@powerhousedao/reactor-api 6.0.0-dev.22 → 6.0.0-dev.221

package/dist/src/services/auth.service.js

@@ -1,199 +0,0 @@
-import { verifyAuthBearerToken } from "@renown/sdk";
-export class AuthService {
-    config;
-    constructor(config) {
-        this.config = config;
-    }
-    /**
-     * Middleware function to authenticate requests
-     */
-    async authenticate(req, res, next) {
-        if (!this.config.enabled ||
-            req.method === "OPTIONS" ||
-            req.method === "GET") {
-            next();
-            return;
-        }
-        // Set auth lists on request
-        req.admins = this.config.admins;
-        req.users = this.config.users;
-        req.guests = this.config.guests;
-        req.auth_enabled = this.config.enabled;
-        req.freeEntry = this.config.freeEntry;
-        const token = req.headers.authorization?.split(" ")[1];
-        if (!token) {
-            res.status(400).json({ error: "Missing authorization token" });
-            return;
-        }
-        try {
-            const verified = (await this.verifyToken(token));
-            if (!verified) {
-                res.status(401).json({ error: "Verification failed" });
-                return;
-            }
-            const user = this.extractUserFromVerification(verified);
-            if (!user) {
-                res.status(401).json({ error: "Missing credentials" });
-                return;
-            }
-            // Verify that the credentials still exist on the Renown API
-            // This can be skipped via config (useful for testing or when Renown API is unavailable)
-            if (!this.config.skipCredentialVerification) {
-                const credentialExists = await this.verifyCredentialExists(user.address, user.chainId, verified.issuer);
-                if (!credentialExists) {
-                    res.status(401).json({ error: "Credentials no longer valid" });
-                    return;
-                }
-            }
-            req.user = user;
-            // Note: We no longer block users here based on global allowed lists.
-            // The resolver layer handles authorization based on:
-            // 1. Global roles (admin/user/guest) for unrestricted access
-            // 2. Document-level permissions (direct or via groups) for specific documents
-            // This allows users who have document-specific permissions (e.g., via groups)
-            // to access those documents even if they're not in the global allowed lists.
-            next();
-        }
-        catch {
-            res.status(401).json({ error: "Authentication failed" });
-        }
-    }
-    async authenticateWebSocketConnection(connectionParams) {
-        if (!this.config.enabled) {
-            return null;
-        }
-        const authHeader = connectionParams.authorization;
-        if (!authHeader) {
-            throw new Error("Missing authorization in connection parameters");
-        }
-        const token = authHeader.split(" ")[1];
-        if (!token) {
-            throw new Error("Invalid authorization format");
-        }
-        const verified = (await this.verifyToken(token));
-        if (!verified) {
-            throw new Error("Token verification failed");
-        }
-        const user = this.extractUserFromVerification(verified);
-        if (!user) {
-            throw new Error("Invalid credentials");
-        }
-        // Verify that the credentials still exist on the Renown API
-        // This can be skipped via config (useful for testing or when Renown API is unavailable)
-        if (!this.config.skipCredentialVerification) {
-            const credentialExists = await this.verifyCredentialExists(user.address, user.chainId, verified.issuer);
-            if (!credentialExists) {
-                throw new Error("Credentials no longer valid");
-            }
-        }
-        // Note: We no longer block based on global allowed lists.
-        // Authorization is handled at the resolver level based on document permissions.
