@swiss-ai-hub/web 0.303.1 → 0.304.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "license": "AGPL-3.0-or-later",
4
4
  "author": "bbv Software Services AG (https://www.bbv.ch)",
5
5
  "type": "module",
6
- "version": "0.303.1",
6
+ "version": "0.304.0",
7
7
  "description": "Swiss AI Hub - Admin & Management UI (Nuxt 3 layer)",
8
8
  "main": "./nuxt.config.ts",
9
9
  "repository": {
@@ -34,6 +34,7 @@
34
34
  v-model:visible="createModalOpen"
35
35
  modal
36
36
  :header="t('role.create_new')"
37
+ :style="{ width: '50rem' }"
37
38
  >
38
39
  <RoleCreate
39
40
  @close="createModalOpen = false"
@@ -57,55 +57,19 @@
57
57
  </div>
58
58
  </div>
59
59
  </Panel>
60
- <div class="flex flex-col gap-8">
61
- <div class="flex flex-col gap-3">
62
- <h3 class="text-2xl">
63
- Services
64
- </h3>
65
- <div class="flex flex-wrap gap-2">
66
- <Tag
67
- v-for="service in user.access.services"
68
- :key="service.name"
69
- v-tooltip.top="service.level === 2 ? 'Admin' : 'User'"
70
- :value="service.name"
71
- :icon="service.level === 2 ? 'pi pi-crown' : undefined"
72
- />
73
- </div>
74
- </div>
75
- <div class="flex flex-col gap-3">
76
- <h3 class="text-2xl">
77
- Agents
78
- </h3>
79
- <div class="flex flex-wrap gap-2">
80
- <Tag
81
- v-for="agent in user.access.agents"
82
- :key="agent.name"
83
- v-tooltip.top="agent.level === 2 ? 'Admin' : 'User'"
84
- :value="agent.name"
85
- :icon="agent.level === 2 ? 'pi pi-crown' : undefined"
86
- />
87
- </div>
88
- </div>
89
- <div class="flex flex-col gap-3">
90
- <h3 class="text-2xl">
91
- {{ t('process.title') }}
92
- </h3>
93
- <div class="flex flex-wrap gap-2">
94
- <Tag
95
- v-for="process in user.access.processes"
96
- :key="process.name"
97
- v-tooltip.top="process.level === 2 ? 'Admin' : 'User'"
98
- :value="process.name"
99
- :icon="process.level === 2 ? 'pi pi-crown' : undefined"
100
- />
101
- </div>
102
- </div>
103
- </div>
60
+ <AccessCapabilities
61
+ :rules="user.access_rules"
62
+ :is-sys-admin="user.is_sys_admin"
63
+ :restrict-to-tenant="!user.is_sys_admin"
64
+ readonly
65
+ />
104
66
  </div>
105
67
  </StructuralColumn>
106
68
  </template>
107
69
 
108
70
  <script setup lang="ts">
71
+ import AccessCapabilities from '@/components/Role/AccessCapabilities.vue'
72
+
109
73
  const { user, userIsLoading } = useUser()
110
74
  const { t } = useI18n()
111
75
  </script>
@@ -24,6 +24,8 @@ export {
24
24
  deleteRole,
25
25
  deleteUserMemory,
26
26
  generateImage,
27
+ getAccessCapabilities,
28
+ getAccessPresets,
27
29
  getAgentClass,
28
30
  getAgentClasses,
29
31
  getAgentClassInstances,
@@ -109,7 +111,10 @@ export {
109
111
  } from "./sdk.gen";
110
112
  export {
111
113
  type Access,
114
+ type AccessCapabilitiesRequest,
115
+ type AccessCapabilitiesResponse,
112
116
  AccessLevel,
117
+ type AccessPresetDto,
113
118
  type ActiveTenantDto,
114
119
  type AddAgentRequest,
115
120
  type AddAgentToThreadData,
@@ -191,6 +196,8 @@ export {
191
196
  type BulkUpdateNotificationRequest,
192
197
  type CacheControl,
193
198
  type CachePoint,
199
+ type Capability,
200
+ type CapabilityGroup,
194
201
  type CascadeSelect,
195
202
  type CascadeSelectWritable,
196
203
  type ChainEvent,
@@ -399,6 +406,14 @@ export {
399
406
  type GenerateImageErrors,
400
407
  type GenerateImageResponse,
401
408
  type GenerateImageResponses,
409
+ type GetAccessCapabilitiesData,
410
+ type GetAccessCapabilitiesError,
411
+ type GetAccessCapabilitiesErrors,
412
+ type GetAccessCapabilitiesResponse,
413
+ type GetAccessCapabilitiesResponses,
414
+ type GetAccessPresetsData,
415
+ type GetAccessPresetsResponse,
416
+ type GetAccessPresetsResponses,
402
417
  type GetAgentClassData,
403
418
  type GetAgentClassError,
404
419
  type GetAgentClassErrors,
@@ -34,6 +34,53 @@ export const AccessSchema = {
34
34
  title: "Access",
35
35
  } as const;
36
36
 
