npm - @synchronized-console/shared - Versions diffs - 2.25.7 → 2.31.14 - Mend

@synchronized-console/shared 2.25.7 → 2.31.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (675) hide show

package/dist/commonjs/authz/policies/project/savedViews/canCreateSavedViewGroupToken.js ADDED Viewed

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canCreateSavedViewGroupTokenPolicy = void 0;
+const constants_js_1 = require("../../../../core/constants.js");
+const authErrors_js_1 = require("../../../domain/authErrors.js");
+const projects_js_1 = require("../../../fragments/projects.js");
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const result_1 = require("true-myth/result");
+const canCreateSavedViewGroupTokenPolicy = (loaders) => async ({ userId, projectId, savedViewGroupId }) => {
+    const canUseSavedViews = await (0, savedViews_js_1.ensureCanAccessSavedViewGroupFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewGroupId,
+        access: 'write'
+    });
+    if (canUseSavedViews.isErr)
+        return (0, result_1.err)(canUseSavedViews.error);
+    const env = await loaders.getEnv();
+    const project = await loaders.getProject({ projectId });
+    if (!!project?.workspaceId && env.FF_WORKSPACES_MODULE_ENABLED) {
+        // Ensure owner-level access and valid plan
+        const ensuredProjectRole = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({
+            userId,
+            projectId,
+            role: constants_js_1.Roles.Stream.Owner
+        });
+        if (ensuredProjectRole.isErr) {
+            return (0, result_1.err)(ensuredProjectRole.error);
+        }
+        const plan = await loaders.getWorkspacePlan({ workspaceId: project.workspaceId });
+        switch (plan?.name) {
+            case 'academia':
+            case 'enterprise':
+            case 'pro':
+            case 'proUnlimited':
+            case 'proUnlimitedInvoiced':
+            case 'team':
+            case 'teamUnlimited':
+            case 'teamUnlimitedInvoiced':
+            case 'unlimited':
+                return (0, result_1.ok)();
+            case 'free':
+            default:
+                return (0, result_1.err)(new authErrors_js_1.WorkspacePlanNoFeatureAccessError());
+        }
+    }
+    else {
+        // Ensure project owner
+        const isProjectOwner = await (0, projects_js_1.ensureMinimumProjectRoleFragment)(loaders)({
+            userId: userId,
+            projectId,
+            role: constants_js_1.Roles.Stream.Owner
+        });
+        if (isProjectOwner.isErr) {
+            return (0, result_1.err)(isProjectOwner.error);
+        }
+        return (0, result_1.ok)();
+    }
+};
+exports.canCreateSavedViewGroupTokenPolicy = canCreateSavedViewGroupTokenPolicy;
+//# sourceMappingURL=canCreateSavedViewGroupToken.js.map

package/dist/commonjs/authz/policies/project/savedViews/canCreateSavedViewGroupToken.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canCreateSavedViewGroupToken.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canCreateSavedViewGroupToken.ts"],"names":[],"mappings":";;;AAAA,gEAAqD;AACrD,iEAesC;AAQtC,gEAGuC;AACvC,oEAAwF;AACxF,6CAA0C;AAEnC,MAAM,kCAAkC,GA6B7C,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,EAAE;IAChD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qDAAqC,EAAC,OAAO,CAAC,CAAC;QAC5E,MAAM;QACN,SAAS;QACT,gBAAgB;QAChB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;IAEF,IAAI,gBAAgB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,gBAAgB,CAAC,KAAK,CAAC,CAAA;IAE9D,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;IAClC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;IAEvD,IAAI,CAAC,CAAC,OAAO,EAAE,WAAW,IAAI,GAAG,CAAC,4BAA4B,EAAE,CAAC;QAC/D,2CAA2C;QAC3C,MAAM,kBAAkB,GACtB,MAAM,IAAA,gEAAkD,EAAC,OAAO,CAAC,CAAC;YAChE,MAAM;YACN,SAAS;YACT,IAAI,EAAE,oBAAK,CAAC,MAAM,CAAC,KAAK;SACzB,CAAC,CAAA;QACJ,IAAI,kBAAkB,CAAC,KAAK,EAAE,CAAC;YAC7B,OAAO,IAAA,YAAG,EAAC,kBAAkB,CAAC,KAAK,CAAC,CAAA;QACtC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;QAEjF,QAAQ,IAAI,EAAE,IAAI,EAAE,CAAC;YACnB,KAAK,UAAU,CAAC;YAChB,KAAK,YAAY,CAAC;YAClB,KAAK,KAAK,CAAC;YACX,KAAK,cAAc,CAAC;YACpB,KAAK,sBAAsB,CAAC;YAC5B,KAAK,MAAM,CAAC;YACZ,KAAK,eAAe,CAAC;YACrB,KAAK,uBAAuB,CAAC;YAC7B,KAAK,WAAW;gBACd,OAAO,IAAA,WAAE,GAAE,CAAA;YACb,KAAK,MAAM,CAAC;YACZ;gBACE,OAAO,IAAA,YAAG,EAAC,IAAI,iDAAiC,EAAE,CAAC,CAAA;QACvD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,uBAAuB;QACvB,MAAM,cAAc,GAAG,MAAM,IAAA,8CAAgC,EAAC,OAAO,CAAC,CAAC;YACrE,MAAM,EAAE,MAAO;YACf,SAAS;YACT,IAAI,EAAE,oBAAK,CAAC,MAAM,CAAC,KAAK;SACzB,CAAC,CAAA;QACF,IAAI,cAAc,CAAC,KAAK,EAAE,CAAC;YACzB,OAAO,IAAA,YAAG,EAAC,cAAc,CAAC,KAAK,CAAC,CAAA;QAClC,CAAC;QAED,OAAO,IAAA,WAAE,GAAE,CAAA;IACb,CAAC;AACH,CAAC,CAAA;AArFU,QAAA,kCAAkC,sCAqF5C"}