-        return user;
-    }
-    /**
-     * Verify the auth bearer token
-     */
-    async verifyToken(token) {
-        return await verifyAuthBearerToken(token);
-    }
-    /**
-     * Extract user information from verification result
-     */
-    extractUserFromVerification(verified) {
-        if (!verified)
-            return null;
-        try {
-            const { address, chainId, networkId } = verified.verifiableCredential?.credentialSubject || {};
-            if (!address || !chainId || !networkId) {
-                return null;
-            }
-            return {
-                address,
-                chainId,
-                networkId,
-            };
-        }
-        catch {
-            return null;
-        }
-    }
-    /**
-     * Check if user address is in allowed lists
-     */
-    isUserAllowed(address) {
-        const all = [
-            ...this.config.admins,
-            ...this.config.users,
-            ...this.config.guests,
-        ];
-        return all.includes(address.toLocaleLowerCase()) || this.config.freeEntry;
-    }
-    /**
-     * Get additional context fields for GraphQL
-     */
-    getAdditionalContextFields() {
-        if (!this.config.enabled) {
-            return {
-                isGuest: (address) => true,
-                isUser: (address) => true,
-                isAdmin: (address) => true,
-            };
-        }
-        return {
-            isGuest: (address) => this.config.enabled &&
-                (this.config.freeEntry ||
-                    this.config.guests?.includes(address.toLowerCase())),
-            isUser: (address) => this.config.enabled &&
-                this.config.users?.includes(address.toLowerCase()),
-            isAdmin: (address) => this.config.enabled &&
-                this.config.admins?.includes(address.toLowerCase()),
-        };
-    }
-    /**
-     * Get user context for GraphQL
-     */
-    getUserContext(user) {
-        if (!user)
-            return {};
-        return {
-            user: {
-                address: user.address.toLowerCase(),
-                chainId: user.chainId,
-                networkId: user.networkId,
-            },
-        };
-    }
-    /**
-     * Verify that the credential still exists on the Renown API
-     */
-    async verifyCredentialExists(address, chainId, connectId) {
-        const url = `https://www.renown.id/api/auth/credential?address=${address}&chainId=${chainId}&connectId=${connectId}`;
-        console.log("url", url);
-        try {
-            const response = await fetch(url, {
-                method: "GET",
-            });
-            const body = (await response.json());
-            const credential = body.credential;
-            const connectIdVerfied = credential.credentialSubject.id;
-            const addressVerfied = credential.issuer.id.split(":")[4];
-            const chainIdVerfied = credential.issuer.id.split(":")[3];
-            if (response.status !== 200) {
-                return false;
-            }
-            console.log("connectIdVerfied", connectIdVerfied);
-            console.log("connectId", connectId);
-            console.log("addressVerfied", addressVerfied);
-            console.log("address", address);
-            console.log("chainIdVerfied", chainIdVerfied);
-            console.log("chainId", chainId);
-            return (connectIdVerfied === connectId &&
-                addressVerfied.toLocaleLowerCase() === address.toLocaleLowerCase() &&
-                chainIdVerfied === chainId.toString());
-        }
-        catch {
-            return false;
-        }
-    }
-}
-//# sourceMappingURL=auth.service.js.map

package/dist/src/services/auth.service.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../src/services/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAgCpD,MAAM,OAAO,WAAW;IACL,MAAM,CAAa;IAEpC,YAAY,MAAkB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAChB,GAAyB,EACzB,GAAa,EACb,IAAkB;QAElB,IACE,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO;YACpB,GAAG,CAAC,MAAM,KAAK,SAAS;YACxB,GAAG,CAAC,MAAM,KAAK,KAAK,EACpB,CAAC;YACD,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,4BAA4B;QAC5B,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAChC,GAAG,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;QAC9B,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAChC,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;QACvC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;YAC/D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAS9C,CAAC;YAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,4DAA4D;YAC5D,wFAAwF;YACxF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,0BAA0B,EAAE,CAAC;gBAC5C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,QAAQ,CAAC,MAAM,CAChB,CAAC;gBACF,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;oBAC/D,OAAO;gBACT,CAAC;YACH,CAAC;YAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;YAEhB,qEAAqE;YACrE,qDAAqD;YACrD,6DAA6D;YAC7D,8EAA8E;YAC9E,8EAA8E;YAC9E,6EAA6E;YAE7E,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