@swiss-ai-hub/web 0.303.0 → 0.304.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/components/Role/AccessCapabilities.vue +67 -0
- package/components/Role/AccessCapabilityGroup.vue +130 -0
- package/components/Role/AccessRulesEditor.vue +176 -95
- package/composables/access/useAccessCapabilities.ts +49 -0
- package/composables/access/useAccessPresets.ts +28 -0
- package/i18n/locales/de.yaml +17 -0
- package/i18n/locales/en.yaml +16 -0
- package/i18n/locales/fr.yaml +17 -0
- package/i18n/locales/it.yaml +17 -0
- package/package.json +1 -1
- package/pages/[tenant]/service/roles.vue +1 -0
- package/pages/[tenant]/service/users/[user_id].vue +8 -44
- package/sdk/client/index.ts +15 -0
- package/sdk/client/schemas.gen.ts +197 -3
- package/sdk/client/sdk.gen.ts +72 -0
- package/sdk/client/transformers.gen.ts +24 -0
- package/sdk/client/types.gen.ts +218 -2
package/sdk/client/types.gen.ts
CHANGED
|
@@ -28,6 +28,42 @@ export type Access = {
|
|
|
28
28
|
processes?: Array<UserAccess>;
|
|
29
29
|
};
|
|
30
30
|
|
|
31
|
+
/**
|
|
32
|
+
* AccessCapabilitiesRequest
|
|
33
|
+
*/
|
|
34
|
+
export type AccessCapabilitiesRequest = {
|
|
35
|
+
/**
|
|
36
|
+
* Access Rules
|
|
37
|
+
*
|
|
38
|
+
* Draft access rules to evaluate the capability catalog against.
|
|
39
|
+
*/
|
|
40
|
+
access_rules: Array<string>;
|
|
41
|
+
/**
|
|
42
|
+
* Restrict To Tenant
|
|
43
|
+
*
|
|
44
|
+
* Hide capabilities the acting tenant's ceiling cannot grant (role editor). Set false when editing the tenant ceiling itself (sysadmin).
|
|
45
|
+
*/
|
|
46
|
+
restrict_to_tenant?: boolean;
|
|
47
|
+
/**
|
|
48
|
+
* Is Sys Admin
|
|
49
|
+
*
|
|
50
|
+
* Evaluate the catalog as a platform sysadmin (AIHubSysAdmin), who holds admin on every resource regardless of rules — the user page passes the viewed user's flag. False for rule editing.
|
|
51
|
+
*/
|
|
52
|
+
is_sys_admin?: boolean;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
/**
|
|
56
|
+
* AccessCapabilitiesResponse
|
|
57
|
+
*/
|
|
58
|
+
export type AccessCapabilitiesResponse = {
|
|
59
|
+
/**
|
|
60
|
+
* Groups
|
|
61
|
+
*
|
|
62
|
+
* Top-level groups, one per controller/service.
|
|
63
|
+
*/
|
|
64
|
+
groups: Array<CapabilityGroup>;
|
|
65
|
+
};
|
|
66
|
+
|
|
31
67
|
/**
|
|
32
68
|
* AccessLevel
|
|
33
69
|
*
|
|
@@ -46,6 +82,36 @@ export const AccessLevel = {
|
|
|
46
82
|
*/
|
|
47
83
|
export type AccessLevel = (typeof AccessLevel)[keyof typeof AccessLevel];
|
|
48
84
|
|
|
85
|
+
/**
|
|
86
|
+
* AccessPresetDTO
|
|
87
|
+
*/
|
|
88
|
+
export type AccessPresetDto = {
|
|
89
|
+
/**
|
|
90
|
+
* Rule
|
|
91
|
+
*
|
|
92
|
+
* The access rule string this preset adds.
|
|
93
|
+
*/
|
|
94
|
+
rule: string;
|
|
95
|
+
/**
|
|
96
|
+
* Name
|
|
97
|
+
*
|
|
98
|
+
* Short, human-readable name for the preset.
|
|
99
|
+
*/
|
|
100
|
+
name: string;
|
|
101
|
+
/**
|
|
102
|
+
* Description
|
|
103
|
+
*
|
|
104
|
+
* What this preset grants.
|
|
105
|
+
*/
|
|
106
|
+
description: string;
|
|
107
|
+
/**
|
|
108
|
+
* Category
|
|
109
|
+
*
|
|
110
|
+
* Stable category key for grouping in the UI.
