@powerhousedao/reactor-api 5.1.0-staging.0 → 5.2.0-staging.1

package/dist/src/services/document-permission.service.d.ts

@@ -0,0 +1,201 @@
+import type { Kysely } from "kysely";
+import type { DocumentPermissionDatabase, DocumentPermissionLevel } from "../utils/db.js";
+export interface DocumentPermissionEntry {
+    documentId: string;
+    userAddress: string;
+    permission: DocumentPermissionLevel;
+    grantedBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface Group {
+    id: number;
+    name: string;
+    description: string | null;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface DocumentGroupPermissionEntry {
+    documentId: string;
+    groupId: number;
+    permission: DocumentPermissionLevel;
+    grantedBy: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface OperationUserPermissionEntry {
+    documentId: string;
+    operationType: string;
+    userAddress: string;
+    grantedBy: string;
+    createdAt: Date;
+}
+export interface OperationGroupPermissionEntry {
+    documentId: string;
+    operationType: string;
+    groupId: number;
+    grantedBy: string;
+    createdAt: Date;
+}
+/**
+ * Function type for getting parent document IDs
+ * This is injected to avoid circular dependencies with the reactor client
+ */
+export type GetParentIdsFn = (documentId: string) => Promise<string[]>;
+/**
+ * Service for managing document-level permissions.
+ *
+ * Permission levels for documents:
+ * - READ: Can fetch and read the document
+ * - WRITE: Can push updates and modify the document
+ * - ADMIN: Can manage document permissions and settings
+ *
+ * Operation permissions:
+ * - Users and groups can be granted permission to execute specific operations
+ *
+ * Global roles (via environment variables):
+ * - AUTH_ENABLED: Enables authorization checks
+ * - ADMINS: Comma-separated list of admin addresses (full access)
+ * - USERS: Comma-separated list of user addresses (read/write access)
+ * - GUESTS: Comma-separated list of guest addresses (read access)
+ */
+export declare class DocumentPermissionService {
+    private readonly db;
+    constructor(db: Kysely<DocumentPermissionDatabase>);
+    /**
+     * Get the permission level for a user on a specific document.
+     * Returns null if no permission is set.
+     */
+    getUserPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
+    /**
+     * Get all permissions for a document
+     */
+    getDocumentPermissions(documentId: string): Promise<DocumentPermissionEntry[]>;
+    /**
+     * Get all documents a user has explicit access to
+     */
+    getUserDocuments(userAddress: string): Promise<DocumentPermissionEntry[]>;
+    /**
+     * Grant or update a user's permission on a document.
+     */
+    grantPermission(documentId: string, userAddress: string, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentPermissionEntry>;
+    /**
+     * Revoke a user's permission on a document
+     */
+    revokePermission(documentId: string, userAddress: string): Promise<void>;
+    /**
+     * Delete all permissions for a document (used when deleting a document)
+     */
+    deleteAllDocumentPermissions(documentId: string): Promise<void>;
+    /**
+     * Check if a user can read a document.
+     * Returns true if user has READ, WRITE, or ADMIN permission (direct or via group)
+     */
+    canReadDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
+    /**
+     * Check if a user can write to a document.
+     * Returns true if user has WRITE or ADMIN permission (direct or via group)
+     */
+    canWriteDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
+    /**
+     * Check if a user can manage a document (change permissions, settings).
+     * Returns true if user has ADMIN permission (direct or via group)
+     */
+    canManageDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
+    /**
+     * Check if a user can read a document, including parent permission inheritance.
+     * Returns true if user has permission on the document OR any parent in the hierarchy.
+     */
+    canRead(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
+    /**
+     * Check if a user can write to a document, including parent permission inheritance.
+     * Returns true if user has write permission on the document OR any parent in the hierarchy.
+     */
+    canWrite(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
+    /**
+     * Filter a list of document IDs to only include those the user can read.
+     */
+    filterReadableDocuments(documentIds: string[], userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<string[]>;
+    /**
+     * Create a new group
+     */
+    createGroup(name: string, description?: string): Promise<Group>;
+    /**
+     * Delete a group and all its associations
+     */
+    deleteGroup(groupId: number): Promise<void>;
+    /**
+     * Get a group by ID
+     */
+    getGroup(groupId: number): Promise<Group | null>;
+    /**
+     * List all groups
+     */
+    listGroups(): Promise<Group[]>;
+    /**
+     * Add a user to a group
+     */
+    addUserToGroup(userAddress: string, groupId: number): Promise<void>;
+    /**
+     * Remove a user from a group
+     */
+    removeUserFromGroup(userAddress: string, groupId: number): Promise<void>;
+    /**
+     * Get all groups a user belongs to
+     */
+    getUserGroups(userAddress: string): Promise<Group[]>;
+    /**
+     * Get all members of a group
+     */
+    getGroupMembers(groupId: number): Promise<string[]>;
+    /**
+     * Grant a group permission on a document
+     */
+    grantGroupPermission(documentId: string, groupId: number, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentGroupPermissionEntry>;
+    /**
+     * Revoke a group's permission on a document
+     */
+    revokeGroupPermission(documentId: string, groupId: number): Promise<void>;
+    /**
+     * Get all group permissions for a document
+     */
+    getDocumentGroupPermissions(documentId: string): Promise<DocumentGroupPermissionEntry[]>;
+    /**
+     * Get best permission level a user has on a document via groups
+     */
+    getUserGroupPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
+    /**
+     * Grant a user permission to execute an operation on a document
+     */
+    grantOperationPermission(documentId: string, operationType: string, userAddress: string, grantedBy: string): Promise<OperationUserPermissionEntry>;
+    /**
+     * Revoke a user's permission to execute an operation
+     */
+    revokeOperationPermission(documentId: string, operationType: string, userAddress: string): Promise<void>;
+    /**
+     * Grant a group permission to execute an operation on a document
+     */
+    grantGroupOperationPermission(documentId: string, operationType: string, groupId: number, grantedBy: string): Promise<OperationGroupPermissionEntry>;
+    /**
+     * Revoke a group's permission to execute an operation
+     */
+    revokeGroupOperationPermission(documentId: string, operationType: string, groupId: number): Promise<void>;
+    /**
+     * Get all users with permission to execute an operation
+     */
+    getOperationUserPermissions(documentId: string, operationType: string): Promise<OperationUserPermissionEntry[]>;
+    /**
+     * Get all groups with permission to execute an operation
+     */
+    getOperationGroupPermissions(documentId: string, operationType: string): Promise<OperationGroupPermissionEntry[]>;
+    /**
+     * Check if a user can execute a specific operation on a document.
+     * Returns true if user has direct permission or is in a group with permission.
+     */
+    canExecuteOperation(documentId: string, operationType: string, userAddress: string | undefined): Promise<boolean>;
+    /**
+     * Check if an operation has any permissions set (is restricted)
+     */
+    isOperationRestricted(documentId: string, operationType: string): Promise<boolean>;
+}
+//# sourceMappingURL=document-permission.service.d.ts.map

