npm - @synnaxlabs/client - Versions diffs - 0.48.0 → 0.49.2 - Mend

@synnaxlabs/client 0.48.0 → 0.49.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (300) hide show

package/.turbo/turbo-build.log +6 -6
package/dist/client.cjs +33 -31
package/dist/client.js +6522 -6167
package/dist/src/access/client.d.ts +3 -1
package/dist/src/access/client.d.ts.map +1 -1
package/dist/src/access/enforce.d.ts +35 -0
package/dist/src/access/enforce.d.ts.map +1 -0
package/dist/src/access/enforce.spec.d.ts +2 -0
package/dist/src/access/enforce.spec.d.ts.map +1 -0
package/dist/src/access/external.d.ts +3 -0
package/dist/src/access/external.d.ts.map +1 -1
package/dist/src/access/payload.d.ts +0 -6
package/dist/src/access/payload.d.ts.map +1 -1
package/dist/src/access/policy/access.spec.d.ts +2 -0
package/dist/src/access/policy/access.spec.d.ts.map +1 -0
package/dist/src/access/policy/client.d.ts +485 -31
package/dist/src/access/policy/client.d.ts.map +1 -1
package/dist/src/access/policy/payload.d.ts +36 -113
package/dist/src/access/policy/payload.d.ts.map +1 -1
package/dist/src/access/role/client.d.ts +135 -0
package/dist/src/access/role/client.d.ts.map +1 -0
package/dist/src/access/role/external.d.ts.map +1 -0
package/dist/src/access/role/index.d.ts +2 -0
package/dist/src/access/role/index.d.ts.map +1 -0
package/dist/src/access/role/payload.d.ts +27 -0
package/dist/src/access/role/payload.d.ts.map +1 -0
package/dist/src/access/role/role.spec.d.ts +2 -0
package/dist/src/access/role/role.spec.d.ts.map +1 -0
package/dist/src/arc/access.spec.d.ts +2 -0
package/dist/src/arc/access.spec.d.ts.map +1 -0
package/dist/src/arc/client.d.ts +5 -14
package/dist/src/arc/client.d.ts.map +1 -1
package/dist/src/arc/payload.d.ts +11 -2
package/dist/src/arc/payload.d.ts.map +1 -1
package/dist/src/auth/auth.d.ts +5 -3
package/dist/src/auth/auth.d.ts.map +1 -1
package/dist/src/channel/access.spec.d.ts +2 -0
package/dist/src/channel/access.spec.d.ts.map +1 -0
package/dist/src/channel/client.d.ts +0 -1
package/dist/src/channel/client.d.ts.map +1 -1
package/dist/src/channel/payload.d.ts +18 -8
package/dist/src/channel/payload.d.ts.map +1 -1
package/dist/src/channel/payload.spec.d.ts +2 -0
package/dist/src/channel/payload.spec.d.ts.map +1 -0
package/dist/src/channel/retriever.d.ts +4 -6
package/dist/src/channel/retriever.d.ts.map +1 -1
package/dist/src/channel/writer.d.ts.map +1 -1
package/dist/src/client.d.ts +9 -5
package/dist/src/client.d.ts.map +1 -1
package/dist/src/device/access.spec.d.ts +2 -0
package/dist/src/device/access.spec.d.ts.map +1 -0
package/dist/src/{hardware/device → device}/client.d.ts +14 -7
package/dist/src/device/client.d.ts.map +1 -0
package/dist/src/device/device.spec.d.ts.map +1 -0
package/dist/src/device/external.d.ts.map +1 -0
package/dist/src/device/index.d.ts.map +1 -0
package/dist/src/{hardware/device → device}/payload.d.ts +1 -1
package/dist/src/device/payload.d.ts.map +1 -0
package/dist/src/errors.d.ts +3 -0
package/dist/src/errors.d.ts.map +1 -1
package/dist/src/framer/client.d.ts +11 -1
package/dist/src/framer/client.d.ts.map +1 -1
package/dist/src/framer/frame.d.ts +10 -5
package/dist/src/framer/frame.d.ts.map +1 -1
package/dist/src/framer/iterator.d.ts +3 -3
package/dist/src/framer/reader.d.ts +16 -0
package/dist/src/framer/reader.d.ts.map +1 -0
package/dist/src/framer/reader.spec.d.ts +2 -0
package/dist/src/framer/reader.spec.d.ts.map +1 -0
package/dist/src/framer/streamer.d.ts +24 -21
package/dist/src/framer/streamer.d.ts.map +1 -1
package/dist/src/framer/writer.d.ts +13 -13
package/dist/src/index.d.ts +4 -5
