convex-cms 0.0.1

package/dist/component/roles.d.ts

@@ -0,0 +1,649 @@
+/**
+ * RBAC Default Roles Configuration
+ *
+ * This module defines the default role configurations for the CMS:
+ * - admin: Full access to all CMS features
+ * - editor: Can manage all content and media, but not settings
+ * - author: Can create and manage own content
+ * - viewer: Read-only access to published content
+ *
+ * Roles are exported as constants for easy customization. Developers can
+ * extend or override these defaults using the custom roles feature.
+ *
+ * @example
+ * ```typescript
+ * import { DEFAULT_ROLES, hasPermission, type RoleName } from '@convex-cms/core';
+ *
+ * // Check if a role has a specific permission
+ * if (hasPermission('editor', { resource: 'contentEntries', action: 'update' })) {
+ *   // Allow the action
+ * }
+ *
+ * // Get all permissions for a role
+ * const adminPerms = getRolePermissions('admin');
+ * ```
+ */
+/**
+ * All built-in role names in the CMS.
+ * Custom roles can be added by developers, but these are always available.
+ */
+export declare const roleNames: readonly ["admin", "editor", "author", "viewer"];
+/**
+ * Type representing a built-in role name.
+ * Use `string` for custom roles, or extend this type.
+ */
+export type RoleName = typeof roleNames[number];
+/**
+ * Convex validator for role names.
+ * Use this in function arguments to validate role input.
+ */
+export declare const roleNameValidator: import("convex/values").VUnion<"author" | "admin" | "editor" | "viewer", [import("convex/values").VLiteral<"admin", "required">, import("convex/values").VLiteral<"editor", "required">, import("convex/values").VLiteral<"author", "required">, import("convex/values").VLiteral<"viewer", "required">], "required", never>;
+/**
+ * All resources that can be protected by RBAC.
+ */
+export declare const resources: readonly ["contentTypes", "contentEntries", "mediaItems", "settings"];
+export type Resource = typeof resources[number];
+/**
+ * Convex validator for resources.
+ */
+export declare const resourceValidator: import("convex/values").VUnion<"contentTypes" | "contentEntries" | "mediaItems" | "settings", [import("convex/values").VLiteral<"contentTypes", "required">, import("convex/values").VLiteral<"contentEntries", "required">, import("convex/values").VLiteral<"mediaItems", "required">, import("convex/values").VLiteral<"settings", "required">], "required", never>;
+/**
+ * All actions that can be performed on resources.
+ */
+export declare const actions: readonly ["create", "read", "update", "delete", "publish", "unpublish", "restore", "manage", "move"];
+export type Action = typeof actions[number];
+/**
+ * Convex validator for actions.
+ */
+export declare const actionValidator: import("convex/values").VUnion<"update" | "read" | "publish" | "create" | "delete" | "unpublish" | "restore" | "manage" | "move", [import("convex/values").VLiteral<"create", "required">, import("convex/values").VLiteral<"read", "required">, import("convex/values").VLiteral<"update", "required">, import("convex/values").VLiteral<"delete", "required">, import("convex/values").VLiteral<"publish", "required">, import("convex/values").VLiteral<"unpublish", "required">, import("convex/values").VLiteral<"restore", "required">, import("convex/values").VLiteral<"manage", "required">, import("convex/values").VLiteral<"move", "required">], "required", never>;
+/**
+ * Ownership scope for permissions.
+ * - "all": Can perform action on any item
+ * - "own": Can only perform action on items they created
+ */
+export type OwnershipScope = "all" | "own";
+/**
+ * A single permission grant.
+ * Defines what action can be performed on which resource, with optional ownership scope.
+ */
+export interface Permission {
+    /** The resource this permission applies to */
+    resource: Resource;
+    /** The action being granted */
+    action: Action;
+    /**
+     * Ownership scope (defaults to "all" if not specified).
+     * Only relevant for resources that have ownership (contentEntries, mediaAssets).
+     */
+    scope?: OwnershipScope;
+}
+/**
+ * Convex validator for a permission object.
