@webiny/app-admin 6.1.0 → 6.2.0-beta.0

package/permissions/createPermissions.test.js

@@ -0,0 +1,177 @@
+import { describe, it, expect } from "vitest";
+import { Container } from "@webiny/di";
+import { createPermissionsAbstraction, createPermissionsFeature } from "./createPermissions.js";
+import { createPermissionSchema } from "./createPermissionSchema.js";
+import { IdentityContext } from "../features/security/IdentityContext/abstractions.js";
+import { IdentityContext as IdentityContextImpl } from "../features/security/IdentityContext/IdentityContext.js";
+import { Identity } from "../domain/Identity.js";
+const TEST_SCHEMA = createPermissionSchema({
+  prefix: "test",
+  fullAccess: true,
+  entities: [{
+    id: "page",
+    title: "Page",
+    permission: "test.page",
+    scopes: ["full", "own"],
+    actions: [{
+      name: "rwd"
+    }, {
+      name: "pw"
+    }]
+  }]
+});
+const TestPermissions = createPermissionsAbstraction(TEST_SCHEMA);
+const TestPermissionsFeature = createPermissionsFeature(TEST_SCHEMA, TestPermissions);
+function resolve(permissions) {
+  const container = new Container();
+  container.register(IdentityContextImpl).inSingletonScope();
+  TestPermissionsFeature.register(container);
+  const identityContext = container.resolve(IdentityContext);
+  identityContext.setIdentity(Identity.createAuthenticated({
+    id: "test-user",
+    displayName: "Test User",
+    type: "admin",
+    roles: [],
+    teams: [],
+    permissions,
+    profile: {
+      external: false
+    },
+    currentTenant: {
+      id: "root",
+      name: "Root"
+    },
+    defaultTenant: {
+      id: "root",
+      name: "Root"
+    }
+  }));
+  return container.resolve(TestPermissions);
+}
+describe("SchemaPermissions", () => {
+  describe("full access", () => {
+    it("grants everything with unrestricted wildcard", () => {
+      const p = resolve([{
+        name: "test.*"
+      }]);
+      expect(p.canAccess("page")).toBe(true);
+      expect(p.canRead("page")).toBe(true);
+      expect(p.canCreate("page")).toBe(true);
+      expect(p.canEdit("page")).toBe(true);
+      expect(p.canDelete("page")).toBe(true);
+      expect(p.canPublish("page")).toBe(true);
+      expect(p.canUnpublish("page")).toBe(true);
+    });
+    it("rejects wildcard with rwd restriction as non-full access", () => {
+      const p = resolve([{
+        name: "test.*",
+        rwd: "r"
+      }]);
+      expect(p.canCreate("page")).toBe(false);
+      expect(p.canDelete("page")).toBe(false);
+    });
+  });
+  describe("entity-level access", () => {
+    it("grants access when entity permission exists", () => {
+      const p = resolve([{
+        name: "test.page"
+      }]);
+      expect(p.canAccess("page")).toBe(true);
+    });
+    it("denies access when no permission exists", () => {
+      const p = resolve([]);
+      expect(p.canAccess("page")).toBe(false);
+    });
+  });
+  describe("rwd actions", () => {
+    it("respects read permission", () => {
+      const p = resolve([{
+        name: "test.page",
+        rwd: "r"
+      }]);
+      expect(p.canRead("page")).toBe(true);
+      expect(p.canCreate("page")).toBe(false);
+      expect(p.canDelete("page")).toBe(false);
+    });
+    it("respects write permission", () => {
+      const p = resolve([{
+        name: "test.page",
+        rwd: "rw"
+      }]);
+      expect(p.canRead("page")).toBe(true);
+      expect(p.canCreate("page")).toBe(true);
+      expect(p.canEdit("page")).toBe(true);
+      expect(p.canDelete("page")).toBe(false);
+    });
+    it("respects delete permission", () => {
+      const p = resolve([{
+        name: "test.page",
+        rwd: "d"
+      }]);
+      expect(p.canDelete("page")).toBe(true);
+      expect(p.canRead("page")).toBe(false);
+    });
+  });
+  describe("publish/unpublish actions", () => {
+    it("grants publish when pw includes p", () => {
+      const p = resolve([{
+        name: "test.page",
+        pw: "p"
+      }]);
+      expect(p.canPublish("page")).toBe(true);
+      expect(p.canUnpublish("page")).toBe(false);
+    });
+    it("grants both when pw includes pu", () => {
+      const p = resolve([{
+        name: "test.page",
+        pw: "pu"
+      }]);
+      expect(p.canPublish("page")).toBe(true);
+      expect(p.canUnpublish("page")).toBe(true);
+    });
+  });
+  describe("own scope", () => {
+    it("allows edit when item is owned by the user", () => {
+      const p = resolve([{
+        name: "test.page",
+        own: true
+      }]);
+      expect(p.canEdit("page", {
+        createdBy: {
+          id: "test-user"
+        }
+      })).toBe(true);
+    });
+    it("denies edit when item is owned by someone else", () => {
+      const p = resolve([{
+        name: "test.page",
+        own: true
+      }]);
+      expect(p.canEdit("page", {
+        createdBy: {
+          id: "other-user"
+        }
+      })).toBe(false);
+    });
+    it("allows edit when no item is provided (optimistic)", () => {
+      const p = resolve([{
+        name: "test.page",
+        own: true
+      }]);
+      expect(p.canEdit("page")).toBe(true);
+    });
+    it("denies delete when item is owned by someone else", () => {
+      const p = resolve([{
+        name: "test.page",
+        own: true
+      }]);
+      expect(p.canDelete("page", {
+        createdBy: {
+          id: "other-user"
+        }
+      })).toBe(false);
+    });
+  });
+});
+
+//# sourceMappingURL=createPermissions.test.js.map

