@xnetjs/core 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +39 -2
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -699,7 +699,7 @@ interface AuthenticatedExpr {
|
|
|
699
699
|
/**
|
|
700
700
|
* How to determine if a user holds a role.
|
|
701
701
|
*/
|
|
702
|
-
type RoleResolver = CreatorRoleResolver | PropertyRoleResolver | RelationRoleResolver;
|
|
702
|
+
type RoleResolver = CreatorRoleResolver | PropertyRoleResolver | RelationRoleResolver | MembershipRoleResolver;
|
|
703
703
|
/**
|
|
704
704
|
* Serialized form of RoleResolver for JSON storage.
|
|
705
705
|
*/
|
|
@@ -712,6 +712,15 @@ type SerializedRoleResolver = {
|
|
|
712
712
|
_tag: 'relation';
|
|
713
713
|
relationName: string;
|
|
714
714
|
targetRole: string;
|
|
715
|
+
} | {
|
|
716
|
+
_tag: 'membership';
|
|
717
|
+
edgeSchema: string;
|
|
718
|
+
containerProp: string;
|
|
719
|
+
memberProp: string;
|
|
720
|
+
roleProp: string;
|
|
721
|
+
minRole: string;
|
|
722
|
+
roleOrder: string[];
|
|
723
|
+
parentProp?: string;
|
|
715
724
|
};
|
|
716
725
|
/**
|
|
717
726
|
* Role held by the node's creator.
|
|
@@ -736,6 +745,34 @@ interface RelationRoleResolver {
|
|
|
736
745
|
readonly relationName: string;
|
|
737
746
|
readonly targetRole: string;
|
|
738
747
|
}
|
|
748
|
+
/**
|
|
749
|
+
* Role determined by membership edges that point at THIS node (a reverse-edge
|
|
750
|
+
* lookup the forward `relation`/`property` resolvers can't express).
|
|
751
|
+
*
|
|
752
|
+
* Given a container node (e.g. a Space), the subject holds this role when an
|
|
753
|
+
* edge node of `edgeSchema` exists whose `containerProp` references this node
|
|
754
|
+
* (or, when `parentProp` is set, any of its ancestors), whose `memberProp`
|
|
755
|
+
* holds the subject DID, and whose `roleProp` rank is `>= minRole` per the
|
|
756
|
+
* `roleOrder` ladder (least → most privileged). The ancestor walk is how
|
|
757
|
+
* membership cascades down a nested container tree without fanning grants out.
|
|
758
|
+
*/
|
|
759
|
+
interface MembershipRoleResolver {
|
|
760
|
+
readonly _tag: 'membership';
|
|
761
|
+
/** Schema IRI of the membership edge node (e.g. SpaceMembership). */
|
|
762
|
+
readonly edgeSchema: string;
|
|
763
|
+
/** Edge property that references the container node. */
|
|
764
|
+
readonly containerProp: string;
|
|
765
|
+
/** Edge property holding the member DID. */
|
|
766
|
+
readonly memberProp: string;
|
|
767
|
+
/** Edge property holding the member's role id. */
|
|
768
|
+
readonly roleProp: string;
|
|
769
|
+
/** Minimum role rung this resolver represents. */
|
|
770
|
+
readonly minRole: string;
|
|
771
|
+
/** Role ids ordered least → most privileged (for rank comparison). */
|
|
772
|
+
readonly roleOrder: readonly string[];
|
|
773
|
+
/** Container relation to walk for ancestor inheritance (e.g. `parent`). */
|
|
774
|
+
readonly parentProp?: string;
|
|
775
|
+
}
|
|
739
776
|
/**
|
|
740
777
|
* Input for an authorization check.