package/dist/src/services/document-permission.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"document-permission.service.d.ts","sourceRoot":"","sources":["../../../src/services/document-permission.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,KAAK,EACV,0BAA0B,EAC1B,uBAAuB,EACxB,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,6BAA6B;IAC5C,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAEvE;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,yBAAyB;IACxB,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,MAAM,CAAC,0BAA0B,CAAC;IAMnE;;;OAGG;IACG,iBAAiB,CACrB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IAW1C;;OAEG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,uBAAuB,EAAE,CAAC;IAiBrC;;OAEG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,EAAE,CAAC;IAiBrC;;OAEG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,uBAAuB,EACnC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,uBAAuB,CAAC;IAwCnC;;OAEG;IACG,gBAAgB,CACpB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,4BAA4B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BrE;;;OAGG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAsBnB;;;OAGG;IACG,gBAAgB,CACpB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAsBnB;;;OAGG;IACG,iBAAiB,CACrB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IA0BnB;;;OAGG;IACG,OAAO,CACX,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,OAAO,CAAC;IAuBnB;;;OAGG;IACG,QAAQ,CACZ,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,OAAO,CAAC;IAuBnB;;OAEG;IACG,uBAAuB,CAC3B,WAAW,EAAE,MAAM,EAAE,EACrB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,MAAM,EAAE,CAAC;IAiBpB;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAsBrE;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjD;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAUtD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;IAOpC;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAezE;;OAEG;IACG,mBAAmB,CACvB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAe1D;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAczD;;OAEG;IACG,oBAAoB,CACxB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,uBAAuB,EACnC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,4BAA4B,CAAC;IAuCxC;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,2BAA2B,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAe1C;;OAEG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IA2B1C;;OAEG;IACG,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,4BAA4B,CAAC;IAmCxC;;OAEG;IACG,yBAAyB,CAC7B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAShB;;OAEG;IACG,6BAA6B,CACjC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,6BAA6B,CAAC;IAkCzC;;OAEG;IACG,8BAA8B,CAClC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAShB;;OAEG;IACG,2BAA2B,CAC/B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAe1C;;OAEG;IACG,4BAA4B,CAChC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,6BAA6B,EAAE,CAAC;IAe3C;;;OAGG;IACG,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAqCnB;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,OAAO,CAAC;CAqBpB"}