package/permissions/createPermissions.test.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["describe","it","expect","Container","createPermissionsAbstraction","createPermissionsFeature","createPermissionSchema","IdentityContext","IdentityContextImpl","Identity","TEST_SCHEMA","prefix","fullAccess","entities","id","title","permission","scopes","actions","name","TestPermissions","TestPermissionsFeature","resolve","permissions","container","register","inSingletonScope","identityContext","setIdentity","createAuthenticated","displayName","type","roles","teams","profile","external","currentTenant","defaultTenant","p","canAccess","toBe","canRead","canCreate","canEdit","canDelete","canPublish","canUnpublish","rwd","pw","own","createdBy"],"sources":["createPermissions.test.ts"],"sourcesContent":["import { describe, it, expect } from \"vitest\";\nimport { Container } from \"@webiny/di\";\nimport { createPermissionsAbstraction, createPermissionsFeature } from \"./createPermissions.js\";\nimport { createPermissionSchema } from \"./createPermissionSchema.js\";\nimport { IdentityContext } from \"~/features/security/IdentityContext/abstractions.js\";\nimport { IdentityContext as IdentityContextImpl } from \"~/features/security/IdentityContext/IdentityContext.js\";\nimport { Identity } from \"~/domain/Identity.js\";\n\nconst TEST_SCHEMA = createPermissionSchema({\n    prefix: \"test\",\n    fullAccess: true,\n    entities: [\n        {\n            id: \"page\",\n            title: \"Page\",\n            permission: \"test.page\",\n            scopes: [\"full\", \"own\"],\n            actions: [{ name: \"rwd\" }, { name: \"pw\" }]\n        }\n    ]\n} as const);\n\nconst TestPermissions = createPermissionsAbstraction(TEST_SCHEMA);\nconst TestPermissionsFeature = createPermissionsFeature(TEST_SCHEMA, TestPermissions);\n\nfunction resolve(permissions: Array<{ name: string; [key: string]: any }>) {\n    const container = new Container();\n    container.register(IdentityContextImpl).inSingletonScope();\n    TestPermissionsFeature.register(container);\n\n    const identityContext = container.resolve(IdentityContext);\n    identityContext.setIdentity(\n        Identity.createAuthenticated({\n            id: \"test-user\",\n            displayName: \"Test User\",\n            type: \"admin\",\n            roles: [],\n            teams: [],\n            permissions,\n            profile: { external: false },\n            currentTenant: { id: \"root\", name: \"Root\" },\n            defaultTenant: { id: \"root\", name: \"Root\" }\n        })\n    );\n\n    return container.resolve(TestPermissions);\n}\n\ndescribe(\"SchemaPermissions\", () => {\n    describe(\"full access\", () => {\n        it(\"grants everything with unrestricted wildcard\", () => {\n            const p = resolve([{ name: \"test.*\" }]);\n            expect(p.canAccess(\"page\")).toBe(true);\n            expect(p.canRead(\"page\")).toBe(true);\n            expect(p.canCreate(\"page\")).toBe(true);\n            expect(p.canEdit(\"page\")).toBe(true);\n            expect(p.canDelete(\"page\")).toBe(true);\n            expect(p.canPublish(\"page\")).toBe(true);\n            expect(p.canUnpublish(\"page\")).toBe(true);\n        });\n\n        it(\"rejects wildcard with rwd restriction as non-full access\", () => {\n            const p = resolve([{ name: \"test.*\", rwd: \"r\" }]);\n            expect(p.canCreate(\"page\")).toBe(false);\n            expect(p.canDelete(\"page\")).toBe(false);\n        });\n    });\n\n    describe(\"entity-level access\", () => {\n        it(\"grants access when entity permission exists\", () => {\n            const p = resolve([{ name: \"test.page\" }]);\n            expect(p.canAccess(\"page\")).toBe(true);\n        });\n\n        it(\"denies access when no permission exists\", () => {\n            const p = resolve([]);\n            expect(p.canAccess(\"page\")).toBe(false);\n        });\n    });\n\n    describe(\"rwd actions\", () => {\n        it(\"respects read permission\", () => {\n            const p = resolve([{ name: \"test.page\", rwd: \"r\" }]);\n            expect(p.canRead(\"page\")).toBe(true);\n            expect(p.canCreate(\"page\")).toBe(false);\n            expect(p.canDelete(\"page\")).toBe(false);\n        });\n\n        it(\"respects write permission\", () => {\n            const p = resolve([{ name: \"test.page\", rwd: \"rw\" }]);\n            expect(p.canRead(\"page\")).toBe(true);\n            expect(p.canCreate(\"page\")).toBe(true);\n            expect(p.canEdit(\"page\")).toBe(true);\n            expect(p.canDelete(\"page\")).toBe(false);\n        });\n\n        it(\"respects delete permission\", () => {\n            const p = resolve([{ name: \"test.page\", rwd: \"d\" }]);\n            expect(p.canDelete(\"page\")).toBe(true);\n            expect(p.canRead(\"page\")).toBe(false);\n        });\n    });\n\n    describe(\"publish/unpublish actions\", () => {\n        it(\"grants publish when pw includes p\", () => {\n            const p = resolve([{ name: \"test.page\", pw: \"p\" }]);\n            expect(p.canPublish(\"page\")).toBe(true);\n            expect(p.canUnpublish(\"page\")).toBe(false);\n        });\n\n        it(\"grants both when pw includes pu\", () => {\n            const p = resolve([{ name: \"test.page\", pw: \"pu\" }]);\n            expect(p.canPublish(\"page\")).toBe(true);\n            expect(p.canUnpublish(\"page\")).toBe(true);\n        });\n    });\n\n    describe(\"own scope\", () => {\n        it(\"allows edit when item is owned by the user\", () => {\n            const p = resolve([{ name: \"test.page\", own: true }]);\n            expect(p.canEdit(\"page\", { createdBy: { id: \"test-user\" } })).toBe(true);\n        });\n\n        it(\"denies edit when item is owned by someone else\", () => {\n            const p = resolve([{ name: \"test.page\", own: true }]);\n            expect(p.canEdit(\"page\", { createdBy: { id: \"other-user\" } })).toBe(false);\n        });\n\n        it(\"allows edit when no item is provided (optimistic)\", () => {\n            const p = resolve([{ name: \"test.page\", own: true }]);\n            expect(p.canEdit(\"page\")).toBe(true);\n        });\n\n        it(\"denies delete when item is owned by someone else\", () => {\n            const p = resolve([{ name: \"test.page\", own: true }]);\n            expect(p.canDelete(\"page\", { createdBy: { id: \"other-user\" } })).toBe(false);\n        });\n    });\n});\n"],"mappings":"AAAA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,QAAQ,QAAQ;AAC7C,SAASC,SAAS,QAAQ,YAAY;AACtC,SAASC,4BAA4B,EAAEC,wBAAwB;AAC/D,SAASC,sBAAsB;AAC/B,SAASC,eAAe;AACxB,SAASA,eAAe,IAAIC,mBAAmB;AAC/C,SAASC,QAAQ;AAEjB,MAAMC,WAAW,GAAGJ,sBAAsB,CAAC;EACvCK,MAAM,EAAE,MAAM;EACdC,UAAU,EAAE,IAAI;EAChBC,QAAQ,EAAE,CACN;IACIC,EAAE,EAAE,MAAM;IACVC,KAAK,EAAE,MAAM;IACbC,UAAU,EAAE,WAAW;IACvBC,MAAM,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC;IACvBC,OAAO,EAAE,CAAC;MAAEC,IAAI,EAAE;IAAM,CAAC,EAAE;MAAEA,IAAI,EAAE;IAAK,CAAC;EAC7C,CAAC;AAET,CAAU,CAAC;AAEX,MAAMC,eAAe,GAAGhB,4BAA4B,CAACM,WAAW,CAAC;AACjE,MAAMW,sBAAsB,GAAGhB,wBAAwB,CAACK,WAAW,EAAEU,eAAe,CAAC;AAErF,SAASE,OAAOA,CAACC,WAAwD,EAAE;EACvE,MAAMC,SAAS,GAAG,IAAIrB,SAAS,CAAC,CAAC;EACjCqB,SAAS,CAACC,QAAQ,CAACjB,mBAAmB,CAAC,CAACkB,gBAAgB,CAAC,CAAC;EAC1DL,sBAAsB,CAACI,QAAQ,CAACD,SAAS,CAAC;EAE1C,MAAMG,eAAe,GAAGH,SAAS,CAACF,OAAO,CAACf,eAAe,CAAC;EAC1DoB,eAAe,CAACC,WAAW,CACvBnB,QAAQ,CAACoB,mBAAmB,CAAC;IACzBf,EAAE,EAAE,WAAW;IACfgB,WAAW,EAAE,WAAW;IACxBC,IAAI,EAAE,OAAO;IACbC,KAAK,EAAE,EAAE;IACTC,KAAK,EAAE,EAAE;IACTV,WAAW;IACXW,OAAO,EAAE;MAAEC,QAAQ,EAAE;IAAM,CAAC;IAC5BC,aAAa,EAAE;MAAEtB,EAAE,EAAE,MAAM;MAAEK,IAAI,EAAE;IAAO,CAAC;IAC3CkB,aAAa,EAAE;MAAEvB,EAAE,EAAE,MAAM;MAAEK,IAAI,EAAE;IAAO;EAC9C,CAAC,CACL,CAAC;EAED,OAAOK,SAAS,CAACF,OAAO,CAACF,eAAe,CAAC;AAC7C;AAEApB,QAAQ,CAAC,mBAAmB,EAAE,MAAM;EAChCA,QAAQ,CAAC,aAAa,EAAE,MAAM;IAC1BC,EAAE,CAAC,8CAA8C,EAAE,MAAM;MACrD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE;MAAS,CAAC,CAAC,CAAC;MACvCjB,MAAM,CAACoC,CAAC,CAACC,SAAS,CAAC,MAAM,CAAC,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;MACtCtC,MAAM,CAACoC,CAAC,CAACG,OAAO,CAAC,MAAM,CAAC,CAAC,CAACD,IAAI,CAAC,IAAI,CAAC;MACpCtC,MAAM,CAACoC,CAAC,CAACI,SAAS,CAAC,MAAM,CAAC,CAAC,CAACF,IAAI,CAAC,IAAI,CAAC;MACtCtC,MAAM,CAACoC,CAAC,CAACK,OAAO,CAAC,MAAM,CAAC,CAAC,CAACH,IAAI,CAAC,IAAI,CAAC;MACpCtC,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,CAAC,CAAC,CAACJ,IAAI,CAAC,IAAI,CAAC;MACtCtC,MAAM,CAACoC,CAAC,CAACO,UAAU,CAAC,MAAM,CAAC,CAAC,CAACL,IAAI,CAAC,IAAI,CAAC;MACvCtC,MAAM,CAACoC,CAAC,CAACQ,YAAY,CAAC,MAAM,CAAC,CAAC,CAACN,IAAI,CAAC,IAAI,CAAC;IAC7C,CAAC,CAAC;IAEFvC,EAAE,CAAC,0DAA0D,EAAE,MAAM;MACjE,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,QAAQ;QAAE4B,GAAG,EAAE;MAAI,CAAC,CAAC,CAAC;MACjD7C,MAAM,CAACoC,CAAC,CAACI,SAAS,CAAC,MAAM,CAAC,CAAC,CAACF,IAAI,CAAC,KAAK,CAAC;MACvCtC,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,CAAC,CAAC,CAACJ,IAAI,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC;EACN,CAAC,CAAC;EAEFxC,QAAQ,CAAC,qBAAqB,EAAE,MAAM;IAClCC,EAAE,CAAC,6CAA6C,EAAE,MAAM;MACpD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE;MAAY,CAAC,CAAC,CAAC;MAC1CjB,MAAM,CAACoC,CAAC,CAACC,SAAS,CAAC,MAAM,CAAC,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;IAC1C,CAAC,CAAC;IAEFvC,EAAE,CAAC,yCAAyC,EAAE,MAAM;MAChD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,EAAE,CAAC;MACrBpB,MAAM,CAACoC,CAAC,CAACC,SAAS,CAAC,MAAM,CAAC,CAAC,CAACC,IAAI,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC;EACN,CAAC,CAAC;EAEFxC,QAAQ,CAAC,aAAa,EAAE,MAAM;IAC1BC,EAAE,CAAC,0BAA0B,EAAE,MAAM;MACjC,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE4B,GAAG,EAAE;MAAI,CAAC,CAAC,CAAC;MACpD7C,MAAM,CAACoC,CAAC,CAACG,OAAO,CAAC,MAAM,CAAC,CAAC,CAACD,IAAI,CAAC,IAAI,CAAC;MACpCtC,MAAM,CAACoC,CAAC,CAACI,SAAS,CAAC,MAAM,CAAC,CAAC,CAACF,IAAI,CAAC,KAAK,CAAC;MACvCtC,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,CAAC,CAAC,CAACJ,IAAI,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC;IAEFvC,EAAE,CAAC,2BAA2B,EAAE,MAAM;MAClC,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE4B,GAAG,EAAE;MAAK,CAAC,CAAC,CAAC;MACrD7C,MAAM,CAACoC,CAAC,CAACG,OAAO,CAAC,MAAM,CAAC,CAAC,CAACD,IAAI,CAAC,IAAI,CAAC;MACpCtC,MAAM,CAACoC,CAAC,CAACI,SAAS,CAAC,MAAM,CAAC,CAAC,CAACF,IAAI,CAAC,IAAI,CAAC;MACtCtC,MAAM,CAACoC,CAAC,CAACK,OAAO,CAAC,MAAM,CAAC,CAAC,CAACH,IAAI,CAAC,IAAI,CAAC;MACpCtC,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,CAAC,CAAC,CAACJ,IAAI,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC;IAEFvC,EAAE,CAAC,4BAA4B,EAAE,MAAM;MACnC,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE4B,GAAG,EAAE;MAAI,CAAC,CAAC,CAAC;MACpD7C,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,CAAC,CAAC,CAACJ,IAAI,CAAC,IAAI,CAAC;MACtCtC,MAAM,CAACoC,CAAC,CAACG,OAAO,CAAC,MAAM,CAAC,CAAC,CAACD,IAAI,CAAC,KAAK,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,CAAC;EAEFxC,QAAQ,CAAC,2BAA2B,EAAE,MAAM;IACxCC,EAAE,CAAC,mCAAmC,EAAE,MAAM;MAC1C,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE6B,EAAE,EAAE;MAAI,CAAC,CAAC,CAAC;MACnD9C,MAAM,CAACoC,CAAC,CAACO,UAAU,CAAC,MAAM,CAAC,CAAC,CAACL,IAAI,CAAC,IAAI,CAAC;MACvCtC,MAAM,CAACoC,CAAC,CAACQ,YAAY,CAAC,MAAM,CAAC,CAAC,CAACN,IAAI,CAAC,KAAK,CAAC;IAC9C,CAAC,CAAC;IAEFvC,EAAE,CAAC,iCAAiC,EAAE,MAAM;MACxC,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE6B,EAAE,EAAE;MAAK,CAAC,CAAC,CAAC;MACpD9C,MAAM,CAACoC,CAAC,CAACO,UAAU,CAAC,MAAM,CAAC,CAAC,CAACL,IAAI,CAAC,IAAI,CAAC;MACvCtC,MAAM,CAACoC,CAAC,CAACQ,YAAY,CAAC,MAAM,CAAC,CAAC,CAACN,IAAI,CAAC,IAAI,CAAC;IAC7C,CAAC,CAAC;EACN,CAAC,CAAC;EAEFxC,QAAQ,CAAC,WAAW,EAAE,MAAM;IACxBC,EAAE,CAAC,4CAA4C,EAAE,MAAM;MACnD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE8B,GAAG,EAAE;MAAK,CAAC,CAAC,CAAC;MACrD/C,MAAM,CAACoC,CAAC,CAACK,OAAO,CAAC,MAAM,EAAE;QAAEO,SAAS,EAAE;UAAEpC,EAAE,EAAE;QAAY;MAAE,CAAC,CAAC,CAAC,CAAC0B,IAAI,CAAC,IAAI,CAAC;IAC5E,CAAC,CAAC;IAEFvC,EAAE,CAAC,gDAAgD,EAAE,MAAM;MACvD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE8B,GAAG,EAAE;MAAK,CAAC,CAAC,CAAC;MACrD/C,MAAM,CAACoC,CAAC,CAACK,OAAO,CAAC,MAAM,EAAE;QAAEO,SAAS,EAAE;UAAEpC,EAAE,EAAE;QAAa;MAAE,CAAC,CAAC,CAAC,CAAC0B,IAAI,CAAC,KAAK,CAAC;IAC9E,CAAC,CAAC;IAEFvC,EAAE,CAAC,mDAAmD,EAAE,MAAM;MAC1D,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE8B,GAAG,EAAE;MAAK,CAAC,CAAC,CAAC;MACrD/C,MAAM,CAACoC,CAAC,CAACK,OAAO,CAAC,MAAM,CAAC,CAAC,CAACH,IAAI,CAAC,IAAI,CAAC;IACxC,CAAC,CAAC;IAEFvC,EAAE,CAAC,kDAAkD,EAAE,MAAM;MACzD,MAAMqC,CAAC,GAAGhB,OAAO,CAAC,CAAC;QAAEH,IAAI,EAAE,WAAW;QAAE8B,GAAG,EAAE;MAAK,CAAC,CAAC,CAAC;MACrD/C,MAAM,CAACoC,CAAC,CAACM,SAAS,CAAC,MAAM,EAAE;QAAEM,SAAS,EAAE;UAAEpC,EAAE,EAAE;QAAa;MAAE,CAAC,CAAC,CAAC,CAAC0B,IAAI,CAAC,KAAK,CAAC;IAChF,CAAC,CAAC;EACN,CAAC,CAAC;AACN,CAAC,CAAC","ignoreList":[]}