package/dist/src/index.d.ts.map +1 -1
package/dist/src/label/access.spec.d.ts +2 -0
package/dist/src/label/access.spec.d.ts.map +1 -0
package/dist/src/label/client.d.ts +20 -11
package/dist/src/label/client.d.ts.map +1 -1
package/dist/src/ontology/client.d.ts +6 -6
package/dist/src/ontology/client.d.ts.map +1 -1
package/dist/src/ontology/group/access.spec.d.ts +2 -0
package/dist/src/ontology/group/access.spec.d.ts.map +1 -0
package/dist/src/ontology/group/client.d.ts +2 -2
package/dist/src/ontology/group/client.d.ts.map +1 -1
package/dist/src/ontology/group/payload.d.ts +1 -2
package/dist/src/ontology/group/payload.d.ts.map +1 -1
package/dist/src/ontology/payload.d.ts +23 -17
package/dist/src/ontology/payload.d.ts.map +1 -1
package/dist/src/ontology/writer.d.ts +10 -10
package/dist/src/ontology/writer.d.ts.map +1 -1
package/dist/src/rack/access.spec.d.ts +2 -0
package/dist/src/rack/access.spec.d.ts.map +1 -0
package/dist/src/{hardware/rack → rack}/client.d.ts +15 -8
package/dist/src/rack/client.d.ts.map +1 -0
package/dist/src/rack/external.d.ts.map +1 -0
package/dist/src/rack/index.d.ts.map +1 -0
package/dist/src/{hardware/rack → rack}/payload.d.ts +1 -1
package/dist/src/rack/payload.d.ts.map +1 -0
package/dist/src/rack/rack.spec.d.ts.map +1 -0
package/dist/src/ranger/access.spec.d.ts +2 -0
package/dist/src/ranger/access.spec.d.ts.map +1 -0
package/dist/src/ranger/alias.d.ts +1 -8
package/dist/src/ranger/alias.d.ts.map +1 -1
package/dist/src/ranger/client.d.ts +12 -5
package/dist/src/ranger/client.d.ts.map +1 -1
package/dist/src/ranger/kv.d.ts +0 -3
package/dist/src/ranger/kv.d.ts.map +1 -1
package/dist/src/ranger/writer.d.ts +2 -2
package/dist/src/ranger/writer.d.ts.map +1 -1
package/dist/src/status/access.spec.d.ts +2 -0
package/dist/src/status/access.spec.d.ts.map +1 -0
package/dist/src/status/client.d.ts +4 -4
package/dist/src/status/client.d.ts.map +1 -1
package/dist/src/status/payload.d.ts +9 -2
package/dist/src/status/payload.d.ts.map +1 -1
package/dist/src/task/access.spec.d.ts +2 -0
package/dist/src/task/access.spec.d.ts.map +1 -0
package/dist/src/{hardware/task → task}/client.d.ts +26 -15
package/dist/src/task/client.d.ts.map +1 -0
package/dist/src/task/external.d.ts +3 -0
package/dist/src/task/external.d.ts.map +1 -0
package/dist/src/task/index.d.ts.map +1 -0
package/dist/src/{hardware/task → task}/payload.d.ts +45 -6
package/dist/src/task/payload.d.ts.map +1 -0
package/dist/src/task/task.spec.d.ts.map +1 -0
package/dist/src/testutil/access.d.ts +4 -0
package/dist/src/testutil/access.d.ts.map +1 -0
package/dist/src/transport.d.ts.map +1 -1
package/dist/src/user/access.spec.d.ts +2 -0
package/dist/src/user/access.spec.d.ts.map +1 -0
package/dist/src/user/client.d.ts +10 -1
package/dist/src/user/client.d.ts.map +1 -1
package/dist/src/user/external.d.ts +1 -1
package/dist/src/user/external.d.ts.map +1 -1
package/dist/src/user/payload.d.ts.map +1 -1
package/dist/src/workspace/access.spec.d.ts +2 -0
package/dist/src/workspace/access.spec.d.ts.map +1 -0
package/dist/src/workspace/client.d.ts +10 -5
package/dist/src/workspace/client.d.ts.map +1 -1
package/dist/src/workspace/lineplot/access.spec.d.ts +2 -0
package/dist/src/workspace/lineplot/access.spec.d.ts.map +1 -0
package/dist/src/workspace/lineplot/client.d.ts +8 -1
package/dist/src/workspace/lineplot/client.d.ts.map +1 -1
package/dist/src/workspace/log/access.spec.d.ts +2 -0
package/dist/src/workspace/log/access.spec.d.ts.map +1 -0
package/dist/src/workspace/log/client.d.ts +8 -1
package/dist/src/workspace/log/client.d.ts.map +1 -1