package/dist/commonjs/authz/policies/project/savedViews/canEditDescription.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canEditSavedViewDescriptionPolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError>>;
+//# sourceMappingURL=canEditDescription.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canEditDescription.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canEditDescription.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canEditDescription.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAMxD,eAAO,MAAM,iCAAiC,EAAE,UAAU,CACtD,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,EACpD,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,CAC3C,CAUA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canEditDescription.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canEditSavedViewDescriptionPolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canEditSavedViewDescriptionPolicy = (loaders) => async ({ userId, projectId, savedViewId }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: savedViews_js_1.WriteTypes.EditDescription
+    });
+};
+exports.canEditSavedViewDescriptionPolicy = canEditSavedViewDescriptionPolicy;
+//# sourceMappingURL=canEditDescription.js.map

package/dist/commonjs/authz/policies/project/savedViews/canEditDescription.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canEditDescription.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canEditDescription.ts"],"names":[],"mappings":";;;AAuBA,oEAGyC;AAElC,MAAM,iCAAiC,GA8B5C,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3C,OAAO,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QACrD,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,0BAAU,CAAC,eAAe;KACnC,CAAC,CAAA;AACJ,CAAC,CAAA;AAtCU,QAAA,iCAAiC,qCAsC3C"}

package/dist/commonjs/authz/policies/project/savedViews/canEditTitle.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canEditSavedViewTitlePolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError>>;
+//# sourceMappingURL=canEditTitle.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canEditTitle.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canEditTitle.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canEditTitle.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAMxD,eAAO,MAAM,2BAA2B,EAAE,UAAU,CAChD,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,EACpD,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,CAC3C,CAUA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canEditTitle.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canEditSavedViewTitlePolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canEditSavedViewTitlePolicy = (loaders) => async ({ userId, projectId, savedViewId }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: savedViews_js_1.WriteTypes.EditTitle
+    });
+};
+exports.canEditSavedViewTitlePolicy = canEditSavedViewTitlePolicy;
+//# sourceMappingURL=canEditTitle.js.map

package/dist/commonjs/authz/policies/project/savedViews/canEditTitle.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canEditTitle.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canEditTitle.ts"],"names":[],"mappings":";;;AAuBA,oEAGyC;AAElC,MAAM,2BAA2B,GA8BtC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3C,OAAO,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QACrD,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,0BAAU,CAAC,SAAS;KAC7B,CAAC,CAAA;AACJ,CAAC,CAAA;AAtCU,QAAA,2BAA2B,+BAsCrC"}

package/dist/commonjs/authz/policies/project/savedViews/canMove.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canMoveSavedViewPolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError>>;
+//# sourceMappingURL=canMove.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canMove.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canMove.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canMove.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAMxD,eAAO,MAAM,sBAAsB,EAAE,UAAU,CAC3C,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,EACpD,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,CAC3C,CAUA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canMove.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canMoveSavedViewPolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canMoveSavedViewPolicy = (loaders) => async ({ userId, projectId, savedViewId }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: savedViews_js_1.WriteTypes.MoveView
+    });
+};
+exports.canMoveSavedViewPolicy = canMoveSavedViewPolicy;
+//# sourceMappingURL=canMove.js.map

package/dist/commonjs/authz/policies/project/savedViews/canMove.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canMove.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canMove.ts"],"names":[],"mappings":";;;AAuBA,oEAGyC;AAElC,MAAM,sBAAsB,GA8BjC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3C,OAAO,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QACrD,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,0BAAU,CAAC,QAAQ;KAC5B,CAAC,CAAA;AACJ,CAAC,CAAA;AAtCU,QAAA,sBAAsB,0BAsChC"}

package/dist/commonjs/authz/policies/project/savedViews/canRead.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canReadSavedViewPolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext & {
+    /**
+     * In some cases we want to just ignore a view being non-existant, instead of throwing
+     */
+    allowNonExistent?: boolean;
+}, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError>>;
+//# sourceMappingURL=canRead.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canRead.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canRead.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canRead.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAGxD,eAAO,MAAM,sBAAsB,EAAE,UAAU,CAC3C,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GACd,cAAc,GACd,gBAAgB,GAAG;IACjB;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAA;CAC3B,EACH,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,CAC3C,CAWA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canRead.js ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canReadSavedViewPolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canReadSavedViewPolicy = (loaders) => async ({ userId, projectId, savedViewId, allowNonExistent }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: 'read',
+        allowNonExistent
+    });
+};
+exports.canReadSavedViewPolicy = canReadSavedViewPolicy;
+//# sourceMappingURL=canRead.js.map

package/dist/commonjs/authz/policies/project/savedViews/canRead.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canRead.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canRead.ts"],"names":[],"mappings":";;;AAuBA,oEAAmF;AAE5E,MAAM,sBAAsB,GAqCjC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,gBAAgB,EAAE,EAAE,EAAE;IAC7D,OAAO,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QACrD,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,MAAM;QACd,gBAAgB;KACjB,CAAC,CAAA;AACJ,CAAC,CAAA;AA9CU,QAAA,sBAAsB,0BA8ChC"}

package/dist/commonjs/authz/policies/project/savedViews/canSetAsHomeView.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewInvalidUpdateError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canSetSavedViewAsHomeViewPolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError | typeof SavedViewInvalidUpdateError>>;
+//# sourceMappingURL=canSetAsHomeView.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canSetAsHomeView.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canSetAsHomeView.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canSetAsHomeView.ts"],"names":[],"mappings":"AACA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,2BAA2B,EAC3B,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAQxD,eAAO,MAAM,+BAA+B,EAAE,UAAU,CACpD,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,EACpD,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,GACxC,OAAO,2BAA2B,CACrC,CA8CA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canSetAsHomeView.js ADDED Viewed