,gBAAyC;QAEzC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,aAAmC,CAAC;QACxE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAS9C,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QACxD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;QAED,4DAA4D;QAC5D,wFAAwF;QACxF,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,0BAA0B,EAAE,CAAC;YAC5C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,OAAO,EACZ,QAAQ,CAAC,MAAM,CAChB,CAAC;YACF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,gFAAgF;QAEhF,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,KAAa;QACrC,OAAO,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,2BAA2B,CAAC,QAQnC;QACC,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,GACnC,QAAQ,CAAC,oBAAoB,EAAE,iBAAiB,IAAI,EAAE,CAAC;YAEzD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBACvC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,OAAO;gBACP,OAAO;gBACP,SAAS;aACV,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,OAAe;QACnC,MAAM,GAAG,GAAG;YACV,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM;YACrB,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK;YACpB,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM;SACtB,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,0BAA0B;QACxB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI;gBAClC,MAAM,EAAE,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI;gBACjC,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAAC,IAAI;aACnC,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAC3B,IAAI,CAAC,MAAM,CAAC,OAAO;gBACnB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS;oBACpB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YACxD,MAAM,EAAE,CAAC,OAAe,EAAE,EAAE,CAC1B,IAAI,CAAC,MAAM,CAAC,OAAO;gBACnB,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACpD,OAAO,EAAE,CAAC,OAAe,EAAE,EAAE,CAC3B,IAAI,CAAC,MAAM,CAAC,OAAO;gBACnB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;SACtD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAW;QACxB,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QAErB,OAAO;YACL,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,SAAS,EAAE,IAAI,CAAC,SAAS;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAClC,OAAe,EACf,OAAe,EACf,SAAiB;QAEjB,MAAM,GAAG,GAAG,qDAAqD,OAAO,YAAY,OAAO,cAAc,SAAS,EAAE,CAAC;QACrH,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAY,CAAC;YAChD,MAAM,UAAU,GACd,IAMD,CAAC,UAAU,CAAC;YAEb,MAAM,gBAAgB,GAAG,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACzD,MAAM,cAAc,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1D,MAAM,cAAc,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAE1D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAEhC,OAAO,CACL,gBAAgB,KAAK,SAAS;gBAC9B,cAAc,CAAC,iBAAiB,EAAE,KAAK,OAAO,CAAC,iBAAiB,EAAE;gBAClE,cAAc,KAAK,OAAO,CAAC,QAAQ,EAAE,CACtC,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/src/services/document-permission.service.d.ts

@@ -1,201 +0,0 @@
-import type { Kysely } from "kysely";
-import type { DocumentPermissionDatabase, DocumentPermissionLevel } from "../utils/db.js";
-export interface DocumentPermissionEntry {
-    documentId: string;
-    userAddress: string;
-    permission: DocumentPermissionLevel;
-    grantedBy: string;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export interface Group {
-    id: number;
-    name: string;
-    description: string | null;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export interface DocumentGroupPermissionEntry {
-    documentId: string;
-    groupId: number;
-    permission: DocumentPermissionLevel;
-    grantedBy: string;
-    createdAt: Date;
-    updatedAt: Date;
-}
-export interface OperationUserPermissionEntry {
-    documentId: string;
-    operationType: string;
-    userAddress: string;
-    grantedBy: string;
-    createdAt: Date;
-}
-export interface OperationGroupPermissionEntry {
-    documentId: string;
-    operationType: string;
-    groupId: number;
-    grantedBy: string;
-    createdAt: Date;
-}
-/**
- * Function type for getting parent document IDs
- * This is injected to avoid circular dependencies with the reactor client
- */
-export type GetParentIdsFn = (documentId: string) => Promise<string[]>;
-/**
- * Service for managing document-level permissions.
- *
- * Permission levels for documents:
- * - READ: Can fetch and read the document
- * - WRITE: Can push updates and modify the document
- * - ADMIN: Can manage document permissions and settings
- *
- * Operation permissions:
- * - Users and groups can be granted permission to execute specific operations
- *
- * Global roles (via environment variables):
- * - AUTH_ENABLED: Enables authorization checks
- * - ADMINS: Comma-separated list of admin addresses (full access)
- * - USERS: Comma-separated list of user addresses (read/write access)
- * - GUESTS: Comma-separated list of guest addresses (read access)
- */
-export declare class DocumentPermissionService {
-    private readonly db;
-    constructor(db: Kysely<DocumentPermissionDatabase>);
-    /**
-     * Get the permission level for a user on a specific document.