package/dist/src/workspace/schematic/access.spec.d.ts +2 -0
package/dist/src/workspace/schematic/access.spec.d.ts.map +1 -0
package/dist/src/workspace/schematic/client.d.ts +8 -1
package/dist/src/workspace/schematic/client.d.ts.map +1 -1
package/dist/src/workspace/schematic/symbol/access.spec.d.ts +2 -0
package/dist/src/workspace/schematic/symbol/access.spec.d.ts.map +1 -0
package/dist/src/workspace/schematic/symbol/client.d.ts +1 -5
package/dist/src/workspace/schematic/symbol/client.d.ts.map +1 -1
package/dist/src/workspace/schematic/symbol/payload.d.ts +2 -2
package/dist/src/workspace/table/access.spec.d.ts +2 -0
package/dist/src/workspace/table/access.spec.d.ts.map +1 -0
package/dist/src/workspace/table/client.d.ts +8 -1
package/dist/src/workspace/table/client.d.ts.map +1 -1
package/package.json +3 -3
package/src/access/client.ts +5 -2
package/src/access/enforce.spec.ts +189 -0
package/src/access/enforce.ts +84 -0
package/src/access/external.ts +3 -0
package/src/access/payload.ts +1 -13
package/src/access/policy/access.spec.ts +147 -0
package/src/access/policy/client.ts +21 -25
package/src/access/policy/payload.ts +9 -5
package/src/access/role/client.ts +135 -0
package/src/access/role/external.ts +11 -0
package/src/{hardware → access/role}/index.ts +1 -1
package/src/access/role/payload.ts +32 -0
package/src/access/role/role.spec.ts +95 -0
package/src/arc/access.spec.ts +143 -0
package/src/arc/client.ts +7 -31
package/src/arc/payload.ts +4 -0
package/src/auth/auth.ts +33 -11
package/src/channel/access.spec.ts +116 -0
package/src/channel/channel.spec.ts +63 -73
package/src/channel/client.ts +2 -8
package/src/channel/payload.spec.ts +171 -0
package/src/channel/payload.ts +35 -7
package/src/channel/retriever.ts +10 -11
package/src/channel/writer.ts +3 -7
package/src/client.ts +14 -18
package/src/device/access.spec.ts +159 -0
package/src/{hardware/device → device}/client.ts +12 -21
package/src/{hardware/device → device}/device.spec.ts +70 -34
package/src/device/external.ts +11 -0
package/src/{hardware/rack → device}/index.ts +1 -1
package/src/{hardware/device → device}/payload.ts +3 -3
package/src/errors.ts +2 -0
package/src/framer/adapter.spec.ts +14 -14
package/src/framer/client.spec.ts +14 -20
package/src/framer/client.ts +15 -20
package/src/framer/deleter.spec.ts +1 -1
package/src/framer/frame.spec.ts +131 -0
package/src/framer/frame.ts +10 -2
package/src/framer/iterator.ts +3 -3
package/src/framer/reader.spec.ts +736 -0
package/src/framer/reader.ts +265 -0
package/src/framer/streamer.spec.ts +100 -12
package/src/framer/streamer.ts +29 -9
package/src/framer/writer.spec.ts +5 -5
package/src/index.ts +4 -5
package/src/label/access.spec.ts +109 -0
package/src/label/client.ts +10 -14
package/src/ontology/client.ts +4 -6
package/src/ontology/group/access.spec.ts +77 -0
package/src/ontology/group/client.ts +3 -7
package/src/ontology/group/group.spec.ts +18 -0
package/src/ontology/group/payload.ts +2 -2
package/src/ontology/ontology.spec.ts +2 -0
package/src/ontology/payload.ts +18 -2
package/src/ontology/writer.ts +3 -7
package/src/rack/access.spec.ts +102 -0
package/src/{hardware/rack → rack}/client.ts +14 -19
package/src/{hardware/device/index.ts → rack/external.ts} +2 -1
package/src/{hardware/external.ts → rack/index.ts} +1 -1
package/src/{hardware/rack → rack}/payload.ts +2 -2
package/src/{hardware/rack → rack}/rack.spec.ts +43 -17
package/src/ranger/access.spec.ts +115 -0
package/src/ranger/alias.ts +6 -14
package/src/ranger/client.ts +13 -14
package/src/ranger/kv.ts +7 -9
package/src/ranger/ranger.spec.ts +4 -4
package/src/ranger/writer.ts +3 -7