package/permissions/index.d.ts

@@ -1,4 +1,5 @@
 export { createPermissionSchema } from "./createPermissionSchema.js";
+export { createPermissionsAbstraction, createPermissionsFeature } from "./createPermissions.js";
 export { createUsePermissions } from "./usePermissions.js";
 export { usePermissionForm, deserializePermissions, serializePermissions } from "./usePermissionForm.js";
 export { PermissionRenderer } from "./PermissionRenderer.js";

package/permissions/index.js

@@ -1,4 +1,5 @@
 export { createPermissionSchema } from "./createPermissionSchema.js";
+export { createPermissionsAbstraction, createPermissionsFeature } from "./createPermissions.js";
 export { createUsePermissions } from "./usePermissions.js";
 export { usePermissionForm, deserializePermissions, serializePermissions } from "./usePermissionForm.js";
 export { PermissionRenderer } from "./PermissionRenderer.js";

package/permissions/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["createPermissionSchema","createUsePermissions","usePermissionForm","deserializePermissions","serializePermissions","PermissionRenderer","usePermissionValue","PermissionValueProvider","createHasPermission"],"sources":["index.ts"],"sourcesContent":["export { createPermissionSchema } from \"./createPermissionSchema.js\";\nexport { createUsePermissions } from \"./usePermissions.js\";\nexport {\n    usePermissionForm,\n    deserializePermissions,\n    serializePermissions\n} from \"./usePermissionForm.js\";\nexport { PermissionRenderer } from \"./PermissionRenderer.js\";\nexport type { PermissionRendererProps } from \"./PermissionRenderer.js\";\nexport { usePermissionValue, PermissionValueProvider } from \"./PermissionValueContext.js\";\nexport { createHasPermission } from \"./createHasPermission.js\";\nexport type {\n    Permission,\n    ActionDefinition,\n    EntityDefinition,\n    OwnableItem,\n    PermissionSchemaConfig,\n    PermissionSchema,\n    UsePermissionFormOptions,\n    UsePermissionFormResult,\n    UsePermissionsResult,\n    PermissionRendererConfig,\n    HasPermissionAction,\n    HasPermissionProps\n} from \"./types.js\";\n"],"mappings":"AAAA,SAASA,sBAAsB;AAC/B,SAASC,oBAAoB;AAC7B,SACIC,iBAAiB,EACjBC,sBAAsB,EACtBC,oBAAoB;AAExB,SAASC,kBAAkB;AAE3B,SAASC,kBAAkB,EAAEC,uBAAuB;AACpD,SAASC,mBAAmB","ignoreList":[]}
+{"version":3,"names":["createPermissionSchema","createPermissionsAbstraction","createPermissionsFeature","createUsePermissions","usePermissionForm","deserializePermissions","serializePermissions","PermissionRenderer","usePermissionValue","PermissionValueProvider","createHasPermission"],"sources":["index.ts"],"sourcesContent":["export { createPermissionSchema } from \"./createPermissionSchema.js\";\nexport { createPermissionsAbstraction, createPermissionsFeature } from \"./createPermissions.js\";\nexport { createUsePermissions } from \"./usePermissions.js\";\nexport {\n    usePermissionForm,\n    deserializePermissions,\n    serializePermissions\n} from \"./usePermissionForm.js\";\nexport { PermissionRenderer } from \"./PermissionRenderer.js\";\nexport type { PermissionRendererProps } from \"./PermissionRenderer.js\";\nexport { usePermissionValue, PermissionValueProvider } from \"./PermissionValueContext.js\";\nexport { createHasPermission } from \"./createHasPermission.js\";\nexport type {\n    Permission,\n    ActionDefinition,\n    EntityDefinition,\n    OwnableItem,\n    PermissionSchemaConfig,\n    PermissionSchema,\n    UsePermissionFormOptions,\n    UsePermissionFormResult,\n    UsePermissionsResult,\n    PermissionRendererConfig,\n    HasPermissionAction,\n    HasPermissionProps\n} from \"./types.js\";\n"],"mappings":"AAAA,SAASA,sBAAsB;AAC/B,SAASC,4BAA4B,EAAEC,wBAAwB;AAC/D,SAASC,oBAAoB;AAC7B,SACIC,iBAAiB,EACjBC,sBAAsB,EACtBC,oBAAoB;AAExB,SAASC,kBAAkB;AAE3B,SAASC,kBAAkB,EAAEC,uBAAuB;AACpD,SAASC,mBAAmB","ignoreList":[]}

package/permissions/types.d.ts

@@ -177,6 +177,11 @@ export type CustomActionNames<S extends PermissionSchemaConfig> = Exclude<Entiti
  * When the schema is dynamically typed, all methods accept `string`.
  */
 export type UsePermissionsResult<S extends PermissionSchemaConfig> = string extends AllEntityIds<S> ? UsePermissionsResultUntyped : UsePermissionsResultTyped<S>;
+/**
+ * Canonical type for DI-resolved permissions.
+ * Same underlying type as `UsePermissionsResult<S>`.
+ */
+export type Permissions<S extends PermissionSchemaConfig> = UsePermissionsResult<S>;
 export interface UsePermissionsResultUntyped {
     canAccess: (entityId: string) => boolean;
     canRead: (entityId: string) => boolean;