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canSetSavedViewAsHomeViewPolicy = void 0;
+const result_1 = require("true-myth/result");
+const authErrors_js_1 = require("../../../domain/authErrors.js");
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const types_js_1 = require("../../../domain/savedViews/types.js");
+const route_js_1 = require("../../../../viewer/helpers/route.js");
+const canSetSavedViewAsHomeViewPolicy = (loaders) => async ({ userId, projectId, savedViewId }) => {
+    const canDoUpdate = await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: savedViews_js_1.WriteTypes.SetHomeView
+    });
+    if (canDoUpdate.isErr) {
+        return (0, result_1.err)(canDoUpdate.error);
+    }
+    const view = await loaders.getSavedView({
+        projectId,
+        savedViewId
+    });
+    if (!view)
+        return (0, result_1.err)(new authErrors_js_1.SavedViewNotFoundError());
+    // Must be a shared view to be set as home view
+    const isAuthorOnly = view.visibility === types_js_1.SavedViewVisibility.authorOnly;
+    if (isAuthorOnly) {
+        return (0, result_1.err)(new authErrors_js_1.SavedViewInvalidUpdateError({
+            message: 'A view must be shared to be set as a home view'
+        }));
+    }
+    // Must not be federated
+    const resourceIds = (0, route_js_1.resourceBuilder)().addResources(view.resourceIds);
+    const firstResource = resourceIds.toResources().at(0);
+    const modelResource = firstResource && (0, route_js_1.isModelResource)(firstResource) ? firstResource : undefined;
+    const isSingleModelView = resourceIds.length === 1 && modelResource;
+    if (!isSingleModelView) {
+        return (0, result_1.err)(new authErrors_js_1.SavedViewInvalidUpdateError({
+            message: 'Only single model views can be set as home views'
+        }));
+    }
+    return (0, result_1.ok)();
+};
+exports.canSetSavedViewAsHomeViewPolicy = canSetSavedViewAsHomeViewPolicy;
+//# sourceMappingURL=canSetAsHomeView.js.map

package/dist/commonjs/authz/policies/project/savedViews/canSetAsHomeView.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canSetAsHomeView.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canSetAsHomeView.ts"],"names":[],"mappings":";;;AAAA,6CAA0C;AAC1C,iEAgBsC;AAQtC,oEAGyC;AACzC,kEAAyE;AACzE,kEAAsF;AAE/E,MAAM,+BAA+B,GA+B1C,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3C,MAAM,WAAW,GAAG,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QAClE,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,0BAAU,CAAC,WAAW;KAC/B,CAAC,CAAA;IACF,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;QACtB,OAAO,IAAA,YAAG,EAAC,WAAW,CAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC;QACtC,SAAS;QACT,WAAW;KACZ,CAAC,CAAA;IACF,IAAI,CAAC,IAAI;QAAE,OAAO,IAAA,YAAG,EAAC,IAAI,sCAAsB,EAAE,CAAC,CAAA;IAEnD,+CAA+C;IAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,KAAK,8BAAmB,CAAC,UAAU,CAAA;IACvE,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,IAAA,YAAG,EACR,IAAI,2CAA2B,CAAC;YAC9B,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CACH,CAAA;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAA,0BAAe,GAAE,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IACpE,MAAM,aAAa,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;IACrD,MAAM,aAAa,GACjB,aAAa,IAAI,IAAA,0BAAe,EAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;IAE7E,MAAM,iBAAiB,GAAG,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,CAAA;IACnE,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,OAAO,IAAA,YAAG,EACR,IAAI,2CAA2B,CAAC;YAC9B,OAAO,EAAE,kDAAkD;SAC5D,CAAC,CACH,CAAA;IACH,CAAC;IAED,OAAO,IAAA,WAAE,GAAE,CAAA;AACb,CAAC,CAAA;AA3EU,QAAA,+BAA+B,mCA2EzC"}

package/dist/commonjs/authz/policies/project/savedViews/canUpdate.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canUpdateSavedViewPolicy: AuthPolicy<typeof Loaders.getSavedView | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getAdminOverrideEnabled | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewContext, InstanceType<typeof SavedViewNotFoundError | typeof SavedViewNoAccessError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError>>;
+//# sourceMappingURL=canUpdate.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canUpdate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canUpdate.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canUpdate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EACjB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAMxD,eAAO,MAAM,wBAAwB,EAAE,UAAU,CAC7C,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,EACpD,YAAY,CACR,OAAO,sBAAsB,GAC7B,OAAO,sBAAsB,GAC7B,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,CAC3C,CAUA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canUpdate.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canUpdateSavedViewPolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canUpdateSavedViewPolicy = (loaders) => async ({ userId, projectId, savedViewId }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewId,
+        access: savedViews_js_1.WriteTypes.UpdateGeneral
+    });
+};
+exports.canUpdateSavedViewPolicy = canUpdateSavedViewPolicy;
+//# sourceMappingURL=canUpdate.js.map

package/dist/commonjs/authz/policies/project/savedViews/canUpdate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canUpdate.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canUpdate.ts"],"names":[],"mappings":";;;AAuBA,oEAGyC;AAElC,MAAM,wBAAwB,GA8BnC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE,EAAE;IAC3C,OAAO,MAAM,IAAA,gDAAgC,EAAC,OAAO,CAAC,CAAC;QACrD,MAAM;QACN,SAAS;QACT,WAAW;QACX,MAAM,EAAE,0BAAU,CAAC,aAAa;KACjC,CAAC,CAAA;AACJ,CAAC,CAAA;AAtCU,QAAA,wBAAwB,4BAsClC"}

package/dist/commonjs/authz/policies/project/savedViews/canUpdateGroup.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { ProjectNoAccessError, ProjectNotEnoughPermissionsError, ProjectNotFoundError, SavedViewGroupNotFoundError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, UngroupedSavedViewGroupLockError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError, WorkspaceReadOnlyError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../../domain/authErrors.js';
+import { MaybeUserContext, ProjectContext, SavedViewGroupContext } from '../../../domain/context.js';
+import { Loaders } from '../../../domain/loaders.js';
+import { AuthPolicy } from '../../../domain/policies.js';
+export declare const canUpdateSavedViewGroupPolicy: AuthPolicy<typeof Loaders.getSavedViewGroup | typeof Loaders.getProject | typeof Loaders.getEnv | typeof Loaders.getServerRole | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspacePlan | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession | typeof Loaders.getProjectRole, MaybeUserContext & ProjectContext & SavedViewGroupContext, InstanceType<typeof SavedViewGroupNotFoundError | typeof ProjectNotFoundError | typeof ServerNoAccessError | typeof ServerNoSessionError | typeof ProjectNoAccessError | typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof ServerNotEnoughPermissionsError | typeof ProjectNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacesNotEnabledError | typeof WorkspaceReadOnlyError | typeof WorkspacePlanNoFeatureAccessError | typeof UngroupedSavedViewGroupLockError>>;
+//# sourceMappingURL=canUpdateGroup.d.ts.map