package/src/status/access.spec.ts +129 -0
package/src/status/client.ts +5 -9
package/src/status/payload.ts +3 -2
package/src/task/access.spec.ts +131 -0
package/src/{hardware/task → task}/client.ts +50 -25
package/src/task/external.ts +11 -0
package/src/{hardware/task → task}/index.ts +1 -1
package/src/{hardware/task → task}/payload.ts +22 -3
package/src/{hardware/task → task}/task.spec.ts +197 -34
package/src/testutil/access.ts +34 -0
package/src/testutil/channels.ts +3 -3
package/src/transport.ts +1 -3
package/src/user/access.spec.ts +107 -0
package/src/user/client.ts +10 -12
package/src/user/external.ts +12 -1
package/src/user/payload.ts +3 -5
package/src/workspace/access.spec.ts +108 -0
package/src/workspace/client.ts +11 -27
package/src/workspace/lineplot/access.spec.ts +134 -0
package/src/workspace/lineplot/client.ts +8 -13
package/src/workspace/log/access.spec.ts +134 -0
package/src/workspace/log/client.ts +8 -13
package/src/workspace/schematic/access.spec.ts +134 -0
package/src/workspace/schematic/client.ts +9 -18
package/src/workspace/schematic/symbol/access.spec.ts +172 -0
package/src/workspace/schematic/symbol/client.ts +6 -17
package/src/workspace/schematic/symbol/payload.ts +1 -1
package/src/workspace/table/access.spec.ts +134 -0
package/src/workspace/table/client.ts +8 -13
package/dist/src/access/policy/policy.spec.d.ts +0 -2
package/dist/src/access/policy/policy.spec.d.ts.map +0 -1
package/dist/src/hardware/client.d.ts +0 -10
package/dist/src/hardware/client.d.ts.map +0 -1
package/dist/src/hardware/device/client.d.ts.map +0 -1
package/dist/src/hardware/device/device.spec.d.ts.map +0 -1
package/dist/src/hardware/device/external.d.ts.map +0 -1
package/dist/src/hardware/device/index.d.ts.map +0 -1
package/dist/src/hardware/device/payload.d.ts.map +0 -1
package/dist/src/hardware/external.d.ts +0 -2
package/dist/src/hardware/external.d.ts.map +0 -1
package/dist/src/hardware/index.d.ts +0 -2
package/dist/src/hardware/index.d.ts.map +0 -1
package/dist/src/hardware/rack/client.d.ts.map +0 -1
package/dist/src/hardware/rack/external.d.ts.map +0 -1
package/dist/src/hardware/rack/index.d.ts.map +0 -1
package/dist/src/hardware/rack/payload.d.ts.map +0 -1
package/dist/src/hardware/rack/rack.spec.d.ts.map +0 -1
package/dist/src/hardware/task/client.d.ts.map +0 -1
package/dist/src/hardware/task/external.d.ts.map +0 -1
package/dist/src/hardware/task/index.d.ts.map +0 -1
package/dist/src/hardware/task/payload.d.ts.map +0 -1
package/dist/src/hardware/task/task.spec.d.ts.map +0 -1
package/dist/src/user/retriever.d.ts +0 -16
package/dist/src/user/retriever.d.ts.map +0 -1
package/dist/src/user/writer.d.ts +0 -11
package/dist/src/user/writer.d.ts.map +0 -1
package/src/access/policy/policy.spec.ts +0 -329
package/src/hardware/client.ts +0 -24
package/src/hardware/device/external.ts +0 -11
package/src/hardware/rack/external.ts +0 -11
package/src/hardware/task/external.ts +0 -11
package/src/user/retriever.ts +0 -41
package/src/user/writer.ts +0 -84
/package/dist/src/{hardware/device → access/role}/external.d.ts +0 -0
/package/dist/src/{hardware/device → device}/device.spec.d.ts +0 -0
/package/dist/src/{hardware/rack → device}/external.d.ts +0 -0
/package/dist/src/{hardware/device → device}/index.d.ts +0 -0
/package/dist/src/{hardware/task → rack}/external.d.ts +0 -0
/package/dist/src/{hardware/rack → rack}/index.d.ts +0 -0
/package/dist/src/{hardware/rack → rack}/rack.spec.d.ts +0 -0
/package/dist/src/{hardware/task → task}/index.d.ts +0 -0
/package/dist/src/{hardware/task → task}/task.spec.d.ts +0 -0

