\"看不到某条记录\"几乎总是共享问题,不是权限问题。** 对象级权限决定用户能碰\n *哪类*记录;共享决定*哪些行*。可见性从组织级默认出发,只会被角色层级和共享规则\n *放宽*,绝不会被悄悄收窄。\n\n完整安全模型见 <https://docs.objectstack.ai>。\n`,\n },\n },\n};\n","// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.\n\n/**\n * `@objectstack/setup` — the Setup platform-administration app as its own\n * ObjectStack package (ADR-0048: one app per package).\n *\n * Like `@objectstack/studio`, Setup is a console navigation-shell app\n * (`AppSchema`) given a distinct package id (`com.objectstack.setup`) so\n * `/apps/<packageId>` resolves to exactly this app. Setup also ships the\n * baseline navigation contributions other packages extend into the Setup app.\n *\n * NOTE (transitional): `SETUP_APP` / `SETUP_NAV_CONTRIBUTIONS` are still\n * imported from `@objectstack/platform-objects/apps`, and this package is NOT\n * yet wired into the dev/serve plugin set — that boot-path switch lands\n * separately so it can be verified against a live `os dev` boot.\n */\n\nimport { SETUP_APP, SETUP_NAV_CONTRIBUTIONS } from '@objectstack/platform-objects/apps';\n\nimport { SETUP_OVERVIEW_DOC } from './setup-overview.doc.js';\n\nexport const SETUP_APP_PACKAGE_ID = 'com.objectstack.setup';\nexport const SETUP_APP_NAMESPACE = 'setup';\nexport const SETUP_APP_VERSION = '9.3.0';\n\n/** Manifest header for the Setup app package. */\nexport const setupAppManifestHeader = {\n id: SETUP_APP_PACKAGE_ID,\n namespace: SETUP_APP_NAMESPACE,\n version: SETUP_APP_VERSION,\n type: 'plugin' as const,\n scope: 'system' as const,\n name: 'Setup',\n description: 'ObjectStack Setup — platform administration app.',\n dependencies: ['com.objectstack.plugin-auth'],\n};\n\n/**\n * Thin plugin that registers the Setup app manifest (app + its baseline nav\n * contributions). Structurally typed against the kernel `Plugin` contract.\n */\nexport class SetupAppPlugin {\n readonly name = SETUP_APP_PACKAGE_ID;\n readonly type = 'standard';\n readonly version = SETUP_APP_VERSION;\n // Kernel plugin dependency is matched by plugin NAME (AuthPlugin.name =\n // 'com.objectstack.auth'), not by package id.\n readonly dependencies: string[] = ['com.objectstack.auth'];\n\n async init(_ctx: any): Promise<void> {\n // No-op: registration happens in start() once the manifest service exists.\n }\n\n async start(ctx: any): Promise<void> {\n const manifest = ctx?.getService?.('manifest');\n if (!manifest || typeof manifest.register !== 'function') return;\n manifest.register({\n ...setupAppManifestHeader,\n apps: [SETUP_APP],\n navigationContributions: SETUP_NAV_CONTRIBUTIONS,\n // ADR-0046 package docs — grouped under \"Setup\" at /_console/docs.\n docs: [SETUP_OVERVIEW_DOC],\n });\n }\n}\n\n/** Convenience factory mirroring the rest of the plugin ecosystem. */\nexport function createSetupAppPlugin(): SetupAppPlugin {\n return new SetupAppPlugin();\n}\n\nexport { SETUP_APP, SETUP_NAV_CONTRIBUTIONS };\nexport { SETUP_OVERVIEW_DOC };\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@objectstack/setup",
|
|
3
|
-
"version": "9.
|
|
3
|
+
"version": "9.5.1",
|
|
4
4
|
"license": "Apache-2.0",
|
|
5
5
|
"description": "ObjectStack Setup — the platform administration app, packaged as its own ObjectStack app package (ADR-0048: one app per package).",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -13,8 +13,8 @@
|
|
|
13
13
|
}
|
|
14
14
|
},
|
|
15
15
|
"dependencies": {
|
|
16
|
-
"@objectstack/platform-objects": "9.
|
|
17
|
-
"@objectstack/spec": "9.
|
|
16
|
+
"@objectstack/platform-objects": "9.5.1",
|
|
17
|
+
"@objectstack/spec": "9.5.1"
|
|
18
18
|
},
|
|
19
19
|
"devDependencies": {
|
|
20
20
|
"@types/node": "^25.9.2",
|