|
|
111
|
+
*/
|
|
112
|
+
category: string;
|
|
113
|
+
};
|
|
114
|
+
|
|
49
115
|
/**
|
|
50
116
|
* ActiveTenantDTO
|
|
51
117
|
*
|
|
@@ -1858,6 +1924,90 @@ export type CachePoint = {
|
|
|
1858
1924
|
cache_control: CacheControl;
|
|
1859
1925
|
};
|
|
1860
1926
|
|
|
1927
|
+
/**
|
|
1928
|
+
* Capability
|
|
1929
|
+
*/
|
|
1930
|
+
export type Capability = {
|
|
1931
|
+
/**
|
|
1932
|
+
* Key
|
|
1933
|
+
*
|
|
1934
|
+
* Stable identifier for this capability.
|
|
1935
|
+
*/
|
|
1936
|
+
key: string;
|
|
1937
|
+
/**
|
|
1938
|
+
* Label
|
|
1939
|
+
*
|
|
1940
|
+
* Short human-readable action label.
|
|
1941
|
+
*/
|
|
1942
|
+
label: string;
|
|
1943
|
+
/**
|
|
1944
|
+
* Description
|
|
1945
|
+
*
|
|
1946
|
+
* What holding this capability lets the user do.
|
|
1947
|
+
*/
|
|
1948
|
+
description: string;
|
|
1949
|
+
/**
|
|
1950
|
+
* Rule
|
|
1951
|
+
*
|
|
1952
|
+
* Exact access rule that grants this capability, or null for read-only capabilities.
|
|
1953
|
+
*/
|
|
1954
|
+
rule: string | null;
|
|
1955
|
+
/**
|
|
1956
|
+
* Granted
|
|
1957
|
+
*
|
|
1958
|
+
* Whether the draft rules grant this capability.
|
|
1959
|
+
*/
|
|
1960
|
+
granted: boolean;
|
|
1961
|
+
/**
|
|
1962
|
+
* Locked
|
|
1963
|
+
*
|
|
1964
|
+
* Granted via a broader rule (e.g. a wildcard preset) and so cannot be toggled off here.
|
|
1965
|
+
*/
|
|
1966
|
+
locked: boolean;
|
|
1967
|
+
/**
|
|
1968
|
+
* Toggleable
|
|
1969
|
+
*
|
|
1970
|
+
* Whether ticking the box can add a rule. False for ?-wildcard guards with no concrete grant.
|
|
1971
|
+
*/
|
|
1972
|
+
toggleable: boolean;
|
|
1973
|
+
};
|
|
1974
|
+
|
|
1975
|
+
/**
|
|
1976
|
+
* CapabilityGroup
|
|
1977
|
+
*/
|
|
1978
|
+
export type CapabilityGroup = {
|
|
1979
|
+
/**
|
|
1980
|
+
* Key
|
|
1981
|
+
*
|
|
1982
|
+
* Stable identifier (a controller/service, a class, an instance, ...).
|
|
1983
|
+
*/
|
|
1984
|
+
key: string;
|
|
1985
|
+
/**
|
|
1986
|
+
* Label
|
|
1987
|
+
*
|
|
1988
|
+
* Display title for the group.
|
|
1989
|
+
*/
|
|
1990
|
+
label: string;
|
|
1991
|
+
/**
|
|
1992
|
+
* Icon
|
|
1993
|
+
*
|
|
1994
|
+
* Iconify icon for the group (service or class), if any.
|
|
1995
|
+
*/
|
|
1996
|
+
icon?: string | null;
|
|
1997
|
+
/**
|
|
1998
|
+
* Capabilities
|
|
1999
|
+
*
|
|
2000
|
+
* Capabilities directly on this group.
|
|
2001
|
+
*/
|
|
2002
|
+
capabilities?: Array<Capability>;
|
|
2003
|
+
/**
|
|
2004
|
+
* Groups
|
|
2005
|
+
*
|
|
2006
|
+
* Nested groups (e.g. classes, then instances).
