@open-mercato/checkout 0.6.4-develop.4210.1.d412061cfe → 0.6.4-develop.4236.1.9fa6806b34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,10 +1,35 @@
1
1
  const features = [
2
2
  { id: "checkout.view", title: "View checkout links and transactions", module: "checkout" },
3
- { id: "checkout.create", title: "Create checkout links and templates", module: "checkout" },
4
- { id: "checkout.edit", title: "Edit checkout links and templates", module: "checkout" },
5
- { id: "checkout.delete", title: "Delete checkout links and templates", module: "checkout" },
6
- { id: "checkout.viewPii", title: "View checkout customer PII", module: "checkout" },
7
- { id: "checkout.export", title: "Export checkout transactions", module: "checkout" }
3
+ {
4
+ id: "checkout.create",
5
+ title: "Create checkout links and templates",
6
+ module: "checkout",
7
+ dependsOn: ["checkout.view", "sales.orders.view", "customers.people.view"]
8
+ },
9
+ {
10
+ id: "checkout.edit",
11
+ title: "Edit checkout links and templates",
12
+ module: "checkout",
13
+ dependsOn: ["checkout.view"]
14
+ },
15
+ {
16
+ id: "checkout.delete",
17
+ title: "Delete checkout links and templates",
18
+ module: "checkout",
19
+ dependsOn: ["checkout.view"]
20
+ },
21
+ {
22
+ id: "checkout.viewPii",
23
+ title: "View checkout customer PII",
24
+ module: "checkout",
25
+ dependsOn: ["checkout.view", "customers.people.view"]
26
+ },
27
+ {
28
+ id: "checkout.export",
29
+ title: "Export checkout transactions",
30
+ module: "checkout",
31
+ dependsOn: ["checkout.view"]
32
+ }
8
33
  ];
9
34
  var acl_default = features;
10
35
  export {
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../src/modules/checkout/acl.ts"],
4
- "sourcesContent": ["export const features = [\n { id: 'checkout.view', title: 'View checkout links and transactions', module: 'checkout' },\n { id: 'checkout.create', title: 'Create checkout links and templates', module: 'checkout' },\n { id: 'checkout.edit', title: 'Edit checkout links and templates', module: 'checkout' },\n { id: 'checkout.delete', title: 'Delete checkout links and templates', module: 'checkout' },\n { id: 'checkout.viewPii', title: 'View checkout customer PII', module: 'checkout' },\n { id: 'checkout.export', title: 'Export checkout transactions', module: 'checkout' },\n]\n\nexport default features\n"],
5
- "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,EAAE,IAAI,iBAAiB,OAAO,wCAAwC,QAAQ,WAAW;AAAA,EACzF,EAAE,IAAI,mBAAmB,OAAO,uCAAuC,QAAQ,WAAW;AAAA,EAC1F,EAAE,IAAI,iBAAiB,OAAO,qCAAqC,QAAQ,WAAW;AAAA,EACtF,EAAE,IAAI,mBAAmB,OAAO,uCAAuC,QAAQ,WAAW;AAAA,EAC1F,EAAE,IAAI,oBAAoB,OAAO,8BAA8B,QAAQ,WAAW;AAAA,EAClF,EAAE,IAAI,mBAAmB,OAAO,gCAAgC,QAAQ,WAAW;AACrF;AAEA,IAAO,cAAQ;",
4