+ */
+export declare const permissionValidator: import("convex/values").VObject<{
+    scope?: "all" | "own" | undefined;
+    action: "update" | "read" | "publish" | "create" | "delete" | "unpublish" | "restore" | "manage" | "move";
+    resource: "contentTypes" | "contentEntries" | "mediaItems" | "settings";
+}, {
+    resource: import("convex/values").VUnion<"contentTypes" | "contentEntries" | "mediaItems" | "settings", [import("convex/values").VLiteral<"contentTypes", "required">, import("convex/values").VLiteral<"contentEntries", "required">, import("convex/values").VLiteral<"mediaItems", "required">, import("convex/values").VLiteral<"settings", "required">], "required", never>;
+    action: import("convex/values").VUnion<"update" | "read" | "publish" | "create" | "delete" | "unpublish" | "restore" | "manage" | "move", [import("convex/values").VLiteral<"create", "required">, import("convex/values").VLiteral<"read", "required">, import("convex/values").VLiteral<"update", "required">, import("convex/values").VLiteral<"delete", "required">, import("convex/values").VLiteral<"publish", "required">, import("convex/values").VLiteral<"unpublish", "required">, import("convex/values").VLiteral<"restore", "required">, import("convex/values").VLiteral<"manage", "required">, import("convex/values").VLiteral<"move", "required">], "required", never>;
+    scope: import("convex/values").VUnion<"all" | "own" | undefined, [import("convex/values").VLiteral<"all", "required">, import("convex/values").VLiteral<"own", "required">], "optional", never>;
+}, "required", "action" | "resource" | "scope">;
+/**
+ * Complete role definition including metadata and permissions.
+ */
+export interface RoleDefinition {
+    /** Unique role identifier */
+    name: RoleName | string;
+    /** Human-readable display name */
+    displayName: string;
+    /** Description of the role's purpose */
+    description: string;
+    /** List of permissions granted to this role */
+    permissions: Permission[];
+    /** Whether this is a system role that cannot be deleted */
+    isSystem: boolean;
+}
+/**
+ * Admin role - Full access to all CMS features.
+ *
+ * Admins can:
+ * - Create, read, update, and delete all content types
+ * - Manage all content entries regardless of author
+ * - Publish and unpublish any content
+ * - Manage all media assets and folders
+ * - Access and modify CMS settings
+ */
+export declare const ADMIN_ROLE: RoleDefinition;
+/**
+ * Editor role - Can manage all content and media, but not settings or content types.
+ *
+ * Editors can:
+ * - Read content type definitions
+ * - Create, read, update, and delete all content entries
+ * - Publish and unpublish any content
+ * - Manage all media assets and folders
+ * - Cannot modify CMS settings or content type schemas
+ */
+export declare const EDITOR_ROLE: RoleDefinition;
+/**
+ * Author role - Can create and manage own content.
+ *
+ * Authors can:
+ * - Read content type definitions
+ * - Create content entries
+ * - Read, update, and delete their own content entries
+ * - Publish and unpublish their own content (subject to workflow settings)
+ * - Upload and manage their own media assets
+ * - Read all media (for embedding in content)
+ * - Cannot manage other users' content or CMS settings
+ */
+export declare const AUTHOR_ROLE: RoleDefinition;
+/**
+ * Viewer role - Read-only access to published content.
+ *
+ * Viewers can:
+ * - Read content type definitions
+ * - Read published content entries only
+ * - View media assets
+ * - Cannot create, update, delete, or publish any content
+ */
+export declare const VIEWER_ROLE: RoleDefinition;
+/**
+ * All default roles indexed by role name.
+ * Use this to look up role definitions or iterate over all roles.
+ *
+ * @example
+ * ```typescript
+ * // Get the admin role definition
+ * const adminDef = DEFAULT_ROLES.admin;
+ *
+ * // Iterate over all roles
+ * for (const [name, role] of Object.entries(DEFAULT_ROLES)) {
+ *   console.log(`${name}: ${role.description}`);
+ * }
+ * ```
+ */
+export declare const DEFAULT_ROLES: Record<RoleName, RoleDefinition>;
+/**
+ * Array of all default role definitions.
+ * Useful for UI rendering or iterating over roles.
+ */
+export declare const DEFAULT_ROLES_LIST: RoleDefinition[];
+/**
+ * Check if a permission matches a requested permission.
+ * Handles scope matching (own scope only matches if requested scope is also own).
+ *
+ * @param granted - The permission that was granted to the role
+ * @param requested - The permission being requested
+ * @returns True if the granted permission satisfies the requested permission
+ */
+export declare function permissionMatches(granted: Permission, requested: {
+    resource: Resource;
+    action: Action;
+    scope?: OwnershipScope;
+}): boolean;
+/**
+ * Check if a role has a specific permission.
