@synnaxlabs/client 0.47.0 → 0.49.0

package/src/user/client.ts

@@ -12,7 +12,7 @@ import { array } from "@synnaxlabs/x";
 import { z } from "zod";
 
 import { MultipleFoundError, NotFoundError } from "@/errors";
-import { type ontology } from "@/ontology";
+import { ontology } from "@/ontology";
 import { type Key, keyZ, type New, newZ, type User, userZ } from "@/user/payload";
 
 const retrieveRequestZ = z.object({
@@ -68,11 +68,8 @@ const renameResZ = z.object({});
 const deleteReqZ = z.object({ keys: keyZ.array() });
 const deleteResZ = z.object({});
 
-const RETRIEVE_ENDPOINT = "/user/retrieve";
-const CREATE_ENDPOINT = "/user/create";
-const CHANGE_USERNAME_ENDPOINT = "/user/change-username";
-const RENAME_ENDPOINT = "/user/rename";
-const DELETE_ENDPOINT = "/user/delete";
+export const SET_CHANNEL_NAME = "sy_user_set";
+export const DELETE_CHANNEL_NAME = "sy_user_delete";
 
 export class Client {
   private readonly client: UnaryClient;
@@ -87,7 +84,7 @@ export class Client {
     const isMany = Array.isArray(users);
     const res = await sendRequired<typeof createReqZ, typeof createResZ>(
       this.client,
-      CREATE_ENDPOINT,
+      "/user/create",
       { users: array.toArray(users) },
       createReqZ,
       createResZ,
@@ -98,7 +95,7 @@ export class Client {
   async changeUsername(key: Key, newUsername: string): Promise<void> {
     await sendRequired<typeof changeUsernameReqZ, typeof changeUsernameResZ>(
       this.client,
-      CHANGE_USERNAME_ENDPOINT,
+      "/user/change-username",
       { key, username: newUsername },
       changeUsernameReqZ,
       changeUsernameResZ,
@@ -112,7 +109,7 @@ export class Client {
     const isSingle = "key" in args || "username" in args;
     const res = await sendRequired<typeof retrieveArgsZ, typeof retrieveResZ>(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/user/retrieve",
       args,
       retrieveArgsZ,
       retrieveResZ,
@@ -136,7 +133,7 @@ export class Client {
   async rename(key: Key, firstName?: string, lastName?: string): Promise<void> {
     await sendRequired<typeof renameReqZ, typeof renameResZ>(
       this.client,
-      RENAME_ENDPOINT,
+      "/user/rename",
       { key, firstName, lastName },
       renameReqZ,
       renameResZ,
@@ -148,7 +145,7 @@ export class Client {
   async delete(keys: Key | Key[]): Promise<void> {
     await sendRequired<typeof deleteReqZ, typeof deleteResZ>(
       this.client,
-      DELETE_ENDPOINT,
+      "/user/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       deleteResZ,
@@ -156,4 +153,5 @@ export class Client {
   }
 }
 
-export const ontologyID = (key: Key): ontology.ID => ({ type: "user", key });
+export const ontologyID = ontology.createIDFactory<Key>("user");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/user/external.ts

@@ -7,5 +7,16 @@
 // License, use of this software will be governed by the Apache License, Version 2.0,
 // included in the file licenses/APL.txt.
 
-export * from "@/user/client";
+export {
+  Client,
+  DELETE_CHANNEL_NAME,
+  type KeyRetrieveRequest,
+  ontologyID,
+  type RetrieveArgs,
+  type RetrieveRequest,
+  SET_CHANNEL_NAME,
+  TYPE_ONTOLOGY_ID,
+  type UsernameRetrieveRequest,
+  type UsernamesRetrieveRequest,
+} from "@/user/client";
 export * from "@/user/payload";

package/src/user/payload.ts

@@ -15,17 +15,15 @@ export type Key = z.infer<typeof keyZ>;
 export const userZ = z.object({
   key: keyZ,
   username: z.string().min(1, "Username is required"),
-  // defaults for firstName, lastName, and rootUser are done to give compatibility with
-  // servers running v0.30.x and earlier. These defaults should be removed in a future
-  // release.
   firstName: z.string().default(""),
   lastName: z.string().default(""),
-  rootUser: z.boolean().default(true),
+  rootUser: z.boolean().default(false),
 });
+
 export interface User extends z.infer<typeof userZ> {}
 
 export const newZ = userZ
-  .partial({ key: true, firstName: true, lastName: true })
   .omit({ rootUser: true })
+  .partial({ key: true, firstName: true, lastName: true })
   .extend({ password: z.string().min(1) });
 export interface New extends z.infer<typeof newZ> {}