package/permissions/types.js.map

@@ -1 +1 @@
-{"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["import type React from \"react\";\nimport type { NonEmptyArray } from \"@webiny/app/types.js\";\n\n/**\n * A single permission object from the API.\n */\nexport interface Permission {\n    name: string;\n    [key: string]: any;\n}\n\n/**\n * An action definition on an entity.\n *\n * Built-in actions:\n * - `{ name: \"rwd\" }` — read/write/delete single-select (serialized as joined string, e.g. \"rw\")\n * - `{ name: \"pw\" }` — publish/unpublish multi-select (serialized as joined string, e.g. \"pu\")\n *\n * Custom actions:\n * - `{ name: \"install\", label: \"Install\" }` — boolean flag (serialized as `install: true`)\n */\nexport interface ActionDefinition {\n    /** Key on the permission object (e.g. \"rwd\", \"pw\", \"install\") */\n    name: string;\n    /** Display label for the UI. Required for custom actions; ignored for built-in \"rwd\"/\"pw\". */\n    label?: string;\n}\n\n/**\n * Defines an entity within a permission schema.\n */\nexport interface EntityDefinition {\n    /** Unique ID, used for form field naming: ${id}AccessScope, ${id}RWD, etc. */\n    id: string;\n    /** Display title for the UI renderer (e.g. \"Files\", \"Settings\") */\n    title?: string;\n    /** Permission name emitted for this entity (e.g. \"fm.file\") */\n    permission: string;\n    /** Available access scopes */\n    scopes: (\"full\" | \"own\")[];\n    /** Action definitions for this entity */\n    actions?: ActionDefinition[];\n    /** Dependency on another entity */\n    dependsOn?: {\n        /** ID of parent entity */\n        entity: string;\n        /** Required action character (e.g. \"r\") */\n        requires: string;\n    };\n}\n\n/**\n * Configuration for creating a permission schema.\n */\nexport interface PermissionSchemaConfig {\n    /** Permission prefix — used to filter permissions from the array */\n    prefix: string;\n    /**\n     * Full access configuration.\n     * - `true` — emits `{ name: \"${prefix}.*\" }`.\n     * - `{ ...extras }` — emits `{ name: \"${prefix}.*\", ...extras }`.\n     */\n    fullAccess: boolean | { [key: string]: any };\n    /**\n     * Read-only access configuration. When defined, the schema supports a read-only tier.\n     * - `true` — emits `{ name: \"${prefix}.*\", rwd: \"r\" }`.\n     * - `Permission[]` — emits the array as-is.\n     */\n    readOnlyAccess?: boolean | Permission[];\n    /** Entity definitions (optional — simple apps have none) */\n    entities?: EntityDefinition[];\n}\n\n/**\n * A compiled permission schema returned by `createPermissionSchema`.\n */\nexport interface PermissionSchema {\n    prefix: string;\n    /**\n     * Full access configuration.\n     * - `true` — emits `{ name: \"${prefix}.*\" }`.\n     * - `{ ...extras }` — emits `{ name: \"${prefix}.*\", ...extras }`.\n     */\n    fullAccess: boolean | { [key: string]: any };\n    /**\n     * Read-only access configuration. When defined, the schema supports a read-only tier.\n     * - `true` — emits `{ name: \"${prefix}.*\", rwd: \"r\" }`.\n     * - `Permission[]` — emits the array as-is.\n     */\n    readOnlyAccess?: boolean | Permission[];\n    entities?: EntityDefinition[];\n}\n\n/**\n * Options passed to the `usePermissionForm` hook.\n */\nexport interface UsePermissionFormOptions {\n    value: Permission[];\n    onChange: (value: Permission[]) => void;\n    /** Merge extra fields into deserialized form data (for CMS endpoints, resource scopes, etc.) */\n    deserialize?: (permissions: Permission[]) => Record<string, any>;\n    /** Transform or extend the core-serialized permissions (for CMS endpoints, resource scopes, etc.) */\n    serialize?: (formData: Record<string, any>, corePermissions: Permission[]) => Permission[];\n}\n\n/**\n * Return value of `usePermissionForm`.\n */\nexport interface UsePermissionFormResult {\n    formData: Record<string, any>;\n    onFormChange: (data: Record<string, any>) => void;\n}\n\n/**\n * Configuration for a permission renderer registered via AdminConfig.\n *\n * Either `schema` or `element` must be provided:\n * - `schema`: uses the built-in PermissionRenderer for auto-generated UI.\n * - `element`: uses a custom React element for full control.\n */\nexport type PermissionRendererConfig = PermissionRendererConfigBase &\n    (\n        | { schema: PermissionSchema; element?: never }\n        | { schema?: never; element: React.ReactElement }\n    );\n\ninterface PermissionRendererConfigBase {\n    name: string;\n    title: string;\n    description?: string;\n    icon?: React.ReactElement;\n    system?: boolean;\n}\n\n/**\n * Item that may have an owner (used for own-scope permission checks).\n */\nexport interface OwnableItem {\n    createdBy?: { id: string } | null;\n}\n\n/**\n * Extract the union of entity definitions from a schema config type.\n */\ntype EntitiesOf<S extends PermissionSchemaConfig> = S extends {\n    entities: ReadonlyArray<infer E extends EntityDefinition>;\n}\n    ? E\n    : never;\n\n/**\n * Extract entity IDs whose actions array contains an action with the given name.\n */\ntype EntityIdWithAction<S extends PermissionSchemaConfig, A extends string> = {\n    [K in EntitiesOf<S> as K extends { actions: ReadonlyArray<infer Act> }\n        ? Act extends { name: A }\n            ? K[\"id\"]\n            : never\n        : never]: never;\n} extends infer M\n    ? keyof M & string\n    : never;\n\n/**\n * Entity IDs that have the \"rwd\" action.\n */\nexport type RwdEntityId<S extends PermissionSchemaConfig> = EntityIdWithAction<S, \"rwd\">;\n\n/**\n * Entity IDs that have the \"pw\" action.\n */\nexport type PwEntityId<S extends PermissionSchemaConfig> = EntityIdWithAction<S, \"pw\">;\n\n/**\n * All entity IDs in the schema.\n */\nexport type AllEntityIds<S extends PermissionSchemaConfig> = EntitiesOf<S>[\"id\"];\n\n/**\n * Custom (non-builtin) action names across all entities.\n */\nexport type CustomActionNames<S extends PermissionSchemaConfig> = Exclude<\n    EntitiesOf<S> extends { actions: ReadonlyArray<infer Act extends ActionDefinition> }\n        ? Act[\"name\"]\n        : never,\n    \"rwd\" | \"pw\"\n>;\n\n/**\n * The return type of `usePermissions(schema)`.\n *\n * When the schema has literal entity types, methods are narrowed to only accept valid entity IDs.\n * When the schema is dynamically typed, all methods accept `string`.\n */\nexport type UsePermissionsResult<S extends PermissionSchemaConfig> =\n    string extends AllEntityIds<S> ? UsePermissionsResultUntyped : UsePermissionsResultTyped<S>;\n\nexport interface UsePermissionsResultUntyped {\n    canAccess: (entityId: string) => boolean;\n    canRead: (entityId: string) => boolean;\n    canCreate: (entityId: string) => boolean;\n    canEdit: (entityId: string, item?: OwnableItem) => boolean;\n    canDelete: (entityId: string, item?: OwnableItem) => boolean;\n    canPublish: (entityId: string) => boolean;\n    canUnpublish: (entityId: string) => boolean;\n    canAction: (action: string, entityId: string) => boolean;\n}\n\n/**\n * Action values accepted by `HasPermission`.\n *\n * Built-in actions are always available; custom action names from the schema are inferred automatically.\n */\nexport type HasPermissionAction<S extends PermissionSchemaConfig> =\n    | \"read\"\n    | \"create\"\n    | \"edit\"\n    | \"delete\"\n    | \"publish\"\n    | \"unpublish\"\n    | CustomActionNames<S>;\n\n/**\n * Action constraint for `HasPermission`.\n *\n * Exactly one of `action`, `someActions`, or `allActions` may be provided:\n * - `action` — single action; grants access if it passes.\n * - `someActions` — array; grants access if ANY action passes (OR).\n * - `allActions` — array; grants access only if ALL actions pass (AND).\n */\ntype ActionConstraint<S extends PermissionSchemaConfig> =\n    | { action?: HasPermissionAction<S>; someActions?: never; allActions?: never }\n    | { action?: never; someActions: NonEmptyArray<HasPermissionAction<S>>; allActions?: never }\n    | { action?: never; someActions?: never; allActions: NonEmptyArray<HasPermissionAction<S>> };\n\n/**\n * Props for a schema-bound `HasPermission` component created via `createHasPermission`.\n *\n * Exactly one of `entity`, `any`, or `all` must be provided.\n * Optionally combine with `action`, `someActions`, or `allActions`.\n */\nexport type HasPermissionProps<S extends PermissionSchemaConfig> = (\n    | SingleEntityProps<S>\n    | AnyEntitiesProps<S>\n    | AllEntitiesProps<S>\n) &\n    ActionConstraint<S>;\n\ninterface SingleEntityProps<S extends PermissionSchemaConfig> {\n    entity: AllEntityIds<S>;\n    any?: never;\n    all?: never;\n    children: React.ReactNode;\n}\n\ninterface AnyEntitiesProps<S extends PermissionSchemaConfig> {\n    entity?: never;\n    any: AllEntityIds<S>[];\n    all?: never;\n    children: React.ReactNode;\n}\n\ninterface AllEntitiesProps<S extends PermissionSchemaConfig> {\n    entity?: never;\n    any?: never;\n    all: AllEntityIds<S>[];\n    children: React.ReactNode;\n}\n\ntype UsePermissionsResultTyped<S extends PermissionSchemaConfig> = {\n    canAccess: (entityId: AllEntityIds<S>) => boolean;\n    canAction: (\n        action: CustomActionNames<S> extends never ? string : CustomActionNames<S>,\n        entityId: AllEntityIds<S>\n    ) => boolean;\n} & ([RwdEntityId<S>] extends [never]\n    ? {\n          canRead: (entityId: string) => boolean;\n          canCreate: (entityId: string) => boolean;\n          canEdit: (entityId: string, item?: OwnableItem) => boolean;\n          canDelete: (entityId: string, item?: OwnableItem) => boolean;\n      }\n    : {\n          canRead: (entityId: RwdEntityId<S>) => boolean;\n          canCreate: (entityId: RwdEntityId<S>) => boolean;\n          canEdit: (entityId: RwdEntityId<S>, item?: OwnableItem) => boolean;\n          canDelete: (entityId: RwdEntityId<S>, item?: OwnableItem) => boolean;\n      }) &\n    ([PwEntityId<S>] extends [never]\n        ? {\n              canPublish: (entityId: string) => boolean;\n              canUnpublish: (entityId: string) => boolean;\n          }\n        : {\n              canPublish: (entityId: PwEntityId<S>) => boolean;\n              canUnpublish: (entityId: PwEntityId<S>) => boolean;\n          });\n"],"mappings":"","ignoreList":[]}
