@powerhousedao/reactor-api 5.1.0-staging.0 → 5.2.0-staging.1

package/dist/index.d.ts

@@ -5,6 +5,7 @@ export * from "./src/packages/package-manager.js";
 export * from "./src/packages/vite-loader.js";
 export * from "./src/server.js";
 export * from "./src/services/auth.service.js";
+export * from "./src/services/document-permission.service.js";
 export * from "./src/sync/types.js";
 export * from "./src/sync/utils.js";
 export * from "./src/types.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+CAA+C,CAAC;AAC9D,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}

package/dist/index.js

@@ -5,6 +5,7 @@ export * from "./src/packages/package-manager.js";
 export * from "./src/packages/vite-loader.js";
 export * from "./src/server.js";
 export * from "./src/services/auth.service.js";
+export * from "./src/services/document-permission.service.js";
 export * from "./src/sync/types.js";
 export * from "./src/sync/utils.js";
 export * from "./src/types.js";

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAC;AACvC,cAAc,wBAAwB,CAAC;AACvC,cAAc,iCAAiC,CAAC;AAChD,cAAc,mCAAmC,CAAC;AAClD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,+CAA+C,CAAC;AAC9D,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sBAAsB,CAAC"}

package/dist/src/graphql/auth/index.d.ts

@@ -0,0 +1,2 @@
+export { AuthSubgraph } from "./subgraph.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/graphql/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/graphql/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC"}

package/dist/src/graphql/auth/index.js

@@ -0,0 +1,2 @@
+export { AuthSubgraph } from "./subgraph.js";
+//# sourceMappingURL=index.js.map

package/dist/src/graphql/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/graphql/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC"}

package/dist/src/graphql/auth/resolvers.d.ts

@@ -0,0 +1,149 @@
+import type { DocumentPermissionService, GetParentIdsFn } from "../../services/document-permission.service.js";
+import type { DocumentPermissionLevel } from "../../utils/db.js";
+import type { IReactorClient } from "@powerhousedao/reactor";
+export type DocumentAccessInfo = {
+    documentId: string;
+    permissions: Array<{
+        documentId: string;
+        userAddress: string;
+        permission: DocumentPermissionLevel;
+        grantedBy: string;
+        createdAt: Date;
+        updatedAt: Date;
+    }>;
+    groupPermissions: Array<{
+        documentId: string;
+        groupId: number;
+        permission: DocumentPermissionLevel;
+        grantedBy: string;
+        createdAt: Date;
+        updatedAt: Date;
+    }>;
+};
+export declare function documentAccess(service: DocumentPermissionService, args: {
+    documentId: string;
+}): Promise<DocumentAccessInfo>;
+export declare function userDocumentPermissions(service: DocumentPermissionService, userAddress: string): Promise<Array<{
+    documentId: string;
+    userAddress: string;
+    permission: DocumentPermissionLevel;
+    grantedBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}>>;
+export declare function grantDocumentPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    userAddress: string;
+    permission: DocumentPermissionLevel;
+}, grantedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<{
+    documentId: string;
+    userAddress: string;
+    permission: DocumentPermissionLevel;
+    grantedBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}>;
+export declare function revokeDocumentPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    userAddress: string;
+}, revokedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<boolean>;
+/**
+ * Create a getParentIds function using the reactor client
+ */
+export declare function createGetParentIdsFn(reactorClient: IReactorClient): GetParentIdsFn;
+export type Group = {
+    id: number;
+    name: string;
+    description: string | null;
+    createdAt: Date;
+    updatedAt: Date;
+};
+export declare function groups(service: DocumentPermissionService): Promise<Group[]>;
+export declare function group(service: DocumentPermissionService, args: {
+    id: number;
+}): Promise<Group | null>;
+export declare function userGroups(service: DocumentPermissionService, args: {
+    userAddress: string;
+}): Promise<Group[]>;
+export declare function createGroup(service: DocumentPermissionService, args: {
+    name: string;
+    description?: string | null;
+}): Promise<Group>;
+export declare function deleteGroup(service: DocumentPermissionService, args: {
+    id: number;
+}): Promise<boolean>;
+export declare function addUserToGroup(service: DocumentPermissionService, args: {
+    userAddress: string;
+    groupId: number;
+}): Promise<boolean>;
+export declare function removeUserFromGroup(service: DocumentPermissionService, args: {
+    userAddress: string;
+    groupId: number;
+}): Promise<boolean>;
+export declare function getGroupMembers(service: DocumentPermissionService, groupId: number): Promise<string[]>;
+export type DocumentGroupPermission = {
+    documentId: string;
+    groupId: number;
+    permission: DocumentPermissionLevel;
+    grantedBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+};
+export declare function grantGroupPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    groupId: number;
+    permission: DocumentPermissionLevel;
+}, grantedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<DocumentGroupPermission>;
+export declare function revokeGroupPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    groupId: number;
+}, revokedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<boolean>;
+export type OperationUserPermission = {
+    documentId: string;
+    operationType: string;
+    userAddress: string;
+    grantedBy: string;
+    createdAt: Date;
+};
+export type OperationGroupPermission = {
+    documentId: string;
+    operationType: string;
+    groupId: number;
+    grantedBy: string;
+    createdAt: Date;
+};
+export type OperationPermissionsInfo = {
+    documentId: string;
+    operationType: string;
+    userPermissions: OperationUserPermission[];
+    groupPermissions: OperationGroupPermission[];
+};
+export declare function operationPermissions(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+}): Promise<OperationPermissionsInfo>;
+export declare function canExecuteOperation(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+}, userAddress: string | undefined): Promise<boolean>;
+export declare function grantOperationPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+    userAddress: string;
+}, grantedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<OperationUserPermission>;
+export declare function revokeOperationPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+    userAddress: string;
+}, revokedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<boolean>;
+export declare function grantGroupOperationPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+    groupId: number;
+}, grantedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<OperationGroupPermission>;
+export declare function revokeGroupOperationPermission(service: DocumentPermissionService, args: {
+    documentId: string;
+    operationType: string;
+    groupId: number;
+}, revokedByAddress: string | undefined, isGlobalAdmin: boolean): Promise<boolean>;
+//# sourceMappingURL=resolvers.d.ts.map

