@openhi/constructs 0.0.118 → 0.0.119

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/lib/{chunk-QWWLM452.mjs → chunk-7WDX6GPO.mjs} +57 -1
  2. package/lib/chunk-7WDX6GPO.mjs.map +1 -0
  3. package/lib/{chunk-AJQUWHFK.mjs → chunk-WXS3PUHR.mjs} +2 -2
  4. package/lib/index.js.map +1 -1
  5. package/lib/index.mjs +2 -2
  6. package/lib/provision-default-workspace.handler.js +53 -0
  7. package/lib/provision-default-workspace.handler.js.map +1 -1
  8. package/lib/provision-default-workspace.handler.mjs +1 -1
  9. package/lib/rest-api-lambda.handler.js +85 -0
  10. package/lib/rest-api-lambda.handler.js.map +1 -1
  11. package/lib/rest-api-lambda.handler.mjs +34 -1
  12. package/lib/rest-api-lambda.handler.mjs.map +1 -1
  13. package/lib/seed-demo-data.handler.js +53 -0
  14. package/lib/seed-demo-data.handler.js.map +1 -1
  15. package/lib/seed-demo-data.handler.mjs +2 -2
  16. package/package.json +3 -3
  17. package/lib/chunk-QWWLM452.mjs.map +0 -1
  18. /package/lib/{chunk-AJQUWHFK.mjs.map → chunk-WXS3PUHR.mjs.map} +0 -0
package/lib/index.mjs CHANGED
@@ -28,7 +28,7 @@ import {
28
28
  demoScenarioIdentifier,
29
29
  import_workflows,
30
30
  openhiResourceIdentifier
31
- } from "./chunk-AJQUWHFK.mjs";
31
+ } from "./chunk-WXS3PUHR.mjs";
32
32
  import {
33
33
  OWNING_DELETE_CASCADE_CONSUMER_NAME,
34
34
  OWNING_DELETE_CASCADE_DEFAULT_CONCURRENCY,
@@ -62,7 +62,7 @@ import {
62
62
  import {
63
63
  require_lib
64
64
  } from "./chunk-ZM4GDHHC.mjs";
65
- import "./chunk-QWWLM452.mjs";
65
+ import "./chunk-7WDX6GPO.mjs";
66
66
  import "./chunk-HQ67J7BP.mjs";
67
67
  import "./chunk-QJDHVMKT.mjs";
68
68
  import "./chunk-U7L7T4XU.mjs";
package/lib/provision-default-workspace.handler.js CHANGED
@@ -1953,6 +1953,19 @@ function extractDenormalizedReferenceDisplay(resource, fieldName) {
1953
1953
  return trimmed.length > 0 ? trimmed : void 0;
1954
1954
  }
1955
1955
 
1956
+ // src/data/operations/control/membership-constraints/assert-workspace-in-tenant-operation.ts
1957
+ async function assertWorkspaceInTenantOperation(params) {
1958
+ const { tenantId, workspaceId, tableName } = params;
1959
+ const service = getDynamoControlService(tableName);
1960
+ const { data: item } = await service.entities.workspace.get({ tenantId, id: workspaceId, sk: "CURRENT" }).go();
1961
+ if (!item) {
1962
+ throw new ConflictError(
1963
+ `Workspace ${workspaceId} does not belong to tenant ${tenantId}; the workspace must be created in the referenced tenant before this resource can reference it.`,
1964
+ { details: { tenantId, workspaceId } }
1965
+ );
1966
+ }
1967
+ }
1968
+
1956
1969
  // src/data/operations/control/multi-write-operation.ts
1957
1970
  var TRANSACT_WRITE_ITEM_LIMIT = 100;
1958
1971
  async function executeMultiWrite(params) {
@@ -2099,6 +2112,15 @@ async function createMembershipOperation(params) {
2099
2112
  resourceRecord,
2100
2113
  "workspace"
2101
2114
  );
2115
+ if (workspaceIdFromResource !== void 0) {
2116
+ const tenantIdFromResource = extractReferenceSlug(resourceRecord, "tenant");
2117
+ const referencedTenantId = tenantIdFromResource ?? context.tenantId;
2118
+ await assertWorkspaceInTenantOperation({
2119
+ tenantId: referencedTenantId,
2120
+ workspaceId: workspaceIdFromResource,
2121
+ tableName
2122
+ });
2123
+ }
2102
2124
  const userProjectionItem = userIdFromResource !== void 0 ? buildMembershipUserProjectionItem({
2103
2125
  tenantId: context.tenantId,
2104
2126
  userId: userIdFromResource,
@@ -2258,6 +2280,21 @@ function buildRoleAssignmentWorkspaceProjectionItem(input) {
2258
2280
  };
2259
2281
  }
2260
2282
 
2283
+ // src/data/operations/control/membership-constraints/assert-user-has-tenant-membership-operation.ts
2284
+ var TENANT_LANE_SK_PREFIX = "MEMBERSHIP#TENANT#";
2285
+ async function assertUserHasTenantMembershipOperation(params) {
2286
+ const { userId, tenantId, tableName } = params;
2287
+ const service = getDynamoControlService(tableName);
2288
+ const result = await service.entities.membershipUserProjection.query.record({ userId }).begins({ sk: TENANT_LANE_SK_PREFIX }).go();
2289
+ const matched = (result.data ?? []).some((row) => row.tenantId === tenantId);
2290
+ if (!matched) {
2291
+ throw new ConflictError(
2292
+ `User ${userId} has no tenant-level Membership in tenant ${tenantId}; a Membership must exist before a RoleAssignment can be created.`,
2293
+ { details: { userId, tenantId } }
2294
+ );
2295
+ }
2296
+ }
2297
+
2261
2298
  // src/data/operations/control/roleassignment/roleassignment-create-operation.ts
2262
2299
  async function createRoleAssignmentOperation(params) {
2263
2300
  const { context, body, tableName } = params;
@@ -2287,6 +2324,22 @@ async function createRoleAssignmentOperation(params) {
2287
2324
  resourceRecord,
2288
2325
  "workspace"
2289
2326
  );
2327
+ if (userIdFromResource !== void 0) {
2328
+ const tenantIdFromResource = extractReferenceSlug2(resourceRecord, "tenant");
2329
+ const referencedTenantId = tenantIdFromResource ?? context.tenantId;
2330
+ await assertUserHasTenantMembershipOperation({
2331
+ userId: userIdFromResource,
2332
+ tenantId: referencedTenantId,
2333
+ tableName
2334
+ });
2335
+ if (workspaceIdFromResource !== void 0) {
2336
+ await assertWorkspaceInTenantOperation({
2337
+ tenantId: referencedTenantId,
2338
+ workspaceId: workspaceIdFromResource,
2339
+ tableName
2340
+ });
2341
+ }
2342
+ }
2290
2343
  const userProjectionItem = userIdFromResource !== void 0 && roleIdFromResource !== void 0 ? buildRoleAssignmentUserProjectionItem({
2291
2344
  tenantId: context.tenantId,
2292
2345
  userId: userIdFromResource,