package/src/workspace/access.spec.ts

@@ -0,0 +1,108 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+
+import { describe, expect, it } from "vitest";
+
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { workspace } from "@/workspace";
+
+const client = createTestClient();
+
+describe("workspace", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(userClient.workspaces.retrieve(randomWorkspace.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+
+    it("should allow the caller to retrieve workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const retrieved = await userClient.workspaces.retrieve(randomWorkspace.key);
+      expect(retrieved.key).toBe(randomWorkspace.key);
+      expect(retrieved.name).toBe(randomWorkspace.name);
+    });
+
+    it("should allow the caller to create workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["create"],
+      });
+      await userClient.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+    });
+
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: [],
+      });
+      await expect(
+        userClient.workspaces.create({
+          name: "test",
+          layout: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+
+    it("should allow the caller to delete workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["delete"],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.delete(randomWorkspace.key);
+      await expect(userClient.workspaces.retrieve(randomWorkspace.key)).rejects.toThrow(
+        NotFoundError,
+      );
+    });
+
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: [],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(userClient.workspaces.delete(randomWorkspace.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+  });
+});

package/src/workspace/client.ts

@@ -11,8 +11,8 @@ import { sendRequired, type UnaryClient } from "@synnaxlabs/freighter";
 import { array, record } from "@synnaxlabs/x";
 import { z } from "zod";
 
-import { type ontology } from "@/ontology";
-import { type Key as UserKey, keyZ as userKeyZ } from "@/user/payload";
+import { ontology } from "@/ontology";
+import { keyZ as userKeyZ } from "@/user/payload";
 import { lineplot } from "@/workspace/lineplot";
 import { log } from "@/workspace/log";
 import {
@@ -28,18 +28,12 @@ import {
 import { schematic } from "@/workspace/schematic";
 import { table } from "@/workspace/table";
 
-const RETRIEVE_ENDPOINT = "/workspace/retrieve";
-const CREATE_ENDPOINT = "/workspace/create";
-const RENAME_ENDPOINT = "/workspace/rename";
-const SET_LAYOUT_ENDPOINT = "/workspace/set-layout";
-const DELETE_ENDPOINT = "/workspace/delete";
-
 const retrieveReqZ = z.object({
   keys: keyZ.array().optional(),
   searchTerm: z.string().optional(),
   author: userKeyZ.optional(),
-  offset: z.number().optional(),
-  limit: z.number().optional(),
+  offset: z.int().optional(),
+  limit: z.int().optional(),
 });
 export interface RetrieveRequest extends z.infer<typeof retrieveReqZ> {}
 const createReqZ = z.object({ workspaces: newZ.array() });
@@ -80,7 +74,7 @@ export class Client {
     const isMany = Array.isArray(workspaces);
     const res = await sendRequired(
       this.client,
-      CREATE_ENDPOINT,
+      "/workspace/create",
       { workspaces: array.toArray(workspaces) },
       createReqZ,
       createResZ,
@@ -91,7 +85,7 @@ export class Client {
   async rename(key: Key, name: string): Promise<void> {
     await sendRequired(
       this.client,
-      RENAME_ENDPOINT,
+      "/workspace/rename",
       { key, name },
       renameReqZ,
       emptyResZ,
@@ -101,7 +95,7 @@ export class Client {
   async setLayout(key: Key, layout: record.Unknown): Promise<void> {
     await sendRequired(
       this.client,
-      SET_LAYOUT_ENDPOINT,
+      "/workspace/set-layout",
       { key, layout },
       setLayoutReqZ,
       emptyResZ,
@@ -119,7 +113,7 @@ export class Client {
     else req = keys;
     const res = await sendRequired(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/workspace/retrieve",
       req,
       retrieveReqZ,
       retrieveResZ,
@@ -127,23 +121,12 @@ export class Client {
     return isMany ? res.workspaces : res.workspaces[0];
   }
 
-  async retrieveByAuthor(author: UserKey): Promise<Workspace[]> {
-    const res = await sendRequired(
-      this.client,
-      RETRIEVE_ENDPOINT,
-      { author },
-      retrieveReqZ,
-      retrieveResZ,
-    );
-    return res.workspaces;
-  }
-
   async delete(key: Key): Promise<void>;
   async delete(keys: Key[]): Promise<void>;
   async delete(keys: Params): Promise<void> {
     await sendRequired(
       this.client,
-      DELETE_ENDPOINT,
+      "/workspace/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       emptyResZ,
@@ -151,4 +134,5 @@ export class Client {
   }
 }
 
-export const ontologyID = (key: Key): ontology.ID => ({ type: "workspace", key });
+export const ontologyID = ontology.createIDFactory<Key>("workspace");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/workspace/lineplot/access.spec.ts