package/dist/src/graphql/auth/resolvers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.d.ts","sourceRoot":"","sources":["../../../../src/graphql/auth/resolvers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,yBAAyB,EACzB,cAAc,EACf,MAAM,+CAA+C,CAAC;AACvD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAM7D,MAAM,MAAM,kBAAkB,GAAG;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,KAAK,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,uBAAuB,CAAC;QACpC,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,IAAI,CAAC;QAChB,SAAS,EAAE,IAAI,CAAC;KACjB,CAAC,CAAC;IACH,gBAAgB,EAAE,KAAK,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,uBAAuB,CAAC;QACpC,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,IAAI,CAAC;QAChB,SAAS,EAAE,IAAI,CAAC;KACjB,CAAC,CAAC;CACJ,CAAC;AAEF,wBAAsB,cAAc,CAClC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,kBAAkB,CAAC,CAW7B;AAED,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,yBAAyB,EAClC,WAAW,EAAE,MAAM,GAClB,OAAO,CACR,KAAK,CAAC;IACJ,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC,CACH,CAEA;AAED,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IACJ,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,uBAAuB,CAAC;CACrC,EACD,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC;IACT,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC,CAwBD;AAED,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,EACjD,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,OAAO,CAAC,CAoBlB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,EAAE,cAAc,GAC5B,cAAc,CAUhB;AAMD,MAAM,MAAM,KAAK,GAAG;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC;AAEF,wBAAsB,MAAM,CAC1B,OAAO,EAAE,yBAAyB,GACjC,OAAO,CAAC,KAAK,EAAE,CAAC,CAElB;AAED,wBAAsB,KAAK,CACzB,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GACnB,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAEvB;AAED,wBAAsB,UAAU,CAC9B,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,GAC5B,OAAO,CAAC,KAAK,EAAE,CAAC,CAElB;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GAClD,OAAO,CAAC,KAAK,CAAC,CAEhB;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GACnB,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAC7C,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAC7C,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,yBAAyB,EAClC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,EAAE,CAAC,CAEnB;AAMD,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC;AAEF,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IACJ,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,uBAAuB,CAAC;CACrC,EACD,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,uBAAuB,CAAC,CAwBlC;AAED,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAC7C,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,OAAO,CAAC,CAoBlB;AAMD,MAAM,MAAM,uBAAuB,GAAG;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,uBAAuB,EAAE,CAAC;IAC3C,gBAAgB,EAAE,wBAAwB,EAAE,CAAC;CAC9C,CAAC;AAEF,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GAClD,OAAO,CAAC,wBAAwB,CAAC,CAgBnC;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,EACnD,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC,CAMlB;AAED,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,EACxE,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,uBAAuB,CAAC,CAuBlC;AAED,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,EACxE,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,OAAO,CAAC,CAuBlB;AAED,wBAAsB,6BAA6B,CACjD,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EACpE,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,wBAAwB,CAAC,CAuBnC;AAED,wBAAsB,8BAA8B,CAClD,OAAO,EAAE,yBAAyB,EAClC,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EACpE,gBAAgB,EAAE,MAAM,GAAG,SAAS,EACpC,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,OAAO,CAAC,CAuBlB"}