+{"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["import type React from \"react\";\nimport type { NonEmptyArray } from \"@webiny/app/types.js\";\n\n/**\n * A single permission object from the API.\n */\nexport interface Permission {\n    name: string;\n    [key: string]: any;\n}\n\n/**\n * An action definition on an entity.\n *\n * Built-in actions:\n * - `{ name: \"rwd\" }` — read/write/delete single-select (serialized as joined string, e.g. \"rw\")\n * - `{ name: \"pw\" }` — publish/unpublish multi-select (serialized as joined string, e.g. \"pu\")\n *\n * Custom actions:\n * - `{ name: \"install\", label: \"Install\" }` — boolean flag (serialized as `install: true`)\n */\nexport interface ActionDefinition {\n    /** Key on the permission object (e.g. \"rwd\", \"pw\", \"install\") */\n    name: string;\n    /** Display label for the UI. Required for custom actions; ignored for built-in \"rwd\"/\"pw\". */\n    label?: string;\n}\n\n/**\n * Defines an entity within a permission schema.\n */\nexport interface EntityDefinition {\n    /** Unique ID, used for form field naming: ${id}AccessScope, ${id}RWD, etc. */\n    id: string;\n    /** Display title for the UI renderer (e.g. \"Files\", \"Settings\") */\n    title?: string;\n    /** Permission name emitted for this entity (e.g. \"fm.file\") */\n    permission: string;\n    /** Available access scopes */\n    scopes: (\"full\" | \"own\")[];\n    /** Action definitions for this entity */\n    actions?: ActionDefinition[];\n    /** Dependency on another entity */\n    dependsOn?: {\n        /** ID of parent entity */\n        entity: string;\n        /** Required action character (e.g. \"r\") */\n        requires: string;\n    };\n}\n\n/**\n * Configuration for creating a permission schema.\n */\nexport interface PermissionSchemaConfig {\n    /** Permission prefix — used to filter permissions from the array */\n    prefix: string;\n    /**\n     * Full access configuration.\n     * - `true` — emits `{ name: \"${prefix}.*\" }`.\n     * - `{ ...extras }` — emits `{ name: \"${prefix}.*\", ...extras }`.\n     */\n    fullAccess: boolean | { [key: string]: any };\n    /**\n     * Read-only access configuration. When defined, the schema supports a read-only tier.\n     * - `true` — emits `{ name: \"${prefix}.*\", rwd: \"r\" }`.\n     * - `Permission[]` — emits the array as-is.\n     */\n    readOnlyAccess?: boolean | Permission[];\n    /** Entity definitions (optional — simple apps have none) */\n    entities?: EntityDefinition[];\n}\n\n/**\n * A compiled permission schema returned by `createPermissionSchema`.\n */\nexport interface PermissionSchema {\n    prefix: string;\n    /**\n     * Full access configuration.\n     * - `true` — emits `{ name: \"${prefix}.*\" }`.\n     * - `{ ...extras }` — emits `{ name: \"${prefix}.*\", ...extras }`.\n     */\n    fullAccess: boolean | { [key: string]: any };\n    /**\n     * Read-only access configuration. When defined, the schema supports a read-only tier.\n     * - `true` — emits `{ name: \"${prefix}.*\", rwd: \"r\" }`.\n     * - `Permission[]` — emits the array as-is.\n     */\n    readOnlyAccess?: boolean | Permission[];\n    entities?: EntityDefinition[];\n}\n\n/**\n * Options passed to the `usePermissionForm` hook.\n */\nexport interface UsePermissionFormOptions {\n    value: Permission[];\n    onChange: (value: Permission[]) => void;\n    /** Merge extra fields into deserialized form data (for CMS endpoints, resource scopes, etc.) */\n    deserialize?: (permissions: Permission[]) => Record<string, any>;\n    /** Transform or extend the core-serialized permissions (for CMS endpoints, resource scopes, etc.) */\n    serialize?: (formData: Record<string, any>, corePermissions: Permission[]) => Permission[];\n}\n\n/**\n * Return value of `usePermissionForm`.\n */\nexport interface UsePermissionFormResult {\n    formData: Record<string, any>;\n    onFormChange: (data: Record<string, any>) => void;\n}\n\n/**\n * Configuration for a permission renderer registered via AdminConfig.\n *\n * Either `schema` or `element` must be provided:\n * - `schema`: uses the built-in PermissionRenderer for auto-generated UI.\n * - `element`: uses a custom React element for full control.\n */\nexport type PermissionRendererConfig = PermissionRendererConfigBase &\n    (\n        | { schema: PermissionSchema; element?: never }\n        | { schema?: never; element: React.ReactElement }\n    );\n\ninterface PermissionRendererConfigBase {\n    name: string;\n    title: string;\n    description?: string;\n    icon?: React.ReactElement;\n    system?: boolean;\n}\n\n/**\n * Item that may have an owner (used for own-scope permission checks).\n */\nexport interface OwnableItem {\n    createdBy?: { id: string } | null;\n}\n\n/**\n * Extract the union of entity definitions from a schema config type.\n */\ntype EntitiesOf<S extends PermissionSchemaConfig> = S extends {\n    entities: ReadonlyArray<infer E extends EntityDefinition>;\n}\n    ? E\n    : never;\n\n/**\n * Extract entity IDs whose actions array contains an action with the given name.\n */\ntype EntityIdWithAction<S extends PermissionSchemaConfig, A extends string> = {\n    [K in EntitiesOf<S> as K extends { actions: ReadonlyArray<infer Act> }\n        ? Act extends { name: A }\n            ? K[\"id\"]\n            : never\n        : never]: never;\n} extends infer M\n    ? keyof M & string\n    : never;\n\n/**\n * Entity IDs that have the \"rwd\" action.\n */\nexport type RwdEntityId<S extends PermissionSchemaConfig> = EntityIdWithAction<S, \"rwd\">;\n\n/**\n * Entity IDs that have the \"pw\" action.\n */\nexport type PwEntityId<S extends PermissionSchemaConfig> = EntityIdWithAction<S, \"pw\">;\n\n/**\n * All entity IDs in the schema.\n */\nexport type AllEntityIds<S extends PermissionSchemaConfig> = EntitiesOf<S>[\"id\"];\n\n/**\n * Custom (non-builtin) action names across all entities.\n */\nexport type CustomActionNames<S extends PermissionSchemaConfig> = Exclude<\n    EntitiesOf<S> extends { actions: ReadonlyArray<infer Act extends ActionDefinition> }\n        ? Act[\"name\"]\n        : never,\n    \"rwd\" | \"pw\"\n>;\n\n/**\n * The return type of `usePermissions(schema)`.\n *\n * When the schema has literal entity types, methods are narrowed to only accept valid entity IDs.\n * When the schema is dynamically typed, all methods accept `string`.\n */\nexport type UsePermissionsResult<S extends PermissionSchemaConfig> =\n    string extends AllEntityIds<S> ? UsePermissionsResultUntyped : UsePermissionsResultTyped<S>;\n\n/**\n * Canonical type for DI-resolved permissions.\n * Same underlying type as `UsePermissionsResult<S>`.\n */\nexport type Permissions<S extends PermissionSchemaConfig> = UsePermissionsResult<S>;\n\nexport interface UsePermissionsResultUntyped {\n    canAccess: (entityId: string) => boolean;\n    canRead: (entityId: string) => boolean;\n    canCreate: (entityId: string) => boolean;\n    canEdit: (entityId: string, item?: OwnableItem) => boolean;\n    canDelete: (entityId: string, item?: OwnableItem) => boolean;\n    canPublish: (entityId: string) => boolean;\n    canUnpublish: (entityId: string) => boolean;\n    canAction: (action: string, entityId: string) => boolean;\n}\n\n/**\n * Action values accepted by `HasPermission`.\n *\n * Built-in actions are always available; custom action names from the schema are inferred automatically.\n */\nexport type HasPermissionAction<S extends PermissionSchemaConfig> =\n    | \"read\"\n    | \"create\"\n    | \"edit\"\n    | \"delete\"\n    | \"publish\"\n    | \"unpublish\"\n    | CustomActionNames<S>;\n\n/**\n * Action constraint for `HasPermission`.\n *\n * Exactly one of `action`, `someActions`, or `allActions` may be provided:\n * - `action` — single action; grants access if it passes.\n * - `someActions` — array; grants access if ANY action passes (OR).\n * - `allActions` — array; grants access only if ALL actions pass (AND).\n */\ntype ActionConstraint<S extends PermissionSchemaConfig> =\n    | { action?: HasPermissionAction<S>; someActions?: never; allActions?: never }\n    | { action?: never; someActions: NonEmptyArray<HasPermissionAction<S>>; allActions?: never }\n    | { action?: never; someActions?: never; allActions: NonEmptyArray<HasPermissionAction<S>> };\n\n/**\n * Props for a schema-bound `HasPermission` component created via `createHasPermission`.\n *\n * Exactly one of `entity`, `any`, or `all` must be provided.\n * Optionally combine with `action`, `someActions`, or `allActions`.\n */\nexport type HasPermissionProps<S extends PermissionSchemaConfig> = (\n    | SingleEntityProps<S>\n    | AnyEntitiesProps<S>\n    | AllEntitiesProps<S>\n) &\n    ActionConstraint<S>;\n\ninterface SingleEntityProps<S extends PermissionSchemaConfig> {\n    entity: AllEntityIds<S>;\n    any?: never;\n    all?: never;\n    children: React.ReactNode;\n}\n\ninterface AnyEntitiesProps<S extends PermissionSchemaConfig> {\n    entity?: never;\n    any: AllEntityIds<S>[];\n    all?: never;\n    children: React.ReactNode;\n}\n\ninterface AllEntitiesProps<S extends PermissionSchemaConfig> {\n    entity?: never;\n    any?: never;\n    all: AllEntityIds<S>[];\n    children: React.ReactNode;\n}\n\ntype UsePermissionsResultTyped<S extends PermissionSchemaConfig> = {\n    canAccess: (entityId: AllEntityIds<S>) => boolean;\n    canAction: (\n        action: CustomActionNames<S> extends never ? string : CustomActionNames<S>,\n        entityId: AllEntityIds<S>\n    ) => boolean;\n} & ([RwdEntityId<S>] extends [never]\n    ? {\n          canRead: (entityId: string) => boolean;\n          canCreate: (entityId: string) => boolean;\n          canEdit: (entityId: string, item?: OwnableItem) => boolean;\n          canDelete: (entityId: string, item?: OwnableItem) => boolean;\n      }\n    : {\n          canRead: (entityId: RwdEntityId<S>) => boolean;\n          canCreate: (entityId: RwdEntityId<S>) => boolean;\n          canEdit: (entityId: RwdEntityId<S>, item?: OwnableItem) => boolean;\n          canDelete: (entityId: RwdEntityId<S>, item?: OwnableItem) => boolean;\n      }) &\n    ([PwEntityId<S>] extends [never]\n        ? {\n              canPublish: (entityId: string) => boolean;\n              canUnpublish: (entityId: string) => boolean;\n          }\n        : {\n              canPublish: (entityId: PwEntityId<S>) => boolean;\n              canUnpublish: (entityId: PwEntityId<S>) => boolean;\n          });\n"],"mappings":"","ignoreList":[]}