37
+ export const AccessCapabilitiesRequestSchema = {
38
+ properties: {
39
+ access_rules: {
40
+ items: {
41
+ type: "string",
42
+ },
43
+ type: "array",
44
+ title: "Access Rules",
45
+ description:
46
+ "Draft access rules to evaluate the capability catalog against.",
47
+ },
48
+ restrict_to_tenant: {
49
+ type: "boolean",
50
+ title: "Restrict To Tenant",
51
+ description:
52
+ "Hide capabilities the acting tenant's ceiling cannot grant (role editor). Set false when editing the tenant ceiling itself (sysadmin).",
53
+ default: true,
54
+ },
55
+ is_sys_admin: {
56
+ type: "boolean",
57
+ title: "Is Sys Admin",
58
+ description:
59
+ "Evaluate the catalog as a platform sysadmin (AIHubSysAdmin), who holds admin on every resource regardless of rules — the user page passes the viewed user's flag. False for rule editing.",
60
+ default: false,
61
+ },
62
+ },
63
+ type: "object",
64
+ required: ["access_rules"],
65
+ title: "AccessCapabilitiesRequest",
66
+ } as const;
67
+
68
+ export const AccessCapabilitiesResponseSchema = {
69
+ properties: {
70
+ groups: {
71
+ items: {
72
+ $ref: "#/components/schemas/CapabilityGroup",
73
+ },
74
+ type: "array",
75
+ title: "Groups",
76
+ description: "Top-level groups, one per controller/service.",
77
+ },
78
+ },
79
+ type: "object",
80
+ required: ["groups"],
81
+ title: "AccessCapabilitiesResponse",
82
+ } as const;
83
+
37
84
  export const AccessLevelSchema = {
38
85
  type: "integer",
39
86
  enum: [0, 1, 2],
@@ -41,6 +88,34 @@ export const AccessLevelSchema = {
41
88
  description: "Defines the possible outcomes of a permission check.",
42
89
  } as const;
43
90
 
91
+ export const AccessPresetDTOSchema = {
92
+ properties: {
93
+ rule: {
94
+ type: "string",
95
+ title: "Rule",
96
+ description: "The access rule string this preset adds.",
97
+ },
98
+ name: {
99
+ type: "string",
100
+ title: "Name",
101
+ description: "Short, human-readable name for the preset.",
102
+ },
103
+ description: {
104
+ type: "string",
105
+ title: "Description",
106
+ description: "What this preset grants.",
107
+ },
108
+ category: {
109
+ type: "string",
110
+ title: "Category",
111
+ description: "Stable category key for grouping in the UI.",
112
+ },
113
+ },
114
+ type: "object",
115
+ required: ["rule", "name", "description", "category"],
116
+ title: "AccessPresetDTO",
117
+ } as const;
118
+
44
119
  export const ActiveTenantDTOSchema = {
45
120
  properties: {
46
121
  id: {
@@ -2437,6 +2512,116 @@ export const CachePointSchema = {
2437
2512
  "Used to set the point to cache up to, if the LLM supports caching.",
2438
2513
  } as const;
2439
2514
 