package/dist/commonjs/authz/policies/project/savedViews/canUpdateGroup.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canUpdateGroup.d.ts","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canUpdateGroup.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,gCAAgC,EAChC,oBAAoB,EACpB,2BAA2B,EAC3B,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,gCAAgC,EAChC,sBAAsB,EACtB,kCAAkC,EAClC,iCAAiC,EACjC,sBAAsB,EACtB,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,+BAA+B,CAAA;AACtC,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACtB,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAGxD,eAAO,MAAM,6BAA6B,EAAE,UAAU,CAClD,OAAO,OAAO,CAAC,iBAAiB,GAChC,OAAO,OAAO,CAAC,UAAU,GACzB,OAAO,OAAO,CAAC,MAAM,GACrB,OAAO,OAAO,CAAC,aAAa,GAC5B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,YAAY,GAC3B,OAAO,OAAO,CAAC,gBAAgB,GAC/B,OAAO,OAAO,CAAC,uBAAuB,GACtC,OAAO,OAAO,CAAC,sBAAsB,GACrC,OAAO,OAAO,CAAC,cAAc,EAC/B,gBAAgB,GAAG,cAAc,GAAG,qBAAqB,EACzD,YAAY,CACR,OAAO,2BAA2B,GAClC,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,GAC3B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,+BAA+B,GACtC,OAAO,gCAAgC,GACvC,OAAO,kCAAkC,GACzC,OAAO,yBAAyB,GAChC,OAAO,sBAAsB,GAC7B,OAAO,iCAAiC,GACxC,OAAO,gCAAgC,CAC1C,CAUA,CAAA"}

package/dist/commonjs/authz/policies/project/savedViews/canUpdateGroup.js ADDED Viewed

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canUpdateSavedViewGroupPolicy = void 0;
+const savedViews_js_1 = require("../../../fragments/savedViews.js");
+const canUpdateSavedViewGroupPolicy = (loaders) => async ({ userId, projectId, savedViewGroupId }) => {
+    return await (0, savedViews_js_1.ensureCanAccessSavedViewGroupFragment)(loaders)({
+        userId,
+        projectId,
+        savedViewGroupId,
+        access: 'write'
+    });
+};
+exports.canUpdateSavedViewGroupPolicy = canUpdateSavedViewGroupPolicy;
+//# sourceMappingURL=canUpdateGroup.js.map

package/dist/commonjs/authz/policies/project/savedViews/canUpdateGroup.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canUpdateGroup.js","sourceRoot":"","sources":["../../../../../../src/authz/policies/project/savedViews/canUpdateGroup.ts"],"names":[],"mappings":";;;AAuBA,oEAAwF;AAEjF,MAAM,6BAA6B,GA6BxC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,EAAE,EAAE;IAChD,OAAO,MAAM,IAAA,qDAAqC,EAAC,OAAO,CAAC,CAAC;QAC1D,MAAM;QACN,SAAS;QACT,gBAAgB;QAChB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;AACJ,CAAC,CAAA;AArCU,QAAA,6BAA6B,iCAqCvC"}

package/dist/commonjs/authz/policies/workspace/canCreateDashboards.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AuthCheckContextLoaderKeys } from '../../domain/loaders.js';
+import { MaybeUserContext, WorkspaceContext } from '../../domain/context.js';
+import { DashboardsNotEnabledError, WorkspaceNoEditorSeatError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError } from '../../domain/authErrors.js';
+import { AuthPolicy } from '../../domain/policies.js';
+type PolicyLoaderKeys = typeof AuthCheckContextLoaderKeys.getEnv | typeof AuthCheckContextLoaderKeys.getServerRole | typeof AuthCheckContextLoaderKeys.getAdminOverrideEnabled | typeof AuthCheckContextLoaderKeys.getWorkspacePlan | typeof AuthCheckContextLoaderKeys.getWorkspaceRole | typeof AuthCheckContextLoaderKeys.getWorkspaceSeat;
+type PolicyArgs = MaybeUserContext & WorkspaceContext;
+type PolicyErrors = InstanceType<typeof DashboardsNotEnabledError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacePlanNoFeatureAccessError | typeof WorkspaceNoEditorSeatError>;
+export declare const canCreateDashboardsPolicy: AuthPolicy<PolicyLoaderKeys, PolicyArgs, PolicyErrors>;
+export {};
+//# sourceMappingURL=canCreateDashboards.d.ts.map

package/dist/commonjs/authz/policies/workspace/canCreateDashboards.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canCreateDashboards.d.ts","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canCreateDashboards.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EACL,yBAAyB,EACzB,0BAA0B,EAC1B,kCAAkC,EAClC,iCAAiC,EAClC,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAUrD,KAAK,gBAAgB,GACjB,OAAO,0BAA0B,CAAC,MAAM,GACxC,OAAO,0BAA0B,CAAC,aAAa,GAC/C,OAAO,0BAA0B,CAAC,uBAAuB,GACzD,OAAO,0BAA0B,CAAC,gBAAgB,GAClD,OAAO,0BAA0B,CAAC,gBAAgB,GAClD,OAAO,0BAA0B,CAAC,gBAAgB,CAAA;AAEtD,KAAK,UAAU,GAAG,gBAAgB,GAAG,gBAAgB,CAAA;AAErD,KAAK,YAAY,GAAG,YAAY,CAC5B,OAAO,yBAAyB,GAChC,OAAO,kCAAkC,GACzC,OAAO,iCAAiC,GACxC,OAAO,0BAA0B,CACpC,CAAA;AAED,eAAO,MAAM,yBAAyB,EAAE,UAAU,CAChD,gBAAgB,EAChB,UAAU,EACV,YAAY,CA+BX,CAAA"}