package/permissions/usePermissions.d.ts

@@ -1,3 +1,4 @@
+import type { Abstraction } from "@webiny/di";
 import type { PermissionSchemaConfig } from "./types.js";
 import type { UsePermissionsResult } from "./types.js";
-export declare function createUsePermissions<const S extends PermissionSchemaConfig>(schema: S): () => UsePermissionsResult<S>;
+export declare function createUsePermissions<const S extends PermissionSchemaConfig>(abstraction: Abstraction<UsePermissionsResult<S>>): () => UsePermissionsResult<S>;

package/permissions/usePermissions.js

@@ -1,179 +1,8 @@
-import { useIdentity } from "../presentation/security/hooks/useIdentity.js";
-// Module-level cache: schema -> identityId -> result.
-const cache = new WeakMap();
-function buildEntityMap(schema) {
-  const map = new Map();
-  for (const entity of schema.entities ?? []) {
-    const actions = new Set();
-    for (const action of entity.actions ?? []) {
-      actions.add(action.name);
-    }
-    map.set(entity.id, {
-      permission: entity.permission,
-      actions,
-      hasOwn: entity.scopes.includes("own")
-    });
-  }
-  return map;
-}
-function getEntity(entityMap, entityId) {
-  const entity = entityMap.get(entityId);
-  if (!entity) {
-    throw new Error(`Unknown entity "${entityId}" in permission schema.`);
-  }
-  return entity;
-}
-function buildResult(schema, identity) {
-  const fullAccessName = `${schema.prefix}.*`;
-  const hasFullAccess = !!identity.getPermission(fullAccessName);
-  const entityMap = buildEntityMap(schema);
-  const canAccess = entityId => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    return permissions.length > 0;
-  };
-  const canRead = entityId => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      if (typeof permission.rwd !== "string") {
-        return true;
-      }
-      return permission.rwd.includes("r");
-    });
-  };
-  const canCreate = entityId => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      if (typeof permission.rwd !== "string") {
-        return true;
-      }
-      return permission.rwd.includes("w");
-    });
-  };
-  const canEdit = (entityId, item) => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      if (permission.own) {
-        if (!item?.createdBy) {
-          return true;
-        }
-        return item.createdBy.id === identity.id;
-      }
-      if (typeof permission.rwd !== "string") {
-        return true;
-      }
-      return permission.rwd.includes("w");
-    });
-  };
-  const canDelete = (entityId, item) => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      if (permission.own) {
-        return item?.createdBy?.id === identity.id;
-      }
-      if (typeof permission.rwd !== "string") {
-        return true;
-      }
-      return permission.rwd.includes("d");
-    });
-  };
-  const canPublish = entityId => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      return permission.pw?.includes("p");
-    });
-  };
-  const canUnpublish = entityId => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      return permission.pw?.includes("u");
-    });
-  };
-  const canAction = (action, entityId) => {
-    if (hasFullAccess) {
-      return true;
-    }
-    const entity = getEntity(entityMap, entityId);
-    const permissions = identity.getPermissions(entity.permission);
-    if (!permissions.length) {
-      return false;
-    }
-    return permissions.some(permission => {
-      return permission[action] === true;
-    });
-  };
-  return {
-    canAccess,
-    canRead,
-    canCreate,
-    canEdit,
-    canDelete,
-    canPublish,
-    canUnpublish,
-    canAction
-  };
-}
-export function createUsePermissions(schema) {
+import { useContainer } from "@webiny/app";
+export function createUsePermissions(abstraction) {
   return function usePermissions() {
-    const {
-      identity
-    } = useIdentity();
-    let byIdentityId = cache.get(schema);
-    if (!byIdentityId) {
-      byIdentityId = new Map();
-      cache.set(schema, byIdentityId);
-    }
-    let result = byIdentityId.get(identity.id);
-    if (!result) {
-      result = buildResult(schema, identity);
-      byIdentityId.set(identity.id, result);
-    }
-    return result;
+    const container = useContainer();
+    return container.resolve(abstraction);
   };
 }
 