package/dist/src/graphql/auth/resolvers.js

@@ -0,0 +1,173 @@
+import { GraphQLError } from "graphql";
+export async function documentAccess(service, args) {
+    const permissions = await service.getDocumentPermissions(args.documentId);
+    const groupPermissions = await service.getDocumentGroupPermissions(args.documentId);
+    return {
+        documentId: args.documentId,
+        permissions,
+        groupPermissions,
+    };
+}
+export async function userDocumentPermissions(service, userAddress) {
+    return service.getUserDocuments(userAddress);
+}
+export async function grantDocumentPermission(service, args, grantedByAddress, isGlobalAdmin) {
+    // Check authorization: must be global admin or document admin
+    if (!grantedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, grantedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
+        }
+    }
+    return service.grantPermission(args.documentId, args.userAddress, args.permission, grantedByAddress);
+}
+export async function revokeDocumentPermission(service, args, revokedByAddress, isGlobalAdmin) {
+    // Check authorization: must be global admin or document admin
+    if (!revokedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, revokedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
+        }
+    }
+    await service.revokePermission(args.documentId, args.userAddress);
+    return true;
+}
+/**
+ * Create a getParentIds function using the reactor client
+ */
+export function createGetParentIdsFn(reactorClient) {
+    return async (documentId) => {
+        try {
+            const result = await reactorClient.getParents(documentId);
+            return result.results.map((doc) => doc.header.id);
+        }
+        catch {
+            // If document has no parents or error, return empty array
+            return [];
+        }
+    };
+}
+export async function groups(service) {
+    return service.listGroups();
+}
+export async function group(service, args) {
+    return service.getGroup(args.id);
+}
+export async function userGroups(service, args) {
+    return service.getUserGroups(args.userAddress);
+}
+export async function createGroup(service, args) {
+    return service.createGroup(args.name, args.description ?? undefined);
+}
+export async function deleteGroup(service, args) {
+    await service.deleteGroup(args.id);
+    return true;
+}
+export async function addUserToGroup(service, args) {
+    await service.addUserToGroup(args.userAddress, args.groupId);
+    return true;
+}
+export async function removeUserFromGroup(service, args) {
+    await service.removeUserFromGroup(args.userAddress, args.groupId);
+    return true;
+}
+export async function getGroupMembers(service, groupId) {
+    return service.getGroupMembers(groupId);
+}
+export async function grantGroupPermission(service, args, grantedByAddress, isGlobalAdmin) {
+    // Check authorization: must be global admin or document admin
+    if (!grantedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, grantedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to grant permissions");
+        }
+    }
+    return service.grantGroupPermission(args.documentId, args.groupId, args.permission, grantedByAddress);
+}
+export async function revokeGroupPermission(service, args, revokedByAddress, isGlobalAdmin) {
+    // Check authorization: must be global admin or document admin
+    if (!revokedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, revokedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to revoke permissions");
+        }
+    }
+    await service.revokeGroupPermission(args.documentId, args.groupId);
+    return true;
+}
+export async function operationPermissions(service, args) {
+    const userPermissions = await service.getOperationUserPermissions(args.documentId, args.operationType);
+    const groupPermissions = await service.getOperationGroupPermissions(args.documentId, args.operationType);
+    return {
+        documentId: args.documentId,
+        operationType: args.operationType,
+        userPermissions,
+        groupPermissions,
+    };
+}
+export async function canExecuteOperation(service, args, userAddress) {
+    return service.canExecuteOperation(args.documentId, args.operationType, userAddress);
+}
+export async function grantOperationPermission(service, args, grantedByAddress, isGlobalAdmin) {
+    if (!grantedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, grantedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
+        }
+    }
+    return service.grantOperationPermission(args.documentId, args.operationType, args.userAddress, grantedByAddress);
+}
+export async function revokeOperationPermission(service, args, revokedByAddress, isGlobalAdmin) {
+    if (!revokedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, revokedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
+        }
+    }
+    await service.revokeOperationPermission(args.documentId, args.operationType, args.userAddress);
+    return true;
+}
+export async function grantGroupOperationPermission(service, args, grantedByAddress, isGlobalAdmin) {
+    if (!grantedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, grantedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to grant operation permissions");
+        }
+    }
+    return service.grantGroupOperationPermission(args.documentId, args.operationType, args.groupId, grantedByAddress);
+}
+export async function revokeGroupOperationPermission(service, args, revokedByAddress, isGlobalAdmin) {
+    if (!revokedByAddress) {
+        throw new GraphQLError("Authentication required");
+    }
+    if (!isGlobalAdmin) {
+        const canManage = await service.canManageDocument(args.documentId, revokedByAddress);
+        if (!canManage) {
+            throw new GraphQLError("Forbidden: You must be an admin of this document to revoke operation permissions");
+        }
+    }
+    await service.revokeGroupOperationPermission(args.documentId, args.operationType, args.groupId);
+    return true;
+}
+//# sourceMappingURL=resolvers.js.map