package/dist/commonjs/authz/policies/workspace/canCreateDashboards.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canCreateDashboardsPolicy = void 0;
+const result_1 = require("true-myth/result");
+const authErrors_js_1 = require("../../domain/authErrors.js");
+const dashboards_js_1 = require("../../fragments/dashboards.js");
+const workspaceRole_js_1 = require("../../checks/workspaceRole.js");
+const constants_js_1 = require("../../../core/constants.js");
+const workspaceSeat_js_1 = require("../../checks/workspaceSeat.js");
+const server_js_1 = require("../../fragments/server.js");
+const canCreateDashboardsPolicy = (loaders) => async ({ userId, workspaceId }) => {
+    const isDashboardsEnabled = await (0, dashboards_js_1.ensureDashboardsEnabledFragment)(loaders)({});
+    if (isDashboardsEnabled.isErr)
+        return (0, result_1.err)(isDashboardsEnabled.error);
+    const ensuredFeatureAccess = await (0, dashboards_js_1.ensureWorkspaceDashboardsFeatureAccessFragment)(loaders)({ workspaceId });
+    if (ensuredFeatureAccess.isErr)
+        return (0, result_1.err)(ensuredFeatureAccess.error);
+    const hasAdminAccess = await (0, server_js_1.checkIfAdminOverrideEnabledFragment)(loaders)({
+        userId
+    });
+    if (hasAdminAccess.isOk && hasAdminAccess.value)
+        return (0, result_1.ok)();
+    const isWorkspaceMember = await (0, workspaceRole_js_1.hasMinimumWorkspaceRole)(loaders)({
+        userId: userId,
+        workspaceId,
+        role: constants_js_1.Roles.Workspace.Member
+    });
+    if (!isWorkspaceMember)
+        return (0, result_1.err)(new authErrors_js_1.WorkspaceNotEnoughPermissionsError());
+    const isWorkspaceEditorSeat = await (0, workspaceSeat_js_1.hasEditorSeat)(loaders)({
+        userId: userId,
+        workspaceId
+    });
+    if (!isWorkspaceEditorSeat)
+        return (0, result_1.err)(new authErrors_js_1.WorkspaceNoEditorSeatError());
+    return (0, result_1.ok)();
+};
+exports.canCreateDashboardsPolicy = canCreateDashboardsPolicy;
+//# sourceMappingURL=canCreateDashboards.js.map

package/dist/commonjs/authz/policies/workspace/canCreateDashboards.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canCreateDashboards.js","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canCreateDashboards.ts"],"names":[],"mappings":";;;AAAA,6CAA0C;AAG1C,8DAKmC;AAEnC,iEAGsC;AACtC,oEAAuE;AACvE,6DAAkD;AAClD,oEAA6D;AAC7D,yDAA+E;AAmBxE,MAAM,yBAAyB,GAKpC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE;IAChC,MAAM,mBAAmB,GAAG,MAAM,IAAA,+CAA+B,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IAC9E,IAAI,mBAAmB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAEpE,MAAM,oBAAoB,GAAG,MAAM,IAAA,8DAA8C,EAC/E,OAAO,CACR,CAAC,EAAE,WAAW,EAAE,CAAC,CAAA;IAClB,IAAI,oBAAoB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;IAEtE,MAAM,cAAc,GAAG,MAAM,IAAA,+CAAmC,EAAC,OAAO,CAAC,CAAC;QACxE,MAAM;KACP,CAAC,CAAA;IACF,IAAI,cAAc,CAAC,IAAI,IAAI,cAAc,CAAC,KAAK;QAAE,OAAO,IAAA,WAAE,GAAE,CAAA;IAE5D,MAAM,iBAAiB,GAAG,MAAM,IAAA,0CAAuB,EAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,EAAE,MAAO;QACf,WAAW;QACX,IAAI,EAAE,oBAAK,CAAC,SAAS,CAAC,MAAM;KAC7B,CAAC,CAAA;IACF,IAAI,CAAC,iBAAiB;QAAE,OAAO,IAAA,YAAG,EAAC,IAAI,kDAAkC,EAAE,CAAC,CAAA;IAE5E,MAAM,qBAAqB,GAAG,MAAM,IAAA,gCAAa,EAAC,OAAO,CAAC,CAAC;QACzD,MAAM,EAAE,MAAO;QACf,WAAW;KACZ,CAAC,CAAA;IACF,IAAI,CAAC,qBAAqB;QAAE,OAAO,IAAA,YAAG,EAAC,IAAI,0CAA0B,EAAE,CAAC,CAAA;IAExE,OAAO,IAAA,WAAE,GAAE,CAAA;AACb,CAAC,CAAA;AAlCU,QAAA,yBAAyB,6BAkCnC"}

package/dist/commonjs/authz/policies/workspace/canCreateWorkspace.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { EligibleForExclusiveWorkspaceError, ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspacesNotEnabledError } from '../../domain/authErrors.js';
+import { MaybeUserContext } from '../../domain/context.js';
+import { AuthCheckContextLoaderKeys } from '../../domain/loaders.js';
+import { AuthPolicy } from '../../domain/policies.js';
+type PolicyArgs = MaybeUserContext;
+type PolicyLoaderKeys = typeof AuthCheckContextLoaderKeys.getEnv | typeof AuthCheckContextLoaderKeys.getUsersCurrentAndEligibleToBecomeAMemberWorkspaces | typeof AuthCheckContextLoaderKeys.getServerRole;
+type PolicyErrors = InstanceType<typeof WorkspacesNotEnabledError | typeof ServerNoSessionError | typeof ServerNoAccessError | typeof ServerNotEnoughPermissionsError | typeof EligibleForExclusiveWorkspaceError>;
+export declare const canCreateWorkspacePolicy: AuthPolicy<PolicyLoaderKeys, PolicyArgs, PolicyErrors>;
+export {};
+//# sourceMappingURL=canCreateWorkspace.d.ts.map

package/dist/commonjs/authz/policies/workspace/canCreateWorkspace.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canCreateWorkspace.d.ts","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canCreateWorkspace.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kCAAkC,EAClC,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,yBAAyB,EAC1B,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAMrD,KAAK,UAAU,GAAG,gBAAgB,CAAA;AAClC,KAAK,gBAAgB,GACjB,OAAO,0BAA0B,CAAC,MAAM,GACxC,OAAO,0BAA0B,CAAC,mDAAmD,GACrF,OAAO,0BAA0B,CAAC,aAAa,CAAA;AAEnD,KAAK,YAAY,GAAG,YAAY,CAC5B,OAAO,yBAAyB,GAChC,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,+BAA+B,GACtC,OAAO,kCAAkC,CAC5C,CAAA;AAED,eAAO,MAAM,wBAAwB,EAAE,UAAU,CAC/C,gBAAgB,EAChB,UAAU,EACV,YAAY,CA2CX,CAAA"}

package/dist/commonjs/authz/policies/workspace/canCreateWorkspace.js ADDED Viewed