package/permissions/usePermissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["useIdentity","cache","WeakMap","buildEntityMap","schema","map","Map","entity","entities","actions","Set","action","add","name","set","id","permission","hasOwn","scopes","includes","getEntity","entityMap","entityId","get","Error","buildResult","identity","fullAccessName","prefix","hasFullAccess","getPermission","canAccess","permissions","getPermissions","length","canRead","some","rwd","canCreate","canEdit","item","own","createdBy","canDelete","canPublish","pw","canUnpublish","canAction","createUsePermissions","usePermissions","byIdentityId","result"],"sources":["usePermissions.ts"],"sourcesContent":["import { useIdentity } from \"~/presentation/security/hooks/useIdentity.js\";\nimport type { Identity } from \"~/domain/Identity.js\";\nimport type { PermissionSchemaConfig } from \"./types.js\";\nimport type { OwnableItem } from \"./types.js\";\nimport type { UsePermissionsResult } from \"./types.js\";\n\ninterface EntityLookup {\n    permission: string;\n    actions: Set<string>;\n    hasOwn: boolean;\n}\n\n// Module-level cache: schema -> identityId -> result.\nconst cache = new WeakMap<PermissionSchemaConfig, Map<string, UsePermissionsResult<any>>>();\n\nfunction buildEntityMap(schema: PermissionSchemaConfig): Map<string, EntityLookup> {\n    const map = new Map<string, EntityLookup>();\n    for (const entity of schema.entities ?? []) {\n        const actions = new Set<string>();\n        for (const action of entity.actions ?? []) {\n            actions.add(action.name);\n        }\n        map.set(entity.id, {\n            permission: entity.permission,\n            actions,\n            hasOwn: entity.scopes.includes(\"own\")\n        });\n    }\n    return map;\n}\n\nfunction getEntity(entityMap: Map<string, EntityLookup>, entityId: string): EntityLookup {\n    const entity = entityMap.get(entityId);\n    if (!entity) {\n        throw new Error(`Unknown entity \"${entityId}\" in permission schema.`);\n    }\n    return entity;\n}\n\nfunction buildResult<S extends PermissionSchemaConfig>(\n    schema: S,\n    identity: Identity\n): UsePermissionsResult<S> {\n    const fullAccessName = `${schema.prefix}.*`;\n    const hasFullAccess = !!identity.getPermission(fullAccessName);\n    const entityMap = buildEntityMap(schema);\n\n    const canAccess = (entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        return permissions.length > 0;\n    };\n\n    const canRead = (entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            if (typeof permission.rwd !== \"string\") {\n                return true;\n            }\n            return permission.rwd.includes(\"r\");\n        });\n    };\n\n    const canCreate = (entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            if (typeof permission.rwd !== \"string\") {\n                return true;\n            }\n            return permission.rwd.includes(\"w\");\n        });\n    };\n\n    const canEdit = (entityId: string, item?: OwnableItem): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            if (permission.own) {\n                if (!item?.createdBy) {\n                    return true;\n                }\n                return item.createdBy.id === identity.id;\n            }\n            if (typeof permission.rwd !== \"string\") {\n                return true;\n            }\n            return permission.rwd.includes(\"w\");\n        });\n    };\n\n    const canDelete = (entityId: string, item?: OwnableItem): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            if (permission.own) {\n                return item?.createdBy?.id === identity.id;\n            }\n            if (typeof permission.rwd !== \"string\") {\n                return true;\n            }\n            return permission.rwd.includes(\"d\");\n        });\n    };\n\n    const canPublish = (entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            return permission.pw?.includes(\"p\");\n        });\n    };\n\n    const canUnpublish = (entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            return permission.pw?.includes(\"u\");\n        });\n    };\n\n    const canAction = (action: string, entityId: string): boolean => {\n        if (hasFullAccess) {\n            return true;\n        }\n        const entity = getEntity(entityMap, entityId);\n        const permissions = identity.getPermissions(entity.permission);\n        if (!permissions.length) {\n            return false;\n        }\n        return permissions.some(permission => {\n            return permission[action] === true;\n        });\n    };\n\n    return {\n        canAccess,\n        canRead,\n        canCreate,\n        canEdit,\n        canDelete,\n        canPublish,\n        canUnpublish,\n        canAction\n    } as UsePermissionsResult<S>;\n}\n\nexport function createUsePermissions<const S extends PermissionSchemaConfig>(\n    schema: S\n): () => UsePermissionsResult<S> {\n    return function usePermissions(): UsePermissionsResult<S> {\n        const { identity } = useIdentity();\n\n        let byIdentityId = cache.get(schema);\n        if (!byIdentityId) {\n            byIdentityId = new Map();\n            cache.set(schema, byIdentityId);\n        }\n\n        let result = byIdentityId.get(identity.id) as UsePermissionsResult<S> | undefined;\n        if (!result) {\n            result = buildResult(schema, identity);\n            byIdentityId.set(identity.id, result as UsePermissionsResult<any>);\n        }\n\n        return result;\n    };\n}\n"],"mappings":"AAAA,SAASA,WAAW;AAYpB;AACA,MAAMC,KAAK,GAAG,IAAIC,OAAO,CAAiE,CAAC;AAE3F,SAASC,cAAcA,CAACC,MAA8B,EAA6B;EAC/E,MAAMC,GAAG,GAAG,IAAIC,GAAG,CAAuB,CAAC;EAC3C,KAAK,MAAMC,MAAM,IAAIH,MAAM,CAACI,QAAQ,IAAI,EAAE,EAAE;IACxC,MAAMC,OAAO,GAAG,IAAIC,GAAG,CAAS,CAAC;IACjC,KAAK,MAAMC,MAAM,IAAIJ,MAAM,CAACE,OAAO,IAAI,EAAE,EAAE;MACvCA,OAAO,CAACG,GAAG,CAACD,MAAM,CAACE,IAAI,CAAC;IAC5B;IACAR,GAAG,CAACS,GAAG,CAACP,MAAM,CAACQ,EAAE,EAAE;MACfC,UAAU,EAAET,MAAM,CAACS,UAAU;MAC7BP,OAAO;MACPQ,MAAM,EAAEV,MAAM,CAACW,MAAM,CAACC,QAAQ,CAAC,KAAK;IACxC,CAAC,CAAC;EACN;EACA,OAAOd,GAAG;AACd;AAEA,SAASe,SAASA,CAACC,SAAoC,EAAEC,QAAgB,EAAgB;EACrF,MAAMf,MAAM,GAAGc,SAAS,CAACE,GAAG,CAACD,QAAQ,CAAC;EACtC,IAAI,CAACf,MAAM,EAAE;IACT,MAAM,IAAIiB,KAAK,CAAC,mBAAmBF,QAAQ,yBAAyB,CAAC;EACzE;EACA,OAAOf,MAAM;AACjB;AAEA,SAASkB,WAAWA,CAChBrB,MAAS,EACTsB,QAAkB,EACK;EACvB,MAAMC,cAAc,GAAG,GAAGvB,MAAM,CAACwB,MAAM,IAAI;EAC3C,MAAMC,aAAa,GAAG,CAAC,CAACH,QAAQ,CAACI,aAAa,CAACH,cAAc,CAAC;EAC9D,MAAMN,SAAS,GAAGlB,cAAc,CAACC,MAAM,CAAC;EAExC,MAAM2B,SAAS,GAAIT,QAAgB,IAAc;IAC7C,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,OAAOgB,WAAW,CAACE,MAAM,GAAG,CAAC;EACjC,CAAC;EAED,MAAMC,OAAO,GAAIb,QAAgB,IAAc;IAC3C,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,IAAI,OAAOA,UAAU,CAACqB,GAAG,KAAK,QAAQ,EAAE;QACpC,OAAO,IAAI;MACf;MACA,OAAOrB,UAAU,CAACqB,GAAG,CAAClB,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAMmB,SAAS,GAAIhB,QAAgB,IAAc;IAC7C,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,IAAI,OAAOA,UAAU,CAACqB,GAAG,KAAK,QAAQ,EAAE;QACpC,OAAO,IAAI;MACf;MACA,OAAOrB,UAAU,CAACqB,GAAG,CAAClB,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAMoB,OAAO,GAAGA,CAACjB,QAAgB,EAAEkB,IAAkB,KAAc;IAC/D,IAAIX,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,IAAIA,UAAU,CAACyB,GAAG,EAAE;QAChB,IAAI,CAACD,IAAI,EAAEE,SAAS,EAAE;UAClB,OAAO,IAAI;QACf;QACA,OAAOF,IAAI,CAACE,SAAS,CAAC3B,EAAE,KAAKW,QAAQ,CAACX,EAAE;MAC5C;MACA,IAAI,OAAOC,UAAU,CAACqB,GAAG,KAAK,QAAQ,EAAE;QACpC,OAAO,IAAI;MACf;MACA,OAAOrB,UAAU,CAACqB,GAAG,CAAClB,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAMwB,SAAS,GAAGA,CAACrB,QAAgB,EAAEkB,IAAkB,KAAc;IACjE,IAAIX,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,IAAIA,UAAU,CAACyB,GAAG,EAAE;QAChB,OAAOD,IAAI,EAAEE,SAAS,EAAE3B,EAAE,KAAKW,QAAQ,CAACX,EAAE;MAC9C;MACA,IAAI,OAAOC,UAAU,CAACqB,GAAG,KAAK,QAAQ,EAAE;QACpC,OAAO,IAAI;MACf;MACA,OAAOrB,UAAU,CAACqB,GAAG,CAAClB,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAMyB,UAAU,GAAItB,QAAgB,IAAc;IAC9C,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,OAAOA,UAAU,CAAC6B,EAAE,EAAE1B,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAM2B,YAAY,GAAIxB,QAAgB,IAAc;IAChD,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,OAAOA,UAAU,CAAC6B,EAAE,EAAE1B,QAAQ,CAAC,GAAG,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAED,MAAM4B,SAAS,GAAGA,CAACpC,MAAc,EAAEW,QAAgB,KAAc;IAC7D,IAAIO,aAAa,EAAE;MACf,OAAO,IAAI;IACf;IACA,MAAMtB,MAAM,GAAGa,SAAS,CAACC,SAAS,EAAEC,QAAQ,CAAC;IAC7C,MAAMU,WAAW,GAAGN,QAAQ,CAACO,cAAc,CAAC1B,MAAM,CAACS,UAAU,CAAC;IAC9D,IAAI,CAACgB,WAAW,CAACE,MAAM,EAAE;MACrB,OAAO,KAAK;IAChB;IACA,OAAOF,WAAW,CAACI,IAAI,CAACpB,UAAU,IAAI;MAClC,OAAOA,UAAU,CAACL,MAAM,CAAC,KAAK,IAAI;IACtC,CAAC,CAAC;EACN,CAAC;EAED,OAAO;IACHoB,SAAS;IACTI,OAAO;IACPG,SAAS;IACTC,OAAO;IACPI,SAAS;IACTC,UAAU;IACVE,YAAY;IACZC;EACJ,CAAC;AACL;AAEA,OAAO,SAASC,oBAAoBA,CAChC5C,MAAS,EACoB;EAC7B,OAAO,SAAS6C,cAAcA,CAAA,EAA4B;IACtD,MAAM;MAAEvB;IAAS,CAAC,GAAG1B,WAAW,CAAC,CAAC;IAElC,IAAIkD,YAAY,GAAGjD,KAAK,CAACsB,GAAG,CAACnB,MAAM,CAAC;IACpC,IAAI,CAAC8C,YAAY,EAAE;MACfA,YAAY,GAAG,IAAI5C,GAAG,CAAC,CAAC;MACxBL,KAAK,CAACa,GAAG,CAACV,MAAM,EAAE8C,YAAY,CAAC;IACnC;IAEA,IAAIC,MAAM,GAAGD,YAAY,CAAC3B,GAAG,CAACG,QAAQ,CAACX,EAAE,CAAwC;IACjF,IAAI,CAACoC,MAAM,EAAE;MACTA,MAAM,GAAG1B,WAAW,CAACrB,MAAM,EAAEsB,QAAQ,CAAC;MACtCwB,YAAY,CAACpC,GAAG,CAACY,QAAQ,CAACX,EAAE,EAAEoC,MAAmC,CAAC;IACtE;IAEA,OAAOA,MAAM;EACjB,CAAC;AACL","ignoreList":[]}
+{"version":3,"names":["useContainer","createUsePermissions","abstraction","usePermissions","container","resolve"],"sources":["usePermissions.ts"],"sourcesContent":["import { useContainer } from \"@webiny/app\";\nimport type { Abstraction } from \"@webiny/di\";\nimport type { PermissionSchemaConfig } from \"./types.js\";\nimport type { UsePermissionsResult } from \"./types.js\";\n\nexport function createUsePermissions<const S extends PermissionSchemaConfig>(\n    abstraction: Abstraction<UsePermissionsResult<S>>\n): () => UsePermissionsResult<S> {\n    return function usePermissions(): UsePermissionsResult<S> {\n        const container = useContainer();\n        return container.resolve(abstraction);\n    };\n}\n"],"mappings":"AAAA,SAASA,YAAY,QAAQ,aAAa;AAK1C,OAAO,SAASC,oBAAoBA,CAChCC,WAAiD,EACpB;EAC7B,OAAO,SAASC,cAAcA,CAAA,EAA4B;IACtD,MAAMC,SAAS,GAAGJ,YAAY,CAAC,CAAC;IAChC,OAAOI,SAAS,CAACC,OAAO,CAACH,WAAW,CAAC;EACzC,CAAC;AACL","ignoreList":[]}

package/presentation/installation/presenters/SystemInstaller/SystemInstallerGateway.d.ts

@@ -1,8 +1,8 @@
-import { GraphQLClient } from "@webiny/app/features/graphqlClient";
+import { MainGraphQLClient } from "@webiny/app/features/mainGraphQLClient/index.js";
 import { type InstallationInput, SystemInstallerGateway as Abstraction } from "./abstractions.js";
 declare class SystemInstallerGraphQLGateway implements Abstraction.Interface {
     private client;
-    constructor(client: GraphQLClient.Interface);
+    constructor(client: MainGraphQLClient.Interface);
     isSystemInstalled(): Promise<boolean>;
     installSystem(data: InstallationInput): Promise<void>;
 }

package/presentation/installation/presenters/SystemInstaller/SystemInstallerGateway.js

@@ -1,5 +1,5 @@
 import { createImplementation } from "@webiny/di";
-import { GraphQLClient } from "@webiny/app/features/graphqlClient";
+import { MainGraphQLClient } from "@webiny/app/features/mainGraphQLClient/index.js";
 import { SystemInstallerGateway as Abstraction } from "./abstractions.js";
 const IS_SYSTEM_INSTALLED = /* GraphQL */`
     query IsSystemInstalled {
@@ -57,7 +57,7 @@ class SystemInstallerGraphQLGateway {
 export const SystemInstallerGateway = createImplementation({
   abstraction: Abstraction,
   implementation: SystemInstallerGraphQLGateway,
-  dependencies: [GraphQLClient]
+  dependencies: [MainGraphQLClient]
 });
 