-     * Returns null if no permission is set.
-     */
-    getUserPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
-    /**
-     * Get all permissions for a document
-     */
-    getDocumentPermissions(documentId: string): Promise<DocumentPermissionEntry[]>;
-    /**
-     * Get all documents a user has explicit access to
-     */
-    getUserDocuments(userAddress: string): Promise<DocumentPermissionEntry[]>;
-    /**
-     * Grant or update a user's permission on a document.
-     */
-    grantPermission(documentId: string, userAddress: string, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentPermissionEntry>;
-    /**
-     * Revoke a user's permission on a document
-     */
-    revokePermission(documentId: string, userAddress: string): Promise<void>;
-    /**
-     * Delete all permissions for a document (used when deleting a document)
-     */
-    deleteAllDocumentPermissions(documentId: string): Promise<void>;
-    /**
-     * Check if a user can read a document.
-     * Returns true if user has READ, WRITE, or ADMIN permission (direct or via group)
-     */
-    canReadDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
-    /**
-     * Check if a user can write to a document.
-     * Returns true if user has WRITE or ADMIN permission (direct or via group)
-     */
-    canWriteDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
-    /**
-     * Check if a user can manage a document (change permissions, settings).
-     * Returns true if user has ADMIN permission (direct or via group)
-     */
-    canManageDocument(documentId: string, userAddress: string | undefined): Promise<boolean>;
-    /**
-     * Check if a user can read a document, including parent permission inheritance.
-     * Returns true if user has permission on the document OR any parent in the hierarchy.
-     */
-    canRead(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
-    /**
-     * Check if a user can write to a document, including parent permission inheritance.
-     * Returns true if user has write permission on the document OR any parent in the hierarchy.
-     */
-    canWrite(documentId: string, userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<boolean>;
-    /**
-     * Filter a list of document IDs to only include those the user can read.
-     */
-    filterReadableDocuments(documentIds: string[], userAddress: string | undefined, getParentIds: GetParentIdsFn): Promise<string[]>;
-    /**
-     * Create a new group
-     */
-    createGroup(name: string, description?: string): Promise<Group>;
-    /**
-     * Delete a group and all its associations
-     */
-    deleteGroup(groupId: number): Promise<void>;
-    /**
-     * Get a group by ID
-     */
-    getGroup(groupId: number): Promise<Group | null>;
-    /**
-     * List all groups
-     */
-    listGroups(): Promise<Group[]>;
-    /**
-     * Add a user to a group
-     */
-    addUserToGroup(userAddress: string, groupId: number): Promise<void>;
-    /**
-     * Remove a user from a group
-     */
-    removeUserFromGroup(userAddress: string, groupId: number): Promise<void>;
-    /**
-     * Get all groups a user belongs to
-     */
-    getUserGroups(userAddress: string): Promise<Group[]>;
-    /**
-     * Get all members of a group
-     */
-    getGroupMembers(groupId: number): Promise<string[]>;
-    /**
-     * Grant a group permission on a document
-     */
-    grantGroupPermission(documentId: string, groupId: number, permission: DocumentPermissionLevel, grantedBy: string): Promise<DocumentGroupPermissionEntry>;
-    /**
-     * Revoke a group's permission on a document
-     */
-    revokeGroupPermission(documentId: string, groupId: number): Promise<void>;
-    /**
-     * Get all group permissions for a document
-     */
-    getDocumentGroupPermissions(documentId: string): Promise<DocumentGroupPermissionEntry[]>;
-    /**
-     * Get best permission level a user has on a document via groups
-     */
-    getUserGroupPermission(documentId: string, userAddress: string): Promise<DocumentPermissionLevel | null>;
-    /**
-     * Grant a user permission to execute an operation on a document
-     */
-    grantOperationPermission(documentId: string, operationType: string, userAddress: string, grantedBy: string): Promise<OperationUserPermissionEntry>;
-    /**
-     * Revoke a user's permission to execute an operation
-     */
-    revokeOperationPermission(documentId: string, operationType: string, userAddress: string): Promise<void>;
-    /**
-     * Grant a group permission to execute an operation on a document
-     */
-    grantGroupOperationPermission(documentId: string, operationType: string, groupId: number, grantedBy: string): Promise<OperationGroupPermissionEntry>;
-    /**
-     * Revoke a group's permission to execute an operation
-     */
-    revokeGroupOperationPermission(documentId: string, operationType: string, groupId: number): Promise<void>;
-    /**
-     * Get all users with permission to execute an operation
-     */
-    getOperationUserPermissions(documentId: string, operationType: string): Promise<OperationUserPermissionEntry[]>;
-    /**
-     * Get all groups with permission to execute an operation
-     */
-    getOperationGroupPermissions(documentId: string, operationType: string): Promise<OperationGroupPermissionEntry[]>;
-    /**
-     * Check if a user can execute a specific operation on a document.