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canCreateWorkspacePolicy = void 0;
+const result_1 = require("true-myth/result");
+const authErrors_js_1 = require("../../domain/authErrors.js");
+const workspaces_js_1 = require("../../fragments/workspaces.js");
+const server_js_1 = require("../../fragments/server.js");
+const constants_js_1 = require("../../../core/constants.js");
+const index_js_1 = require("../../../core/index.js");
+const canCreateWorkspacePolicy = (loaders) => async ({ userId }) => {
+    const ensuredWorkspacesEnabled = await (0, workspaces_js_1.ensureWorkspacesEnabledFragment)(loaders)({});
+    if (ensuredWorkspacesEnabled.isErr)
+        return (0, result_1.err)(ensuredWorkspacesEnabled.error);
+    const ensuredServerRole = await (0, server_js_1.ensureMinimumServerRoleFragment)(loaders)({
+        userId,
+        role: constants_js_1.Roles.Server.User
+    });
+    if (ensuredServerRole.isErr)
+        return (0, result_1.err)(ensuredServerRole.error);
+    // userId is not null here, ensured by the serverRoleFragment
+    const workspaces = await loaders.getUsersCurrentAndEligibleToBecomeAMemberWorkspaces({
+        userId: userId
+    });
+    const isUserEligibleForExclusiveWorkspaces = workspaces.some((w) => {
+        if (w.isExclusive) {
+            // if the user has no role in the workspace, means they are eligible
+            // to join it via an invite or discovery
+            if (!w.role)
+                return true;
+            // for exclusive workspaces, if the user has a role, some of them are not affected by this policy
+            // ie.: Workspace admins of exclusive workspaces should be able to create new ones
+            //      also guests should not be bound by this rule
+            switch (w.role) {
+                case constants_js_1.Roles.Workspace.Admin:
+                case constants_js_1.Roles.Workspace.Guest:
+                    return false;
+                case constants_js_1.Roles.Workspace.Member:
+                    return true;
+                default:
+                    (0, index_js_1.throwUncoveredError)(w.role);
+            }
+        }
+        return false;
+    });
+    if (isUserEligibleForExclusiveWorkspaces) {
+        return (0, result_1.err)(new authErrors_js_1.EligibleForExclusiveWorkspaceError());
+    }
+    return (0, result_1.ok)();
+};
+exports.canCreateWorkspacePolicy = canCreateWorkspacePolicy;
+//# sourceMappingURL=canCreateWorkspace.js.map

package/dist/commonjs/authz/policies/workspace/canCreateWorkspace.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canCreateWorkspace.js","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canCreateWorkspace.ts"],"names":[],"mappings":";;;AAAA,6CAA0C;AAC1C,8DAMmC;AAInC,iEAA+E;AAC/E,yDAA2E;AAC3E,6DAAkD;AAClD,qDAA4D;AAgBrD,MAAM,wBAAwB,GAKnC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACnB,MAAM,wBAAwB,GAAG,MAAM,IAAA,+CAA+B,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IACnF,IAAI,wBAAwB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,wBAAwB,CAAC,KAAK,CAAC,CAAA;IAE9E,MAAM,iBAAiB,GAAG,MAAM,IAAA,2CAA+B,EAAC,OAAO,CAAC,CAAC;QACvE,MAAM;QACN,IAAI,EAAE,oBAAK,CAAC,MAAM,CAAC,IAAI;KACxB,CAAC,CAAA;IACF,IAAI,iBAAiB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,iBAAiB,CAAC,KAAK,CAAC,CAAA;IAEhE,6DAA6D;IAC7D,MAAM,UAAU,GACd,MAAM,OAAO,CAAC,mDAAmD,CAAC;QAChE,MAAM,EAAE,MAAO;KAChB,CAAC,CAAA;IACJ,MAAM,oCAAoC,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QACjE,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,oEAAoE;YACpE,wCAAwC;YACxC,IAAI,CAAC,CAAC,CAAC,IAAI;gBAAE,OAAO,IAAI,CAAA;YACxB,iGAAiG;YACjG,kFAAkF;YAClF,oDAAoD;YACpD,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;gBACf,KAAK,oBAAK,CAAC,SAAS,CAAC,KAAK,CAAC;gBAC3B,KAAK,oBAAK,CAAC,SAAS,CAAC,KAAK;oBACxB,OAAO,KAAK,CAAA;gBACd,KAAK,oBAAK,CAAC,SAAS,CAAC,MAAM;oBACzB,OAAO,IAAI,CAAA;gBACb;oBACE,IAAA,8BAAmB,EAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YAC/B,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAA;IACd,CAAC,CAAC,CAAA;IAEF,IAAI,oCAAoC,EAAE,CAAC;QACzC,OAAO,IAAA,YAAG,EAAC,IAAI,kDAAkC,EAAE,CAAC,CAAA;IACtD,CAAC;IACD,OAAO,IAAA,WAAE,GAAE,CAAA;AACb,CAAC,CAAA;AA9CU,QAAA,wBAAwB,4BA8ClC"}