|
|
2007
|
+
*/
|
|
2008
|
+
groups?: Array<CapabilityGroup>;
|
|
2009
|
+
};
|
|
2010
|
+
|
|
1861
2011
|
/**
|
|
1862
2012
|
* CascadeSelect
|
|
1863
2013
|
*
|
|
@@ -15244,11 +15394,11 @@ export type UserAccess = {
|
|
|
15244
15394
|
/**
|
|
15245
15395
|
* Name
|
|
15246
15396
|
*
|
|
15247
|
-
* Name of the service/agent/process to which
|
|
15397
|
+
* Name of the service/agent/process to which access is evaluated
|
|
15248
15398
|
*/
|
|
15249
15399
|
name: string;
|
|
15250
15400
|
/**
|
|
15251
|
-
*
|
|
15401
|
+
* Access level to the service/agent/process
|
|
15252
15402
|
*/
|
|
15253
15403
|
level: AccessLevel;
|
|
15254
15404
|
};
|
|
@@ -15501,6 +15651,12 @@ export type UserWithAccessDto = {
|
|
|
15501
15651
|
* User access levels
|
|
15502
15652
|
*/
|
|
15503
15653
|
access: Access;
|
|
15654
|
+
/**
|
|
15655
|
+
* Access Rules
|
|
15656
|
+
*
|
|
15657
|
+
* The user's resolved access rules (union of their roles), to drive the capability view.
|
|
15658
|
+
*/
|
|
15659
|
+
access_rules: Array<string>;
|
|
15504
15660
|
};
|
|
15505
15661
|
|
|
15506
15662
|
/**
|
|
@@ -26717,6 +26873,66 @@ export type CreateRoleResponses = {
|
|
|
26717
26873
|
|
|
26718
26874
|
export type CreateRoleResponse = CreateRoleResponses[keyof CreateRoleResponses];
|
|
26719
26875
|
|
|
26876
|
+
export type GetAccessCapabilitiesData = {
|
|
26877
|
+
body: AccessCapabilitiesRequest;
|
|
26878
|
+
path: {
|
|
26879
|
+
/**
|
|
26880
|
+
* Tenant Id
|
|
26881
|
+
*
|
|
26882
|
+
* Tenant identifier: a name, ObjectId, or 'active'
|
|
26883
|
+
*/
|
|
26884
|
+
tenant_id: string;
|
|
26885
|
+
};
|
|
26886
|
+
query?: never;
|
|
26887
|
+
url: "/{tenant_id}/access/capabilities";
|
|
26888
|
+
};
|
|
26889
|
+
|
|
26890
|
+
export type GetAccessCapabilitiesErrors = {
|
|
26891
|
+
/**
|
|
26892
|
+
* Validation Error
|
|
26893
|
+
*/
|
|
26894
|
+
422: HttpValidationError;
|
|
26895
|
+
};
|
|
26896
|
+
|
|
26897
|
+
export type GetAccessCapabilitiesError =
|
|
26898
|
+
GetAccessCapabilitiesErrors[keyof GetAccessCapabilitiesErrors];
|
|
26899
|
+
|
|
26900
|
+
export type GetAccessCapabilitiesResponses = {
|
|
26901
|
+
/**
|
|
26902
|
+
* Successful Response
|
|
26903
|
+
*/
|
|
26904
|
+
200: AccessCapabilitiesResponse;
|
|
26905
|
+
};
|
|
26906
|
+
|
|
26907
|
+
export type GetAccessCapabilitiesResponse =
|
|
26908
|
+
GetAccessCapabilitiesResponses[keyof GetAccessCapabilitiesResponses];
|
|
26909
|
+
|
|
26910
|
+
export type GetAccessPresetsData = {
|
|
26911
|
+
body?: never;
|
|
26912
|
+
path: {
|
|
26913
|
+
/**
|
|
26914
|
+
* Tenant Id
|
|
26915
|
+
*
|
|
26916
|
+
* Tenant identifier: a name, ObjectId, or 'active'
|
|
26917
|
+
*/
|
|
26918
|
+
tenant_id: string;
|
|
26919
|
+
};
|
|
26920
|
+
query?: never;
|
|
26921
|
+
url: "/{tenant_id}/access/presets";
|
|
26922
|
+
};
|
|
26923
|
+
|
|
26924
|
+
export type GetAccessPresetsResponses = {
|
|
26925
|
+
/**
|
|
26926
|
+
* Response Get Access Presets Tenant Id Access Presets Get
|
|
26927
|
+
*
|
|
26928
|
+
* Successful Response
|
|
26929
|
+
*/
|
|
26930
|
+
200: Array<AccessPresetDto>;
|
|
26931
|
+
};
|
|
26932
|
+
|
|
26933
|
+
export type GetAccessPresetsResponse =
|
|
26934
|
+
GetAccessPresetsResponses[keyof GetAccessPresetsResponses];
|
|
26935
|
+
|
|
26720
26936
|
export type GetModelsData = {
|
|
26721
26937
|
body?: never;
|
|
26722
26938
|
path: {
|