package/src/user/client.ts CHANGED Viewed

@@ -12,7 +12,7 @@ import { array } from "@synnaxlabs/x";
 import { z } from "zod";
 import { MultipleFoundError, NotFoundError } from "@/errors";
-import { type ontology } from "@/ontology";
+import { ontology } from "@/ontology";
 import { type Key, keyZ, type New, newZ, type User, userZ } from "@/user/payload";
 const retrieveRequestZ = z.object({
@@ -68,11 +68,8 @@ const renameResZ = z.object({});
 const deleteReqZ = z.object({ keys: keyZ.array() });
 const deleteResZ = z.object({});
-const RETRIEVE_ENDPOINT = "/user/retrieve";
-const CREATE_ENDPOINT = "/user/create";
-const CHANGE_USERNAME_ENDPOINT = "/user/change-username";
-const RENAME_ENDPOINT = "/user/rename";
-const DELETE_ENDPOINT = "/user/delete";
+export const SET_CHANNEL_NAME = "sy_user_set";
+export const DELETE_CHANNEL_NAME = "sy_user_delete";
 export class Client {
   private readonly client: UnaryClient;
@@ -87,7 +84,7 @@ export class Client {
     const isMany = Array.isArray(users);
     const res = await sendRequired<typeof createReqZ, typeof createResZ>(
       this.client,
-      CREATE_ENDPOINT,
+      "/user/create",
       { users: array.toArray(users) },
       createReqZ,
       createResZ,
@@ -98,7 +95,7 @@ export class Client {
   async changeUsername(key: Key, newUsername: string): Promise<void> {
     await sendRequired<typeof changeUsernameReqZ, typeof changeUsernameResZ>(
       this.client,
-      CHANGE_USERNAME_ENDPOINT,
+      "/user/change-username",
       { key, username: newUsername },
       changeUsernameReqZ,
       changeUsernameResZ,
@@ -112,7 +109,7 @@ export class Client {
     const isSingle = "key" in args || "username" in args;
     const res = await sendRequired<typeof retrieveArgsZ, typeof retrieveResZ>(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/user/retrieve",
       args,
       retrieveArgsZ,
       retrieveResZ,
@@ -136,7 +133,7 @@ export class Client {
   async rename(key: Key, firstName?: string, lastName?: string): Promise<void> {
     await sendRequired<typeof renameReqZ, typeof renameResZ>(
       this.client,
-      RENAME_ENDPOINT,
+      "/user/rename",
       { key, firstName, lastName },
       renameReqZ,
       renameResZ,
@@ -148,7 +145,7 @@ export class Client {
   async delete(keys: Key | Key[]): Promise<void> {
     await sendRequired<typeof deleteReqZ, typeof deleteResZ>(
       this.client,
-      DELETE_ENDPOINT,
+      "/user/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       deleteResZ,
@@ -156,4 +153,5 @@ export class Client {
   }
 }
-export const ontologyID = (key: Key): ontology.ID => ({ type: "user", key });
+export const ontologyID = ontology.createIDFactory<Key>("user");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/user/external.ts CHANGED Viewed