2515
+ export const CapabilitySchema = {
2516
+ properties: {
2517
+ key: {
2518
+ type: "string",
2519
+ title: "Key",
2520
+ description: "Stable identifier for this capability.",
2521
+ },
2522
+ label: {
2523
+ type: "string",
2524
+ title: "Label",
2525
+ description: "Short human-readable action label.",
2526
+ },
2527
+ description: {
2528
+ type: "string",
2529
+ title: "Description",
2530
+ description: "What holding this capability lets the user do.",
2531
+ },
2532
+ rule: {
2533
+ anyOf: [
2534
+ {
2535
+ type: "string",
2536
+ },
2537
+ {
2538
+ type: "null",
2539
+ },
2540
+ ],
2541
+ title: "Rule",
2542
+ description:
2543
+ "Exact access rule that grants this capability, or null for read-only capabilities.",
2544
+ },
2545
+ granted: {
2546
+ type: "boolean",
2547
+ title: "Granted",
2548
+ description: "Whether the draft rules grant this capability.",
2549
+ },
2550
+ locked: {
2551
+ type: "boolean",
2552
+ title: "Locked",
2553
+ description:
2554
+ "Granted via a broader rule (e.g. a wildcard preset) and so cannot be toggled off here.",
2555
+ },
2556
+ toggleable: {
2557
+ type: "boolean",
2558
+ title: "Toggleable",
2559
+ description:
2560
+ "Whether ticking the box can add a rule. False for ?-wildcard guards with no concrete grant.",
2561
+ },
2562
+ },
2563
+ type: "object",
2564
+ required: [
2565
+ "key",
2566
+ "label",
2567
+ "description",
2568
+ "rule",
2569
+ "granted",
2570
+ "locked",
2571
+ "toggleable",
2572
+ ],
2573
+ title: "Capability",
2574
+ } as const;
2575
+
2576
+ export const CapabilityGroupSchema = {
2577
+ properties: {
2578
+ key: {
2579
+ type: "string",
2580
+ title: "Key",
2581
+ description:
2582
+ "Stable identifier (a controller/service, a class, an instance, ...).",
2583
+ },
2584
+ label: {
2585
+ type: "string",
2586
+ title: "Label",
2587
+ description: "Display title for the group.",
2588
+ },
2589
+ icon: {
2590
+ anyOf: [
2591
+ {
2592
+ type: "string",
2593
+ },
2594
+ {
2595
+ type: "null",
2596
+ },
2597
+ ],
2598
+ title: "Icon",
2599
+ description: "Iconify icon for the group (service or class), if any.",
2600
+ },
2601
+ capabilities: {
2602
+ items: {
2603
+ $ref: "#/components/schemas/Capability",
2604
+ },
2605
+ type: "array",
2606
+ title: "Capabilities",
2607
+ description: "Capabilities directly on this group.",
2608
+ default: [],
2609
+ },
2610
+ groups: {
2611
+ items: {
2612
+ $ref: "#/components/schemas/CapabilityGroup",
2613
+ },
2614
+ type: "array",
2615
+ title: "Groups",
2616
+ description: "Nested groups (e.g. classes, then instances).",
2617
+ default: [],
2618
+ },
2619
+ },
2620
+ type: "object",
2621
+ required: ["key", "label"],
2622
+ title: "CapabilityGroup",
2623
+ } as const;
2624
+
2440
2625
  export const CascadeSelectSchema = {
2441
2626
  properties: {
2442
2627
  is_formkit_element: {
@@ -22585,11 +22770,11 @@ export const UserAccessSchema = {
22585
22770
  type: "string",
22586
22771
  title: "Name",
22587
22772
  description:
22588
- "Name of the service/agent/process to which user has access to",
22773
+ "Name of the service/agent/process to which access is evaluated",
22589
22774
  },
22590
22775
  level: {
22591
22776
  $ref: "#/components/schemas/AccessLevel",
22592
- description: "Users access level to service/agent/process",
22777
+ description: "Access level to the service/agent/process",
22593
22778
  },
22594
22779
  },
22595
22780
  type: "object",
@@ -22897,9 +23082,18 @@ export const UserWithAccessDTOSchema = {
22897
23082
  $ref: "#/components/schemas/Access",
22898
23083
  description: "User access levels",
22899
23084
  },
23085
+ access_rules: {
23086
+ items: {
23087
+ type: "string",
23088
+ },
23089
+ type: "array",
23090
+ title: "Access Rules",
23091
+ description:
23092
+ "The user's resolved access rules (union of their roles), to drive the capability view.",
23093
+ },
22900
23094
  },
22901
23095
  type: "object",
22902
- required: ["id", "name", "email", "access"],
23096
+ required: ["id", "name", "email", "access", "access_rules"],
22903
23097
  title: "UserWithAccessDTO",
22904
23098
  } as const;
22905
23099
 
@@ -11,6 +11,7 @@ import { client } from "./client.gen";
11
11
  import {
12
12
  createDatasetResponseTransformer,
13
13
  createTokenEndpointResponseTransformer,
14
+ getAccessCapabilitiesResponseTransformer,
14
15
  getAgentEventTimeseriesResponseTransformer,
15
16
  getDatasetResponseTransformer,
16
17
  getDatasetsResponseTransformer,
@@ -86,6 +87,11 @@ import type {
86
87
  GenerateImageData,
87
88
  GenerateImageError,
88
89
  GenerateImageResponse,
90
+ GetAccessCapabilitiesData,
91
+ GetAccessCapabilitiesError,
92
+ GetAccessCapabilitiesResponse,
93
+ GetAccessPresetsData,
94
+ GetAccessPresetsResponse,
89
95
  GetAgentClassData,
90
96
  GetAgentClassError,
91
97
  GetAgentClassesData,
@@ -2172,6 +2178,72 @@ export const createRole = <
2172
2178
  },
2173
2179
  });
2174
2180
 