+ "sourcesContent": ["export const features = [\n { id: 'checkout.view', title: 'View checkout links and transactions', module: 'checkout' },\n {\n id: 'checkout.create',\n title: 'Create checkout links and templates',\n module: 'checkout',\n dependsOn: ['checkout.view', 'sales.orders.view', 'customers.people.view'],\n },\n {\n id: 'checkout.edit',\n title: 'Edit checkout links and templates',\n module: 'checkout',\n dependsOn: ['checkout.view'],\n },\n {\n id: 'checkout.delete',\n title: 'Delete checkout links and templates',\n module: 'checkout',\n dependsOn: ['checkout.view'],\n },\n {\n id: 'checkout.viewPii',\n title: 'View checkout customer PII',\n module: 'checkout',\n dependsOn: ['checkout.view', 'customers.people.view'],\n },\n {\n id: 'checkout.export',\n title: 'Export checkout transactions',\n module: 'checkout',\n dependsOn: ['checkout.view'],\n },\n]\n\nexport default features\n"],
5
+ "mappings": "AAAO,MAAM,WAAW;AAAA,EACtB,EAAE,IAAI,iBAAiB,OAAO,wCAAwC,QAAQ,WAAW;AAAA,EACzF;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,CAAC,iBAAiB,qBAAqB,uBAAuB;AAAA,EAC3E;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,CAAC,eAAe;AAAA,EAC7B;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,CAAC,eAAe;AAAA,EAC7B;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,CAAC,iBAAiB,uBAAuB;AAAA,EACtD;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,OAAO;AAAA,IACP,QAAQ;AAAA,IACR,WAAW,CAAC,eAAe;AAAA,EAC7B;AACF;AAEA,IAAO,cAAQ;",
6
6
  "names": []
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@open-mercato/checkout",
3
- "version": "0.6.4-develop.4210.1.d412061cfe",
3
+ "version": "0.6.4-develop.4236.1.9fa6806b34",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "scripts": {
@@ -61,18 +61,18 @@
61
61
  }
62
62
  },
63
63
  "dependencies": {
64
- "@open-mercato/core": "0.6.4-develop.4210.1.d412061cfe",
65
- "@open-mercato/ui": "0.6.4-develop.4210.1.d412061cfe",
64
+ "@open-mercato/core": "0.6.4-develop.4236.1.9fa6806b34",
65
+ "@open-mercato/ui": "0.6.4-develop.4236.1.9fa6806b34",
66
66
  "bcryptjs": "^3.0.3"
67
67
  },
68
68
  "peerDependencies": {
69
69
  "@mikro-orm/postgresql": "^7.0.14",
70
- "@open-mercato/shared": "0.6.4-develop.4210.1.d412061cfe",
70
+ "@open-mercato/shared": "0.6.4-develop.4236.1.9fa6806b34",
71
71
  "react": "^19.0.0",
72
72
  "react-dom": "^19.0.0"
73
73
  },
74
74
  "devDependencies": {
75
- "@open-mercato/shared": "0.6.4-develop.4210.1.d412061cfe",
75
+ "@open-mercato/shared": "0.6.4-develop.4236.1.9fa6806b34",
76
76
  "@types/jest": "^30.0.0",
77
77
  "@types/react": "^19.2.15",
78
78
  "@types/react-dom": "^19.2.3",
@@ -0,0 +1,61 @@
1
+ /** @jest-environment node */
2
+
3
+ import { describe, test, expect } from '@jest/globals'
4
+ import {
5
+ resolveAclDependencyDiagnostics,
6
+ type FeatureDescriptor,
7
+ } from '@open-mercato/shared/security/aclDependencies'
8
+ import { features as checkoutFeatures } from '../acl'
9
+ import { features as salesFeatures } from '@open-mercato/core/modules/sales/acl'
10
+ import { features as customersFeatures } from '@open-mercato/core/modules/customers/acl'
11
+
12
+ // The checkout dependency table (spec §6.30) references features from the
13
+ // sales and customers modules, so the catalog the resolver checks against must
14
+ // include them or those cross-module ids would surface as unknown references.