@@ -7,5 +7,16 @@
 // License, use of this software will be governed by the Apache License, Version 2.0,
 // included in the file licenses/APL.txt.
-export * from "@/user/client";
+export {
+  Client,
+  DELETE_CHANNEL_NAME,
+  type KeyRetrieveRequest,
+  ontologyID,
+  type RetrieveArgs,
+  type RetrieveRequest,
+  SET_CHANNEL_NAME,
+  TYPE_ONTOLOGY_ID,
+  type UsernameRetrieveRequest,
+  type UsernamesRetrieveRequest,
+} from "@/user/client";
 export * from "@/user/payload";

package/src/user/payload.ts CHANGED Viewed

@@ -15,17 +15,15 @@ export type Key = z.infer<typeof keyZ>;
 export const userZ = z.object({
   key: keyZ,
   username: z.string().min(1, "Username is required"),
-  // defaults for firstName, lastName, and rootUser are done to give compatibility with
-  // servers running v0.30.x and earlier. These defaults should be removed in a future
-  // release.
   firstName: z.string().default(""),
   lastName: z.string().default(""),
-  rootUser: z.boolean().default(true),
+  rootUser: z.boolean().default(false),
 });
 export interface User extends z.infer<typeof userZ> {}
 export const newZ = userZ
-  .partial({ key: true, firstName: true, lastName: true })
   .omit({ rootUser: true })
+  .partial({ key: true, firstName: true, lastName: true })
   .extend({ password: z.string().min(1) });
 export interface New extends z.infer<typeof newZ> {}

package/src/workspace/access.spec.ts ADDED Viewed

@@ -0,0 +1,108 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+import { describe, expect, it } from "vitest";
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { workspace } from "@/workspace";
+const client = createTestClient();
+describe("workspace", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(userClient.workspaces.retrieve(randomWorkspace.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+    it("should allow the caller to retrieve workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const retrieved = await userClient.workspaces.retrieve(randomWorkspace.key);
+      expect(retrieved.key).toBe(randomWorkspace.key);
+      expect(retrieved.name).toBe(randomWorkspace.name);
+    });
+    it("should allow the caller to create workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["create"],
+      });
+      await userClient.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+    });
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: [],
+      });
+      await expect(
+        userClient.workspaces.create({
+          name: "test",
+          layout: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+    it("should allow the caller to delete workspaces with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: ["delete"],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.delete(randomWorkspace.key);
+      await expect(userClient.workspaces.retrieve(randomWorkspace.key)).rejects.toThrow(
+        NotFoundError,
+      );
+    });
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [workspace.ontologyID("")],
+        actions: [],
+      });
+      const randomWorkspace = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(userClient.workspaces.delete(randomWorkspace.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+  });
+});