2181
+ /**
2182
+ * Evaluate Access Capabilities
2183
+ *
2184
+ * Returns the catalog of concrete capabilities (per service, agent and process), each with its exact access rule and whether the supplied draft rules grant it.
2185
+ */
2186
+ export const getAccessCapabilities = <
2187
+ TComposable extends Composable = "$fetch",
2188
+ DefaultT extends GetAccessCapabilitiesResponse =
2189
+ GetAccessCapabilitiesResponse,
2190
+ >(
2191
+ options: Options<
2192
+ TComposable,
2193
+ GetAccessCapabilitiesData,
2194
+ GetAccessCapabilitiesResponse,
2195
+ DefaultT
2196
+ >,
2197
+ ) =>
2198
+ (options.client ?? client).post<
2199
+ TComposable,
2200
+ GetAccessCapabilitiesResponse | DefaultT,
2201
+ GetAccessCapabilitiesError,
2202
+ DefaultT
2203
+ >({
2204
+ responseTransformer: getAccessCapabilitiesResponseTransformer,
2205
+ security: [
2206
+ { scheme: "bearer", type: "http" },
2207
+ { scheme: "bearer", type: "http" },
2208
+ ],
2209
+ url: "/{tenant_id}/access/capabilities",
2210
+ ...options,
2211
+ headers: {
2212
+ "Content-Type": "application/json",
2213
+ ...options.headers,
2214
+ },
2215
+ });
2216
+
2217
+ /**
2218
+ * List Access Presets
2219
+ *
2220
+ * Returns a curated, described library of common access rules for one-click authoring.
2221
+ */
2222
+ export const getAccessPresets = <
2223
+ TComposable extends Composable = "$fetch",
2224
+ DefaultT extends GetAccessPresetsResponse = GetAccessPresetsResponse,
2225
+ >(
2226
+ options: Options<
2227
+ TComposable,
2228
+ GetAccessPresetsData,
2229
+ GetAccessPresetsResponse,
2230
+ DefaultT
2231
+ >,
2232
+ ) =>
2233
+ (options.client ?? client).get<
2234
+ TComposable,
2235
+ GetAccessPresetsResponse | DefaultT,
2236
+ unknown,
2237
+ DefaultT
2238
+ >({
2239
+ security: [
2240
+ { scheme: "bearer", type: "http" },
2241
+ { scheme: "bearer", type: "http" },
2242
+ ],
2243
+ url: "/{tenant_id}/access/presets",
2244
+ ...options,
2245
+ });
2246
+
2175
2247
  /**
2176
2248
  * List Models
2177
2249
  *
@@ -3,6 +3,7 @@
3
3
  import type {
4
4
  CreateDatasetResponse,
5
5
  CreateTokenEndpointResponse,
6
+ GetAccessCapabilitiesResponse,
6
7
  GetAgentEventTimeseriesResponse,
7
8
  GetDatasetResponse,
8
9
  GetDatasetsResponse,
@@ -59,6 +60,29 @@ export const createTokenEndpointResponseTransformer = async (
59
60
  return data;
60
61
  };
61
62
 
63
+ const capabilityGroupSchemaResponseTransformer = (data: any) => {
64
+ if (data.groups) {
65
+ data.groups = data.groups.map((item: any) =>
66
+ capabilityGroupSchemaResponseTransformer(item),
67
+ );
68
+ }
69
+ return data;
70
+ };
71
+
72
+ const accessCapabilitiesResponseSchemaResponseTransformer = (data: any) => {
73
+ data.groups = data.groups.map((item: any) =>
74
+ capabilityGroupSchemaResponseTransformer(item),
75
+ );
76
+ return data;
77
+ };
78
+
79
+ export const getAccessCapabilitiesResponseTransformer = async (
80
+ data: any,
81
+ ): Promise<GetAccessCapabilitiesResponse> => {
82
+ data = accessCapabilitiesResponseSchemaResponseTransformer(data);
83
+ return data;
84
+ };
85
+
62
86
  const minimalDatasetSchemaResponseTransformer = (data: any) => {
63
87
  if (data.created_at) {
64
88
  data.created_at = new Date(data.created_at);