|
|
741
778
|
*/
|
|
@@ -777,4 +814,4 @@ interface PolicyEvaluator {
|
|
|
777
814
|
type DID = `did:key:${string}`;
|
|
778
815
|
type DocumentPath = `xnet://${DID}/workspace/${string}/doc/${string}`;
|
|
779
816
|
|
|
780
|
-
export { ALL_CAPABILITIES, AUTH_ACTIONS, type ActionKey, type AllowExpr, type AndExpr, type AuthAction, type AuthCheckInput, type AuthDecision, type AuthDenyReason, type AuthExpression, type AuthTrace, type AuthTraceStep, type AuthenticatedExpr, type AuthorizationDefinition, BOOTSTRAP_PEERS, type Capability, type ChainStatus, type Condition, type ContentChunk, type ContentId, type ContentResolver, type ContentTree, type CreatorRoleResolver, DEFAULT_SNAPSHOT_TRIGGERS, DEFAULT_STREAMING_OPTIONS, DHT_CONFIG, type DID, type DIDResolution, type DIDResolver, type DataSource, type DenyExpr, type DocumentLoad, type DocumentPath, type Fork, type Group, type IPCondition, type MerkleNode, type NotExpr, type OrExpr, type PeerLocation, type PermissionEvaluator, type PermissionGrant, type PolicyEvaluator, type PropertyRoleResolver, type PublicExpr, type Query, type QueryPlan, type QueryRequest, type QueryResponse, type QueryRouter, RESOLUTION_CACHE_CONFIG, type RelationRoleResolver, type ResolutionStrategy, type ResourceScope, type Role, type RoleKey, type RoleRefExpr, type RoleResolver, STANDARD_ROLES, type SchemaAction, type SerializedAuthExpression, type SerializedAuthorization, type SerializedRoleResolver, type SignedUpdate, type Snapshot, type SnapshotTriggers, type StreamingQueryOptions, type SubQuery, type TimeCondition, type UpdateVerifier, type VectorClock, buildMerkleTree, compareVectorClocks, createChunk, createContentId, deduplicatedUnion, detectFork, estimateQueryCost, evaluateCondition, getMostPermissiveCapability, hashContent, incrementVectorClock, isLocationFresh, isValidDID, isValidProgression, mergeStateVectors, mergeVectorClocks, parseContentId, parseDID, roleHasCapability, shouldCreateSnapshot, unionAggregate, verifyContent, verifyUpdateChain };
|
|
817
|
+
export { ALL_CAPABILITIES, AUTH_ACTIONS, type ActionKey, type AllowExpr, type AndExpr, type AuthAction, type AuthCheckInput, type AuthDecision, type AuthDenyReason, type AuthExpression, type AuthTrace, type AuthTraceStep, type AuthenticatedExpr, type AuthorizationDefinition, BOOTSTRAP_PEERS, type Capability, type ChainStatus, type Condition, type ContentChunk, type ContentId, type ContentResolver, type ContentTree, type CreatorRoleResolver, DEFAULT_SNAPSHOT_TRIGGERS, DEFAULT_STREAMING_OPTIONS, DHT_CONFIG, type DID, type DIDResolution, type DIDResolver, type DataSource, type DenyExpr, type DocumentLoad, type DocumentPath, type Fork, type Group, type IPCondition, type MembershipRoleResolver, type MerkleNode, type NotExpr, type OrExpr, type PeerLocation, type PermissionEvaluator, type PermissionGrant, type PolicyEvaluator, type PropertyRoleResolver, type PublicExpr, type Query, type QueryPlan, type QueryRequest, type QueryResponse, type QueryRouter, RESOLUTION_CACHE_CONFIG, type RelationRoleResolver, type ResolutionStrategy, type ResourceScope, type Role, type RoleKey, type RoleRefExpr, type RoleResolver, STANDARD_ROLES, type SchemaAction, type SerializedAuthExpression, type SerializedAuthorization, type SerializedRoleResolver, type SignedUpdate, type Snapshot, type SnapshotTriggers, type StreamingQueryOptions, type SubQuery, type TimeCondition, type UpdateVerifier, type VectorClock, buildMerkleTree, compareVectorClocks, createChunk, createContentId, deduplicatedUnion, detectFork, estimateQueryCost, evaluateCondition, getMostPermissiveCapability, hashContent, incrementVectorClock, isLocationFresh, isValidDID, isValidProgression, mergeStateVectors, mergeVectorClocks, parseContentId, parseDID, roleHasCapability, shouldCreateSnapshot, unionAggregate, verifyContent, verifyUpdateChain };
|