package/src/workspace/client.ts CHANGED Viewed

@@ -11,8 +11,8 @@ import { sendRequired, type UnaryClient } from "@synnaxlabs/freighter";
 import { array, record } from "@synnaxlabs/x";
 import { z } from "zod";
-import { type ontology } from "@/ontology";
-import { type Key as UserKey, keyZ as userKeyZ } from "@/user/payload";
+import { ontology } from "@/ontology";
+import { keyZ as userKeyZ } from "@/user/payload";
 import { lineplot } from "@/workspace/lineplot";
 import { log } from "@/workspace/log";
 import {
@@ -28,18 +28,12 @@ import {
 import { schematic } from "@/workspace/schematic";
 import { table } from "@/workspace/table";
-const RETRIEVE_ENDPOINT = "/workspace/retrieve";
-const CREATE_ENDPOINT = "/workspace/create";
-const RENAME_ENDPOINT = "/workspace/rename";
-const SET_LAYOUT_ENDPOINT = "/workspace/set-layout";
-const DELETE_ENDPOINT = "/workspace/delete";
 const retrieveReqZ = z.object({
   keys: keyZ.array().optional(),
   searchTerm: z.string().optional(),
   author: userKeyZ.optional(),
-  offset: z.number().optional(),
-  limit: z.number().optional(),
+  offset: z.int().optional(),
+  limit: z.int().optional(),
 });
 export interface RetrieveRequest extends z.infer<typeof retrieveReqZ> {}
 const createReqZ = z.object({ workspaces: newZ.array() });
@@ -80,7 +74,7 @@ export class Client {
     const isMany = Array.isArray(workspaces);
     const res = await sendRequired(
       this.client,
-      CREATE_ENDPOINT,
+      "/workspace/create",
       { workspaces: array.toArray(workspaces) },
       createReqZ,
       createResZ,
@@ -91,7 +85,7 @@ export class Client {
   async rename(key: Key, name: string): Promise<void> {
     await sendRequired(
       this.client,
-      RENAME_ENDPOINT,
+      "/workspace/rename",
       { key, name },
       renameReqZ,
       emptyResZ,
@@ -101,7 +95,7 @@ export class Client {
   async setLayout(key: Key, layout: record.Unknown): Promise<void> {
     await sendRequired(
       this.client,
-      SET_LAYOUT_ENDPOINT,
+      "/workspace/set-layout",
       { key, layout },
       setLayoutReqZ,
       emptyResZ,
@@ -119,7 +113,7 @@ export class Client {
     else req = keys;
     const res = await sendRequired(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/workspace/retrieve",
       req,
       retrieveReqZ,
       retrieveResZ,
@@ -127,23 +121,12 @@ export class Client {
     return isMany ? res.workspaces : res.workspaces[0];
   }
-  async retrieveByAuthor(author: UserKey): Promise<Workspace[]> {
-    const res = await sendRequired(
-      this.client,
-      RETRIEVE_ENDPOINT,
-      { author },
-      retrieveReqZ,
-      retrieveResZ,
-    );
-    return res.workspaces;
-  }
   async delete(key: Key): Promise<void>;
   async delete(keys: Key[]): Promise<void>;
   async delete(keys: Params): Promise<void> {
     await sendRequired(
       this.client,
-      DELETE_ENDPOINT,
+      "/workspace/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       emptyResZ,
@@ -151,4 +134,5 @@ export class Client {
   }
 }
-export const ontologyID = (key: Key): ontology.ID => ({ type: "workspace", key });
+export const ontologyID = ontology.createIDFactory<Key>("workspace");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/workspace/lineplot/access.spec.ts ADDED Viewed

@@ -0,0 +1,134 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+import { describe, expect, it } from "vitest";
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { lineplot } from "@/workspace/lineplot";
+const client = createTestClient();
+describe("lineplot", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.retrieve({ key: randomLinePlot.key }),
+      ).rejects.toThrow(AuthError);
+    });
+    it("should allow the caller to retrieve lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      const retrieved = await userClient.workspaces.lineplots.retrieve({
+        key: randomLinePlot.key,
+      });
+      expect(retrieved.key).toBe(randomLinePlot.key);
+      expect(retrieved.name).toBe(randomLinePlot.name);
+    });
+    it("should allow the caller to create lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["create"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+    });
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.create(ws.key, {
+          name: "test",
+          data: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+    it("should allow the caller to delete lineplots with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: ["delete", "retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await userClient.workspaces.lineplots.delete(randomLinePlot.key);
+      await expect(
+        userClient.workspaces.lineplots.retrieve({ key: randomLinePlot.key }),
+      ).rejects.toThrow(NotFoundError);
+    });
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [lineplot.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLinePlot = await client.workspaces.lineplots.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.lineplots.delete(randomLinePlot.key),
+      ).rejects.toThrow(AuthError);
+    });
+  });
+});