package/dist/commonjs/authz/policies/workspace/canListDashboards.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { AuthCheckContextLoaderKeys } from '../../domain/loaders.js';
+import { MaybeUserContext, WorkspaceContext } from '../../domain/context.js';
+import { DashboardsNotEnabledError, WorkspaceNotEnoughPermissionsError, WorkspacePlanNoFeatureAccessError } from '../../domain/authErrors.js';
+import { AuthPolicy } from '../../domain/policies.js';
+type PolicyLoaderKeys = typeof AuthCheckContextLoaderKeys.getEnv | typeof AuthCheckContextLoaderKeys.getWorkspaceRole | typeof AuthCheckContextLoaderKeys.getWorkspacePlan;
+type PolicyArgs = MaybeUserContext & WorkspaceContext;
+type PolicyErrors = InstanceType<typeof DashboardsNotEnabledError | typeof WorkspaceNotEnoughPermissionsError | typeof WorkspacePlanNoFeatureAccessError>;
+export declare const canListDashboardsPolicy: AuthPolicy<PolicyLoaderKeys, PolicyArgs, PolicyErrors>;
+export {};
+//# sourceMappingURL=canListDashboards.d.ts.map

package/dist/commonjs/authz/policies/workspace/canListDashboards.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canListDashboards.d.ts","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canListDashboards.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,iCAAiC,EAClC,MAAM,4BAA4B,CAAA;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAQrD,KAAK,gBAAgB,GACjB,OAAO,0BAA0B,CAAC,MAAM,GACxC,OAAO,0BAA0B,CAAC,gBAAgB,GAClD,OAAO,0BAA0B,CAAC,gBAAgB,CAAA;AAEtD,KAAK,UAAU,GAAG,gBAAgB,GAAG,gBAAgB,CAAA;AAErD,KAAK,YAAY,GAAG,YAAY,CAC5B,OAAO,yBAAyB,GAChC,OAAO,kCAAkC,GACzC,OAAO,iCAAiC,CAC3C,CAAA;AAED,eAAO,MAAM,uBAAuB,EAAE,UAAU,CAC9C,gBAAgB,EAChB,UAAU,EACV,YAAY,CAoBX,CAAA"}

package/dist/commonjs/authz/policies/workspace/canListDashboards.js ADDED Viewed

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canListDashboardsPolicy = void 0;
+const result_1 = require("true-myth/result");
+const authErrors_js_1 = require("../../domain/authErrors.js");
+const dashboards_js_1 = require("../../fragments/dashboards.js");
+const workspaceRole_js_1 = require("../../checks/workspaceRole.js");
+const constants_js_1 = require("../../../core/constants.js");
+const canListDashboardsPolicy = (loaders) => async ({ userId, workspaceId }) => {
+    const isDashboardsEnabled = await (0, dashboards_js_1.ensureDashboardsEnabledFragment)(loaders)({});
+    if (isDashboardsEnabled.isErr)
+        return (0, result_1.err)(isDashboardsEnabled.error);
+    const ensuredFeatureAccess = await (0, dashboards_js_1.ensureWorkspaceDashboardsFeatureAccessFragment)(loaders)({ workspaceId });
+    if (ensuredFeatureAccess.isErr)
+        return (0, result_1.err)(ensuredFeatureAccess.error);
+    const isWorkspaceMember = await (0, workspaceRole_js_1.hasMinimumWorkspaceRole)(loaders)({
+        userId: userId,
+        workspaceId,
+        role: constants_js_1.Roles.Workspace.Member
+    });
+    if (!isWorkspaceMember)
+        return (0, result_1.err)(new authErrors_js_1.WorkspaceNotEnoughPermissionsError());
+    return (0, result_1.ok)();
+};
+exports.canListDashboardsPolicy = canListDashboardsPolicy;
+//# sourceMappingURL=canListDashboards.js.map

package/dist/commonjs/authz/policies/workspace/canListDashboards.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"canListDashboards.js","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canListDashboards.ts"],"names":[],"mappings":";;;AAAA,6CAA0C;AAG1C,8DAImC;AAEnC,iEAGsC;AACtC,oEAAuE;AACvE,6DAAkD;AAe3C,MAAM,uBAAuB,GAKlC,CAAC,OAAO,EAAE,EAAE,CACZ,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE;IAChC,MAAM,mBAAmB,GAAG,MAAM,IAAA,+CAA+B,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAA;IAC9E,IAAI,mBAAmB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAEpE,MAAM,oBAAoB,GAAG,MAAM,IAAA,8DAA8C,EAC/E,OAAO,CACR,CAAC,EAAE,WAAW,EAAE,CAAC,CAAA;IAClB,IAAI,oBAAoB,CAAC,KAAK;QAAE,OAAO,IAAA,YAAG,EAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;IAEtE,MAAM,iBAAiB,GAAG,MAAM,IAAA,0CAAuB,EAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,EAAE,MAAO;QACf,WAAW;QACX,IAAI,EAAE,oBAAK,CAAC,SAAS,CAAC,MAAM;KAC7B,CAAC,CAAA;IACF,IAAI,CAAC,iBAAiB;QAAE,OAAO,IAAA,YAAG,EAAC,IAAI,kDAAkC,EAAE,CAAC,CAAA;IAE5E,OAAO,IAAA,WAAE,GAAE,CAAA;AACb,CAAC,CAAA;AAvBU,QAAA,uBAAuB,2BAuBjC"}

package/dist/commonjs/authz/policies/workspace/canReadMemberEmail.d.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { AuthPolicy } from '../../domain/policies.js';
 import { ServerNoAccessError, ServerNoSessionError, ServerNotEnoughPermissionsError, WorkspaceNoAccessError, WorkspaceNotEnoughPermissionsError, WorkspacesNotEnabledError, WorkspaceSsoSessionNoAccessError } from '../../domain/authErrors.js';
 type PolicyArgs = MaybeUserContext & WorkspaceContext;
 type PolicyLoaderKeys = typeof AuthCheckContextLoaderKeys.getEnv | typeof AuthCheckContextLoaderKeys.getServerRole | typeof AuthCheckContextLoaderKeys.getWorkspace | typeof AuthCheckContextLoaderKeys.getWorkspaceRole | typeof AuthCheckContextLoaderKeys.getWorkspaceSsoProvider | typeof AuthCheckContextLoaderKeys.getWorkspaceSsoSession | typeof AuthCheckContextLoaderKeys.getWorkspacePlan;
-type PolicyErrors = InstanceType<typeof WorkspaceNoAccessError> | InstanceType<typeof WorkspaceSsoSessionNoAccessError> | InstanceType<typeof WorkspacesNotEnabledError> | InstanceType<typeof ServerNoSessionError> | InstanceType<typeof ServerNoAccessError> | InstanceType<typeof ServerNotEnoughPermissionsError> | InstanceType<typeof WorkspaceNotEnoughPermissionsError>;
+type PolicyErrors = InstanceType<typeof WorkspaceNoAccessError | typeof WorkspaceSsoSessionNoAccessError | typeof WorkspacesNotEnabledError | typeof ServerNoSessionError | typeof ServerNoAccessError | typeof ServerNotEnoughPermissionsError | typeof WorkspaceNotEnoughPermissionsError>;
 export declare const canReadMemberEmailPolicy: AuthPolicy<PolicyLoaderKeys, PolicyArgs, PolicyErrors>;
 export {};
 //# sourceMappingURL=canReadMemberEmail.d.ts.map