@@ -0,0 +1,134 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+
+import { describe, expect, it } from "vitest";
+
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { lineplot } from "@/workspace/lineplot";
+
+const client = createTestClient();
+
+describe("lineplot", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.retrieve({ key: randomLinePlot.key }),
+      ).rejects.toThrow(AuthError);
+    });
+
+    it("should allow the caller to retrieve lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      const retrieved = await userClient.workspaces.lineplots.retrieve({
+        key: randomLinePlot.key,
+      });
+      expect(retrieved.key).toBe(randomLinePlot.key);
+      expect(retrieved.name).toBe(randomLinePlot.name);
+    });
+
+    it("should allow the caller to create lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["create"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+    });
+
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.create(ws.key, {
+          name: "test",
+          data: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+
+    it("should allow the caller to delete lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["delete", "retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await userClient.workspaces.lineplots.delete(randomLinePlot.key);
+      await expect(
+        userClient.workspaces.lineplots.retrieve({ key: randomLinePlot.key }),
+      ).rejects.toThrow(NotFoundError);
+    });
+
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.delete(randomLinePlot.key),
+      ).rejects.toThrow(AuthError);
+    });
+  });
+});

package/src/workspace/lineplot/client.ts

@@ -11,7 +11,7 @@ import { sendRequired, type UnaryClient } from "@synnaxlabs/freighter";
 import { array, type record } from "@synnaxlabs/x";
 import { z } from "zod";
 
-import { type ontology } from "@/ontology";
+import { ontology } from "@/ontology";
 import { checkForMultipleOrNoResults } from "@/util/retrieve";
 import {
   type Key,
@@ -24,12 +24,6 @@ import {
 } from "@/workspace/lineplot/payload";
 import { type Key as WorkspaceKey, keyZ as workspaceKeyZ } from "@/workspace/payload";
 
-const RETRIEVE_ENDPOINT = "/workspace/lineplot/retrieve";
-const CREATE_ENDPOINT = "/workspace/lineplot/create";
-const RENAME_ENDPOINT = "/workspace/lineplot/rename";
-const SET_DATA_ENDPOINT = "/workspace/lineplot/set-data";
-const DELETE_ENDPOINT = "/workspace/lineplot/delete";
-
 const renameReqZ = z.object({ key: keyZ, name: z.string() });
 
 const setDataReqZ = z.object({ key: keyZ, data: z.string() });
@@ -68,7 +62,7 @@ export class Client {
     const isMany = Array.isArray(linePlots);
     const res = await sendRequired(
       this.client,
-      CREATE_ENDPOINT,
+      "/workspace/lineplot/create",
       { workspace, linePlots: array.toArray(linePlots) },
       createReqZ,
       createResZ,
@@ -79,7 +73,7 @@ export class Client {
   async rename(key: Key, name: string): Promise<void> {
     await sendRequired(
       this.client,
-      RENAME_ENDPOINT,
+      "/workspace/lineplot/rename",
       { key, name },
       renameReqZ,
       emptyResZ,
@@ -89,7 +83,7 @@ export class Client {
   async setData(key: Key, data: record.Unknown): Promise<void> {
     await sendRequired(
       this.client,
-      SET_DATA_ENDPOINT,
+      "/workspace/lineplot/set-data",
       { key, data: JSON.stringify(data) },
       setDataReqZ,
       emptyResZ,
@@ -104,7 +98,7 @@ export class Client {
     const isSingle = singleRetrieveArgsZ.safeParse(args).success;
     const res = await sendRequired(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/workspace/lineplot/retrieve",
       args,
       retrieveArgsZ,
       retrieveResZ,
@@ -116,7 +110,7 @@ export class Client {
   async delete(keys: Params): Promise<void> {
     await sendRequired(
       this.client,
-      DELETE_ENDPOINT,
+      "/workspace/lineplot/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       emptyResZ,
@@ -124,4 +118,5 @@ export class Client {
   }
 }
 
-export const ontologyID = (key: Key): ontology.ID => ({ type: "lineplot", key });
+export const ontologyID = ontology.createIDFactory<Key>("lineplot");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/workspace/log/access.spec.ts

@@ -0,0 +1,134 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+
+import { describe, expect, it } from "vitest";
+
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { log } from "@/workspace/log";
+
+const client = createTestClient();
+
+describe("log", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.logs.retrieve({ key: randomLog.key }),
+      ).rejects.toThrow(AuthError);
+    });
+
+    it("should allow the caller to retrieve logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      const retrieved = await userClient.workspaces.logs.retrieve({
+        key: randomLog.key,
+      });
+      expect(retrieved.key).toBe(randomLog.key);
+      expect(retrieved.name).toBe(randomLog.name);
+    });
+
+    it("should allow the caller to create logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["create"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+    });
+
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(
+        userClient.workspaces.logs.create(ws.key, {
+          name: "test",
+          data: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+
+    it("should allow the caller to delete logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["delete", "retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await userClient.workspaces.logs.delete(randomLog.key);
+      await expect(
+        userClient.workspaces.logs.retrieve({ key: randomLog.key }),
+      ).rejects.toThrow(NotFoundError);
+    });
+
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(userClient.workspaces.logs.delete(randomLog.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+  });
+});