-     * Returns true if user has direct permission or is in a group with permission.
-     */
-    canExecuteOperation(documentId: string, operationType: string, userAddress: string | undefined): Promise<boolean>;
-    /**
-     * Check if an operation has any permissions set (is restricted)
-     */
-    isOperationRestricted(documentId: string, operationType: string): Promise<boolean>;
-}
-//# sourceMappingURL=document-permission.service.d.ts.map

package/dist/src/services/document-permission.service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"document-permission.service.d.ts","sourceRoot":"","sources":["../../../src/services/document-permission.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,KAAK,EACV,0BAA0B,EAC1B,uBAAuB,EACxB,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,uBAAuB,CAAC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,4BAA4B;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,6BAA6B;IAC5C,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAEvE;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,yBAAyB;IACxB,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,MAAM,CAAC,0BAA0B,CAAC;IAMnE;;;OAGG;IACG,iBAAiB,CACrB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IAW1C;;OAEG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,uBAAuB,EAAE,CAAC;IAiBrC;;OAEG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,EAAE,CAAC;IAiBrC;;OAEG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,uBAAuB,EACnC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,uBAAuB,CAAC;IAwCnC;;OAEG;IACG,gBAAgB,CACpB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,4BAA4B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BrE;;;OAGG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAsBnB;;;OAGG;IACG,gBAAgB,CACpB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAsBnB;;;OAGG;IACG,iBAAiB,CACrB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IA0BnB;;;OAGG;IACG,OAAO,CACX,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,OAAO,CAAC;IAuBnB;;;OAGG;IACG,QAAQ,CACZ,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,OAAO,CAAC;IAuBnB;;OAEG;IACG,uBAAuB,CAC3B,WAAW,EAAE,MAAM,EAAE,EACrB,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,cAAc,GAC3B,OAAO,CAAC,MAAM,EAAE,CAAC;IAiBpB;;OAEG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAsBrE;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjD;;OAEG;IACG,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAUtD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;IAOpC;;OAEG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAezE;;OAEG;IACG,mBAAmB,CACvB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,aAAa,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAe1D;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAczD;;OAEG;IACG,oBAAoB,CACxB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,uBAAuB,EACnC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,4BAA4B,CAAC;IAuCxC;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAQhB;;OAEG;IACG,2BAA2B,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAe1C;;OAEG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC;IA2B1C;;OAEG;IACG,wBAAwB,CAC5B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,4BAA4B,CAAC;IAmCxC;;OAEG;IACG,yBAAyB,CAC7B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC;IAShB;;OAEG;IACG,6BAA6B,CACjC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,6BAA6B,CAAC;IAkCzC;;OAEG;IACG,8BAA8B,CAClC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,IAAI,CAAC;IAShB;;OAEG;IACG,2BAA2B,CAC/B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAe1C;;OAEG;IACG,4BAA4B,CAChC,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,6BAA6B,EAAE,CAAC;IAe3C;;;OAGG;IACG,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAAG,SAAS,GAC9B,OAAO,CAAC,OAAO,CAAC;IAqCnB;;OAEG;IACG,qBAAqB,CACzB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,OAAO,CAAC;CAqBpB"}