package/dist/src/graphql/auth/resolvers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolvers.js","sourceRoot":"","sources":["../../../../src/graphql/auth/resolvers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAgCvC,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAkC,EAClC,IAA4B;IAE5B,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1E,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,2BAA2B,CAChE,IAAI,CAAC,UAAU,CAChB,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,WAAW;QACX,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAkC,EAClC,WAAmB;IAWnB,OAAO,OAAO,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAkC,EAClC,IAIC,EACD,gBAAoC,EACpC,aAAsB;IAStB,8DAA8D;IAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,uEAAuE,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,eAAe,CAC5B,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAkC,EAClC,IAAiD,EACjD,gBAAoC,EACpC,aAAsB;IAEtB,8DAA8D;IAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,wEAAwE,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAClE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,aAA6B;IAE7B,OAAO,KAAK,EAAE,UAAkB,EAAqB,EAAE;QACrD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC1D,OAAO,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;YAC1D,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAcD,MAAM,CAAC,KAAK,UAAU,MAAM,CAC1B,OAAkC;IAElC,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,KAAK,CACzB,OAAkC,EAClC,IAAoB;IAEpB,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAkC,EAClC,IAA6B;IAE7B,OAAO,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAkC,EAClC,IAAmD;IAEnD,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,IAAI,SAAS,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAkC,EAClC,IAAoB;IAEpB,MAAM,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAkC,EAClC,IAA8C;IAE9C,MAAM,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAkC,EAClC,IAA8C;IAE9C,MAAM,OAAO,CAAC,mBAAmB,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAClE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAkC,EAClC,OAAe;IAEf,OAAO,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;AAC1C,CAAC;AAeD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAkC,EAClC,IAIC,EACD,gBAAoC,EACpC,aAAsB;IAEtB,8DAA8D;IAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,uEAAuE,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,oBAAoB,CACjC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAkC,EAClC,IAA6C,EAC7C,gBAAoC,EACpC,aAAsB;IAEtB,8DAA8D;IAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,wEAAwE,CACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AA6BD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAkC,EAClC,IAAmD;IAEnD,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,2BAA2B,CAC/D,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,CACnB,CAAC;IACF,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,4BAA4B,CACjE,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,CACnB,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,eAAe;QACf,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAkC,EAClC,IAAmD,EACnD,WAA+B;IAE/B,OAAO,OAAO,CAAC,mBAAmB,CAChC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,WAAW,CACZ,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAkC,EAClC,IAAwE,EACxE,gBAAoC,EACpC,aAAsB;IAEtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,iFAAiF,CAClF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,wBAAwB,CACrC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,WAAW,EAChB,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAkC,EAClC,IAAwE,EACxE,gBAAoC,EACpC,aAAsB;IAEtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,kFAAkF,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,yBAAyB,CACrC,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,WAAW,CACjB,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,OAAkC,EAClC,IAAoE,EACpE,gBAAoC,EACpC,aAAsB;IAEtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,iFAAiF,CAClF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC,6BAA6B,CAC1C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,EACZ,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAkC,EAClC,IAAoE,EACpE,gBAAoC,EACpC,aAAsB;IAEtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,YAAY,CAAC,yBAAyB,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAC/C,IAAI,CAAC,UAAU,EACf,gBAAgB,CACjB,CAAC;QACF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,kFAAkF,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,CAAC,8BAA8B,CAC1C,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,OAAO,CACb,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/graphql/auth/schema.graphql