package/dist/commonjs/authz/policies/workspace/canReadMemberEmail.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"canReadMemberEmail.d.ts","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canReadMemberEmail.ts"],"names":[],"mappings":"~~AACA~~,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;~~AAKrD~~,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,4BAA4B,CAAA;~~AAInC~~,KAAK,UAAU,GAAG,gBAAgB,GAAG,gBAAgB,CAAA;AAErD,KAAK,gBAAgB,GACjB,OAAO,0BAA0B,CAAC,MAAM,GACxC,OAAO,0BAA0B,CAAC,aAAa,GAC/C,OAAO,0BAA0B,CAAC,YAAY,GAC9C,OAAO,0BAA0B,CAAC,gBAAgB,GAClD,OAAO,0BAA0B,CAAC,uBAAuB,GACzD,OAAO,0BAA0B,CAAC,sBAAsB,GACxD,OAAO,0BAA0B,CAAC,gBAAgB,CAAA;AAEtD,KAAK,YAAY,~~GACb~~,YAAY,~~CAAC~~,OAAO,sBAAsB,~~CAAC~~,~~GAC3C,YAAY,CAAC,~~OAAO,gCAAgC,~~CAAC~~,~~GACrD,YAAY,CAAC,~~OAAO,yBAAyB,~~CAAC~~,~~GAC9C,YAAY,CAAC,~~OAAO,oBAAoB,~~CAAC~~,~~GACzC,YAAY,CAAC,~~OAAO,mBAAmB,~~CAAC~~,~~GACxC,YAAY,CAAC,~~OAAO,+BAA+B,~~CAAC~~,~~GACpD,YAAY,CAAC,~~OAAO,kCAAkC,~~CAAC~~,CAAA;~~AAE3D~~,eAAO,MAAM,wBAAwB,EAAE,UAAU,CAC/C,gBAAgB,EAChB,UAAU,EACV,YAAY,~~CAuBX~~,CAAA"}
1	+ {"version":3,"file":"canReadMemberEmail.d.ts","sourceRoot":"","sources":["../../../../../src/authz/policies/workspace/canReadMemberEmail.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,yBAAyB,CAAA;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAErD,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,+BAA+B,EAC/B,sBAAsB,EACtB,kCAAkC,EAClC,yBAAyB,EACzB,gCAAgC,EACjC,MAAM,4BAA4B,CAAA;AAEnC,KAAK,UAAU,GAAG,gBAAgB,GAAG,gBAAgB,CAAA;AAErD,KAAK,gBAAgB,GACjB,OAAO,0BAA0B,CAAC,MAAM,GACxC,OAAO,0BAA0B,CAAC,aAAa,GAC/C,OAAO,0BAA0B,CAAC,YAAY,GAC9C,OAAO,0BAA0B,CAAC,gBAAgB,GAClD,OAAO,0BAA0B,CAAC,uBAAuB,GACzD,OAAO,0BAA0B,CAAC,sBAAsB,GACxD,OAAO,0BAA0B,CAAC,gBAAgB,CAAA;AAEtD,KAAK,YAAY,GAAG,YAAY,CAC5B,OAAO,sBAAsB,GAC7B,OAAO,gCAAgC,GACvC,OAAO,yBAAyB,GAChC,OAAO,oBAAoB,GAC3B,OAAO,mBAAmB,GAC1B,OAAO,+BAA+B,GACtC,OAAO,kCAAkC,CAC5C,CAAA;AAED,eAAO,MAAM,wBAAwB,EAAE,UAAU,CAC/C,gBAAgB,EAChB,UAAU,EACV,YAAY,CAKX,CAAA"}

package/dist/commonjs/authz/policies/workspace/canReadMemberEmail.js CHANGED Viewed

@@ -1,28 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.canReadMemberEmailPolicy = void 0;
-const result_1 = require("true-myth/result");
 const workspaces_js_1 = require("../../fragments/workspaces.js");
-const server_js_1 = require("../../fragments/server.js");
-const constants_js_1 = require("../../../core/constants.js");
 const canReadMemberEmailPolicy = (loaders) => async ({ userId, workspaceId }) => {
-    const ensuredWorkspacesEnabled = await (0, workspaces_js_1.ensureWorkspacesEnabledFragment)(loaders)({});
-    if (ensuredWorkspacesEnabled.isErr)
-        return (0, result_1.err)(ensuredWorkspacesEnabled.error);
-    const ensuredServerRole = await (0, server_js_1.ensureMinimumServerRoleFragment)(loaders)({
-        userId,
-        role: constants_js_1.Roles.Server.User
-    });
-    if (ensuredServerRole.isErr)
-        return (0, result_1.err)(ensuredServerRole.error);
-    const ensuredWorkspaceAccess = await (0, workspaces_js_1.ensureWorkspaceRoleAndSessionFragment)(loaders)({
-        userId: userId,
-        workspaceId,
-        role: constants_js_1.Roles.Workspace.Admin
-    });
-    if (ensuredWorkspaceAccess.isErr)
-        return (0, result_1.err)(ensuredWorkspaceAccess.error);
-    return (0, result_1.ok)();
+    return (0, workspaces_js_1.ensureUserIsWorkspaceAdminFragment)(loaders)({ userId, workspaceId });
 };
 exports.canReadMemberEmailPolicy = canReadMemberEmailPolicy;
 //# sourceMappingURL=canReadMemberEmail.js.map