15
+ const combinedCatalog: FeatureDescriptor[] = [
16
+ ...(checkoutFeatures as FeatureDescriptor[]),
17
+ ...(salesFeatures as FeatureDescriptor[]),
18
+ ...(customersFeatures as FeatureDescriptor[]),
19
+ ]
20
+
21
+ const checkoutFeatureIds = (checkoutFeatures as FeatureDescriptor[]).map((feature) => feature.id)
22
+
23
+ describe('checkout ACL dependency declarations', () => {
24
+ test('every checkout dependency resolves to a known feature (no unknown references)', () => {
25
+ const diagnostics = resolveAclDependencyDiagnostics(
26
+ combinedCatalog.map((feature) => feature.id),
27
+ combinedCatalog,
28
+ )
29
+ const checkoutUnknown = diagnostics.unknownReferences.filter((entry) =>
30
+ entry.feature.startsWith('checkout.'),
31
+ )
32
+ expect(checkoutUnknown).toEqual([])
33
+ })
34
+
35
+ test('write features depend on checkout.view', () => {
36
+ const byId = new Map(
37
+ (checkoutFeatures as FeatureDescriptor[]).map((feature) => [feature.id, feature]),
38
+ )
39
+ for (const id of ['checkout.create', 'checkout.edit', 'checkout.delete', 'checkout.viewPii', 'checkout.export']) {
40
+ expect(byId.get(id)?.dependsOn).toContain('checkout.view')
41
+ }
42
+ })
43
+
44
+ test('granting checkout.create alone surfaces the cross-module read dependencies', () => {
45
+ const diagnostics = resolveAclDependencyDiagnostics(['checkout.create'], combinedCatalog)
46
+ const createEntry = diagnostics.missingDependencies.find(
47
+ (entry) => entry.feature === 'checkout.create',
48
+ )
49
+ expect(createEntry).toBeDefined()
50
+ expect([...(createEntry?.missing ?? [])].sort()).toEqual(
51
+ ['checkout.view', 'customers.people.view', 'sales.orders.view'].sort(),
52
+ )
53
+ })
54
+
55
+ test('checkout.viewPii depends on the customers people read feature', () => {
56
+ const viewPii = (checkoutFeatures as FeatureDescriptor[]).find(
57
+ (feature) => feature.id === 'checkout.viewPii',
58
+ )
59
+ expect(viewPii?.dependsOn).toContain('customers.people.view')
60
+ })
61
+ })
@@ -1,10 +1,35 @@
1
1
  export const features = [
2
2
  { id: 'checkout.view', title: 'View checkout links and transactions', module: 'checkout' },
3
- { id: 'checkout.create', title: 'Create checkout links and templates', module: 'checkout' },
4
- { id: 'checkout.edit', title: 'Edit checkout links and templates', module: 'checkout' },
5
- { id: 'checkout.delete', title: 'Delete checkout links and templates', module: 'checkout' },
6
- { id: 'checkout.viewPii', title: 'View checkout customer PII', module: 'checkout' },
7
- { id: 'checkout.export', title: 'Export checkout transactions', module: 'checkout' },
3
+ {
4
+ id: 'checkout.create',
5
+ title: 'Create checkout links and templates',
6
+ module: 'checkout',
7
+ dependsOn: ['checkout.view', 'sales.orders.view', 'customers.people.view'],
8
+ },
9
+ {
10
+ id: 'checkout.edit',
11
+ title: 'Edit checkout links and templates',
12
+ module: 'checkout',
13
+ dependsOn: ['checkout.view'],
14
+ },
15
+ {
16
+ id: 'checkout.delete',
17
+ title: 'Delete checkout links and templates',
18
+ module: 'checkout',
19
+ dependsOn: ['checkout.view'],
20
+ },
21
+ {
22
+ id: 'checkout.viewPii',
23
+ title: 'View checkout customer PII',
24
+ module: 'checkout',
25
+ dependsOn: ['checkout.view', 'customers.people.view'],
26
+ },
27
+ {
28
+ id: 'checkout.export',
29
+ title: 'Export checkout transactions',
30
+ module: 'checkout',
31
+ dependsOn: ['checkout.view'],
32
+ },
8
33
  ]
9
34
 
10
35
  export default features