@@ -0,0 +1,173 @@
+# Auth Subgraph Schema
+# Contains all document permission and authorization related types
+
+scalar DateTime
+
+# Permission levels for documents
+enum DocumentPermissionLevel {
+  # Can fetch and read the document
+  READ
+  # Can push updates and modify the document
+  WRITE
+  # Can manage document permissions and settings
+  ADMIN
+}
+
+# Document permission entry
+type DocumentPermissionEntry {
+  documentId: String!
+  userAddress: String!
+  permission: DocumentPermissionLevel!
+  grantedBy: String!
+  createdAt: DateTime!
+  updatedAt: DateTime!
+}
+
+# Group type
+type Group {
+  id: Int!
+  name: String!
+  description: String
+  createdAt: DateTime!
+  updatedAt: DateTime!
+  members: [String!]!
+}
+
+# Document group permission entry
+type DocumentGroupPermission {
+  documentId: String!
+  groupId: Int!
+  group: Group!
+  permission: DocumentPermissionLevel!
+  grantedBy: String!
+  createdAt: DateTime!
+  updatedAt: DateTime!
+}
+
+# Operation user permission entry
+type OperationUserPermission {
+  documentId: String!
+  operationType: String!
+  userAddress: String!
+  grantedBy: String!
+  createdAt: DateTime!
+}
+
+# Operation group permission entry
+type OperationGroupPermission {
+  documentId: String!
+  operationType: String!
+  groupId: Int!
+  group: Group!
+  grantedBy: String!
+  createdAt: DateTime!
+}
+
+# Combined document access info
+type DocumentAccessInfo {
+  documentId: String!
+  permissions: [DocumentPermissionEntry!]!
+  groupPermissions: [DocumentGroupPermission!]!
+}
+
+# Operation permissions info
+type OperationPermissionsInfo {
+  documentId: String!
+  operationType: String!
+  userPermissions: [OperationUserPermission!]!
+  groupPermissions: [OperationGroupPermission!]!
+}
+
+type Query {
+  # Get permissions for a document
+  documentAccess(documentId: String!): DocumentAccessInfo!
+
+  # Get all documents the current user has explicit access to
+  userDocumentPermissions: [DocumentPermissionEntry!]!
+
+  # Get all groups
+  groups: [Group!]!
+
+  # Get a specific group by ID
+  group(id: Int!): Group
+
+  # Get all groups a user belongs to
+  userGroups(userAddress: String!): [Group!]!
+
+  # Get operation permissions for a document and operation type
+  operationPermissions(documentId: String!, operationType: String!): OperationPermissionsInfo!
+
+  # Check if the current user can execute a specific operation on a document
+  canExecuteOperation(documentId: String!, operationType: String!): Boolean!
+}
+
+type Mutation {
+  # Grant a user permission on a document (requires ADMIN permission or global admin)
+  grantDocumentPermission(
+    documentId: String!
+    userAddress: String!
+    permission: DocumentPermissionLevel!
+  ): DocumentPermissionEntry!
+
+  # Revoke a user's permission on a document (requires ADMIN permission or global admin)
+  revokeDocumentPermission(
+    documentId: String!
+    userAddress: String!
+  ): Boolean!
+
+  # --- Group Management ---
+
+  # Create a new group
+  createGroup(name: String!, description: String): Group!
+
+  # Delete a group and all its associations
+  deleteGroup(id: Int!): Boolean!
+
+  # Add a user to a group
+  addUserToGroup(userAddress: String!, groupId: Int!): Boolean!
+
+  # Remove a user from a group
+  removeUserFromGroup(userAddress: String!, groupId: Int!): Boolean!
+
+  # --- Group Document Permissions ---
+
+  # Grant a group permission on a document
+  grantGroupPermission(
+    documentId: String!
+    groupId: Int!
+    permission: DocumentPermissionLevel!
+  ): DocumentGroupPermission!
+
+  # Revoke a group's permission on a document
+  revokeGroupPermission(documentId: String!, groupId: Int!): Boolean!
+
+  # --- Operation Permissions ---
+
+  # Grant a user permission to execute an operation on a document
+  grantOperationPermission(
+    documentId: String!
+    operationType: String!
+    userAddress: String!
+  ): OperationUserPermission!
+
+  # Revoke a user's permission to execute an operation
+  revokeOperationPermission(
+    documentId: String!
+    operationType: String!
+    userAddress: String!
+  ): Boolean!
+
+  # Grant a group permission to execute an operation on a document
+  grantGroupOperationPermission(
+    documentId: String!
+    operationType: String!
+    groupId: Int!
+  ): OperationGroupPermission!
+
+  # Revoke a group's permission to execute an operation
+  revokeGroupOperationPermission(
+    documentId: String!
+    operationType: String!
+    groupId: Int!
+  ): Boolean!
+}