 //# sourceMappingURL=SystemInstallerGateway.js.map

package/presentation/installation/presenters/SystemInstaller/SystemInstallerGateway.js.map

@@ -1 +1 @@
-{"version":3,"names":["createImplementation","GraphQLClient","SystemInstallerGateway","Abstraction","IS_SYSTEM_INSTALLED","INSTALL_SYSTEM","SystemInstallerGraphQLGateway","constructor","client","isSystemInstalled","response","execute","query","system","error","Error","message","data","installSystem","variables","installationInput","abstraction","implementation","dependencies"],"sources":["SystemInstallerGateway.ts"],"sourcesContent":["import { createImplementation } from \"@webiny/di\";\nimport { GraphQLClient } from \"@webiny/app/features/graphqlClient\";\nimport { type InstallationInput, SystemInstallerGateway as Abstraction } from \"./abstractions.js\";\n\nconst IS_SYSTEM_INSTALLED = /* GraphQL */ `\n    query IsSystemInstalled {\n        system {\n            isSystemInstalled {\n                data\n                error {\n                    message\n                    code\n                    data\n                }\n            }\n        }\n    }\n`;\n\nconst INSTALL_SYSTEM = /* GraphQL */ `\n    mutation InstallSystem($installationInput: JSON!) {\n        system {\n            installSystem(installationInput: $installationInput) {\n                data\n                error {\n                    message\n                    code\n                    data\n                }\n            }\n        }\n    }\n`;\n\ninterface IsSystemInstalledResponse {\n    system: {\n        isSystemInstalled: {\n            data: boolean;\n            error?: {\n                message: string;\n                code: string;\n                data: any;\n            };\n        };\n    };\n}\n\ninterface InstallSystemResponse {\n    system: {\n        installSystem: {\n            data: boolean;\n            error?: {\n                message: string;\n                code: string;\n                data: any;\n            };\n        };\n    };\n}\n\nclass SystemInstallerGraphQLGateway implements Abstraction.Interface {\n    constructor(private client: GraphQLClient.Interface) {}\n\n    async isSystemInstalled(): Promise<boolean> {\n        const response = await this.client.execute<IsSystemInstalledResponse>({\n            query: IS_SYSTEM_INSTALLED\n        });\n\n        if (response.system.isSystemInstalled.error) {\n            throw new Error(response.system.isSystemInstalled.error.message);\n        }\n\n        return response.system.isSystemInstalled.data;\n    }\n\n    async installSystem(data: InstallationInput): Promise<void> {\n        const response = await this.client.execute<InstallSystemResponse>({\n            query: INSTALL_SYSTEM,\n            variables: {\n                installationInput: data\n            }\n        });\n\n        if (response.system.installSystem.error) {\n            throw response.system.installSystem.error;\n        }\n    }\n}\n\nexport const SystemInstallerGateway = createImplementation({\n    abstraction: Abstraction,\n    implementation: SystemInstallerGraphQLGateway,\n    dependencies: [GraphQLClient]\n});\n"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,YAAY;AACjD,SAASC,aAAa,QAAQ,oCAAoC;AAClE,SAAiCC,sBAAsB,IAAIC,WAAW;AAEtE,MAAMC,mBAAmB,GAAG,aAAc;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AAED,MAAMC,cAAc,GAAG,aAAc;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AA4BD,MAAMC,6BAA6B,CAAkC;EACjEC,WAAWA,CAASC,MAA+B,EAAE;IAAA,KAAjCA,MAA+B,GAA/BA,MAA+B;EAAG;EAEtD,MAAMC,iBAAiBA,CAAA,EAAqB;IACxC,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAACF,MAAM,CAACG,OAAO,CAA4B;MAClEC,KAAK,EAAER;IACX,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACK,KAAK,EAAE;MACzC,MAAM,IAAIC,KAAK,CAACL,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACK,KAAK,CAACE,OAAO,CAAC;IACpE;IAEA,OAAON,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACQ,IAAI;EACjD;EAEA,MAAMC,aAAaA,CAACD,IAAuB,EAAiB;IACxD,MAAMP,QAAQ,GAAG,MAAM,IAAI,CAACF,MAAM,CAACG,OAAO,CAAwB;MAC9DC,KAAK,EAAEP,cAAc;MACrBc,SAAS,EAAE;QACPC,iBAAiB,EAAEH;MACvB;IACJ,CAAC,CAAC;IAEF,IAAIP,QAAQ,CAACG,MAAM,CAACK,aAAa,CAACJ,KAAK,EAAE;MACrC,MAAMJ,QAAQ,CAACG,MAAM,CAACK,aAAa,CAACJ,KAAK;IAC7C;EACJ;AACJ;AAEA,OAAO,MAAMZ,sBAAsB,GAAGF,oBAAoB,CAAC;EACvDqB,WAAW,EAAElB,WAAW;EACxBmB,cAAc,EAAEhB,6BAA6B;EAC7CiB,YAAY,EAAE,CAACtB,aAAa;AAChC,CAAC,CAAC","ignoreList":[]}
+{"version":3,"names":["createImplementation","MainGraphQLClient","SystemInstallerGateway","Abstraction","IS_SYSTEM_INSTALLED","INSTALL_SYSTEM","SystemInstallerGraphQLGateway","constructor","client","isSystemInstalled","response","execute","query","system","error","Error","message","data","installSystem","variables","installationInput","abstraction","implementation","dependencies"],"sources":["SystemInstallerGateway.ts"],"sourcesContent":["import { createImplementation } from \"@webiny/di\";\nimport { MainGraphQLClient } from \"@webiny/app/features/mainGraphQLClient/index.js\";\nimport { type InstallationInput, SystemInstallerGateway as Abstraction } from \"./abstractions.js\";\n\nconst IS_SYSTEM_INSTALLED = /* GraphQL */ `\n    query IsSystemInstalled {\n        system {\n            isSystemInstalled {\n                data\n                error {\n                    message\n                    code\n                    data\n                }\n            }\n        }\n    }\n`;\n\nconst INSTALL_SYSTEM = /* GraphQL */ `\n    mutation InstallSystem($installationInput: JSON!) {\n        system {\n            installSystem(installationInput: $installationInput) {\n                data\n                error {\n                    message\n                    code\n                    data\n                }\n            }\n        }\n    }\n`;\n\ninterface IsSystemInstalledResponse {\n    system: {\n        isSystemInstalled: {\n            data: boolean;\n            error?: {\n                message: string;\n                code: string;\n                data: any;\n            };\n        };\n    };\n}\n\ninterface InstallSystemResponse {\n    system: {\n        installSystem: {\n            data: boolean;\n            error?: {\n                message: string;\n                code: string;\n                data: any;\n            };\n        };\n    };\n}\n\nclass SystemInstallerGraphQLGateway implements Abstraction.Interface {\n    constructor(private client: MainGraphQLClient.Interface) {}\n\n    async isSystemInstalled(): Promise<boolean> {\n        const response = await this.client.execute<IsSystemInstalledResponse>({\n            query: IS_SYSTEM_INSTALLED\n        });\n\n        if (response.system.isSystemInstalled.error) {\n            throw new Error(response.system.isSystemInstalled.error.message);\n        }\n\n        return response.system.isSystemInstalled.data;\n    }\n\n    async installSystem(data: InstallationInput): Promise<void> {\n        const response = await this.client.execute<InstallSystemResponse>({\n            query: INSTALL_SYSTEM,\n            variables: {\n                installationInput: data\n            }\n        });\n\n        if (response.system.installSystem.error) {\n            throw response.system.installSystem.error;\n        }\n    }\n}\n\nexport const SystemInstallerGateway = createImplementation({\n    abstraction: Abstraction,\n    implementation: SystemInstallerGraphQLGateway,\n    dependencies: [MainGraphQLClient]\n});\n"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,YAAY;AACjD,SAASC,iBAAiB,QAAQ,iDAAiD;AACnF,SAAiCC,sBAAsB,IAAIC,WAAW;AAEtE,MAAMC,mBAAmB,GAAG,aAAc;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AAED,MAAMC,cAAc,GAAG,aAAc;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AA4BD,MAAMC,6BAA6B,CAAkC;EACjEC,WAAWA,CAASC,MAAmC,EAAE;IAAA,KAArCA,MAAmC,GAAnCA,MAAmC;EAAG;EAE1D,MAAMC,iBAAiBA,CAAA,EAAqB;IACxC,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAACF,MAAM,CAACG,OAAO,CAA4B;MAClEC,KAAK,EAAER;IACX,CAAC,CAAC;IAEF,IAAIM,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACK,KAAK,EAAE;MACzC,MAAM,IAAIC,KAAK,CAACL,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACK,KAAK,CAACE,OAAO,CAAC;IACpE;IAEA,OAAON,QAAQ,CAACG,MAAM,CAACJ,iBAAiB,CAACQ,IAAI;EACjD;EAEA,MAAMC,aAAaA,CAACD,IAAuB,EAAiB;IACxD,MAAMP,QAAQ,GAAG,MAAM,IAAI,CAACF,MAAM,CAACG,OAAO,CAAwB;MAC9DC,KAAK,EAAEP,cAAc;MACrBc,SAAS,EAAE;QACPC,iBAAiB,EAAEH;MACvB;IACJ,CAAC,CAAC;IAEF,IAAIP,QAAQ,CAACG,MAAM,CAACK,aAAa,CAACJ,KAAK,EAAE;MACrC,MAAMJ,QAAQ,CAACG,MAAM,CAACK,aAAa,CAACJ,KAAK;IAC7C;EACJ;AACJ;AAEA,OAAO,MAAMZ,sBAAsB,GAAGF,oBAAoB,CAAC;EACvDqB,WAAW,EAAElB,WAAW;EACxBmB,cAAc,EAAEhB,6BAA6B;EAC7CiB,YAAY,EAAE,CAACtB,iBAAiB;AACpC,CAAC,CAAC","ignoreList":[]}