package/src/workspace/lineplot/client.ts CHANGED Viewed

@@ -11,7 +11,7 @@ import { sendRequired, type UnaryClient } from "@synnaxlabs/freighter";
 import { array, type record } from "@synnaxlabs/x";
 import { z } from "zod";
-import { type ontology } from "@/ontology";
+import { ontology } from "@/ontology";
 import { checkForMultipleOrNoResults } from "@/util/retrieve";
 import {
   type Key,
@@ -24,12 +24,6 @@ import {
 } from "@/workspace/lineplot/payload";
 import { type Key as WorkspaceKey, keyZ as workspaceKeyZ } from "@/workspace/payload";
-const RETRIEVE_ENDPOINT = "/workspace/lineplot/retrieve";
-const CREATE_ENDPOINT = "/workspace/lineplot/create";
-const RENAME_ENDPOINT = "/workspace/lineplot/rename";
-const SET_DATA_ENDPOINT = "/workspace/lineplot/set-data";
-const DELETE_ENDPOINT = "/workspace/lineplot/delete";
 const renameReqZ = z.object({ key: keyZ, name: z.string() });
 const setDataReqZ = z.object({ key: keyZ, data: z.string() });
@@ -68,7 +62,7 @@ export class Client {
     const isMany = Array.isArray(linePlots);
     const res = await sendRequired(
       this.client,
-      CREATE_ENDPOINT,
+      "/workspace/lineplot/create",
       { workspace, linePlots: array.toArray(linePlots) },
       createReqZ,
       createResZ,
@@ -79,7 +73,7 @@ export class Client {
   async rename(key: Key, name: string): Promise<void> {
     await sendRequired(
       this.client,
-      RENAME_ENDPOINT,
+      "/workspace/lineplot/rename",
       { key, name },
       renameReqZ,
       emptyResZ,
@@ -89,7 +83,7 @@ export class Client {
   async setData(key: Key, data: record.Unknown): Promise<void> {
     await sendRequired(
       this.client,
-      SET_DATA_ENDPOINT,
+      "/workspace/lineplot/set-data",
       { key, data: JSON.stringify(data) },
       setDataReqZ,
       emptyResZ,
@@ -104,7 +98,7 @@ export class Client {
     const isSingle = singleRetrieveArgsZ.safeParse(args).success;
     const res = await sendRequired(
       this.client,
-      RETRIEVE_ENDPOINT,
+      "/workspace/lineplot/retrieve",
       args,
       retrieveArgsZ,
       retrieveResZ,
@@ -116,7 +110,7 @@ export class Client {
   async delete(keys: Params): Promise<void> {
     await sendRequired(
       this.client,
-      DELETE_ENDPOINT,
+      "/workspace/lineplot/delete",
       { keys: array.toArray(keys) },
       deleteReqZ,
       emptyResZ,
@@ -124,4 +118,5 @@ export class Client {
   }
 }
-export const ontologyID = (key: Key): ontology.ID => ({ type: "lineplot", key });
+export const ontologyID = ontology.createIDFactory<Key>("lineplot");
+export const TYPE_ONTOLOGY_ID = ontologyID("");

package/src/workspace/log/access.spec.ts ADDED Viewed

@@ -0,0 +1,134 @@
+// Copyright 2025 Synnax Labs, Inc.
+//
+// Use of this software is governed by the Business Source License included in the file
+// licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with the Business Source
+// License, use of this software will be governed by the Apache License, Version 2.0,
+// included in the file licenses/APL.txt.
+import { describe, expect, it } from "vitest";
+import { AuthError, NotFoundError } from "@/errors";
+import { createTestClientWithPolicy } from "@/testutil/access";
+import { createTestClient } from "@/testutil/client";
+import { log } from "@/workspace/log";
+const client = createTestClient();
+describe("log", () => {
+  describe("access control", () => {
+    it("should deny access when no retrieve policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(
+        userClient.workspaces.logs.retrieve({ key: randomLog.key }),
+      ).rejects.toThrow(AuthError);
+    });
+    it("should allow the caller to retrieve logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      const retrieved = await userClient.workspaces.logs.retrieve({
+        key: randomLog.key,
+      });
+      expect(retrieved.key).toBe(randomLog.key);
+      expect(retrieved.name).toBe(randomLog.name);
+    });
+    it("should allow the caller to create logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["create"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await userClient.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+    });
+    it("should deny access when no create policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      await expect(
+        userClient.workspaces.logs.create(ws.key, {
+          name: "test",
+          data: {},
+        }),
+      ).rejects.toThrow(AuthError);
+    });
+    it("should allow the caller to delete logs with the correct policy", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: ["delete", "retrieve"],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await userClient.workspaces.logs.delete(randomLog.key);
+      await expect(
+        userClient.workspaces.logs.retrieve({ key: randomLog.key }),
+      ).rejects.toThrow(NotFoundError);
+    });
+    it("should deny access when no delete policy exists", async () => {
+      const userClient = await createTestClientWithPolicy(client, {
+        name: "test",
+        objects: [log.ontologyID("")],
+        actions: [],
+      });
+      const ws = await client.workspaces.create({
+        name: "test",
+        layout: {},
+      });
+      const randomLog = await client.workspaces.logs.create(ws.key, {
+        name: "test",
+        data: {},
+      });
+      await expect(userClient.workspaces.logs.delete(randomLog.key)).rejects.toThrow(
+        AuthError,
+      );
+    });
+  });
+});