+ *
+ * @param roleName - The name of the role to check
+ * @param permission - The permission to check for (resource + action + optional scope)
+ * @param customRoles - Optional custom roles to check in addition to defaults
+ * @returns True if the role has the permission
+ *
+ * @example
+ * ```typescript
+ * // Check if editor can update content entries
+ * hasPermission('editor', { resource: 'contentEntries', action: 'update' }); // true
+ *
+ * // Check if author can publish their own content
+ * hasPermission('author', { resource: 'contentEntries', action: 'publish', scope: 'own' }); // true
+ *
+ * // Check if viewer can update content
+ * hasPermission('viewer', { resource: 'contentEntries', action: 'update' }); // false
+ * ```
+ */
+export declare function hasPermission(roleName: RoleName | string, permission: {
+    resource: Resource;
+    action: Action;
+    scope?: OwnershipScope;
+}, customRoles?: Record<string, RoleDefinition>): boolean;
+/**
+ * Get all permissions for a role.
+ *
+ * @param roleName - The name of the role
+ * @param customRoles - Optional custom roles to check in addition to defaults
+ * @returns Array of permissions, or empty array if role not found
+ *
+ * @example
+ * ```typescript
+ * const editorPerms = getRolePermissions('editor');
+ * console.log(editorPerms.length); // Number of permissions
+ * ```
+ */
+export declare function getRolePermissions(roleName: RoleName | string, customRoles?: Record<string, RoleDefinition>): Permission[];
+/**
+ * Get the role definition for a role name.
+ *
+ * @param roleName - The name of the role
+ * @param customRoles - Optional custom roles to check in addition to defaults
+ * @returns The role definition, or undefined if not found
+ */
+export declare function getRole(roleName: RoleName | string, customRoles?: Record<string, RoleDefinition>): RoleDefinition | undefined;
+/**
+ * Check if a role name is a valid built-in role.
+ *
+ * @param name - The role name to check
+ * @returns True if it's a valid built-in role name
+ */
+export declare function isBuiltInRole(name: string): name is RoleName;
+/**
+ * Get all permissions for a specific resource across a role.
+ *
+ * @param roleName - The name of the role
+ * @param resource - The resource to filter by
+ * @param customRoles - Optional custom roles to check in addition to defaults
+ * @returns Array of permissions for the specified resource
+ *
+ * @example
+ * ```typescript
+ * // Get all content entry permissions for editor
+ * const contentPerms = getResourcePermissions('editor', 'contentEntries');
+ * ```
+ */
+export declare function getResourcePermissions(roleName: RoleName | string, resource: Resource, customRoles?: Record<string, RoleDefinition>): Permission[];
+/**
+ * Check if a role can perform any action on a resource.
+ *
+ * @param roleName - The name of the role
+ * @param resource - The resource to check
+ * @param customRoles - Optional custom roles to check in addition to defaults
+ * @returns True if the role h permission on the resource
+ */
+export declare function canAccessResource(roleName: RoleName | string, resource: Resource, customRoles?: Record<string, RoleDefinition>): boolean;
+/**
+ * Extended permission with optional content-type-specific restrictions.
+ * Allows for fine-grained control over which content types a permission applies to.
+ *
+ * @example
+ * ```typescript
+ * // Permission that only applies to blog_post and news content types
+ * const permission: ContentTypePermission = {
+ *   resource: "contentEntries",
+ *   action: "create",
+ *   contentTypes: ["blog_post", "news"],
+ * };
+ *
+ * // Permission that applies to all content types except legal
+ * const restrictedPerm: ContentTypePermission = {
+ *   resource: "contentEntries",
+ *   action: "publish",
+ *   excludeContentTypes: ["legal_document"],
+ * };
+ * ```
+ */
+export interface ContentTypePermission extends Permission {
+    /**
+     * Whitelist of content type names this permission applies to.
+     * If specified, permission only grants access to these content types.
+     * Cannot be used with excludeContentTypes.
+     */
+    contentTypes?: string[];
+    /**
+     * Blacklist of content type names this permission does NOT apply to.
+     * If specified, permission grants access to all content types except these.
+     * Cannot be used with contentTypes.
+     */
+    excludeContentTypes?: string[];
+}
+/**
+ * Configuration for creating a custom role.
+ *
+ * @example
+ * ```typescript
+ * // Create a new role from scratch
+ * const blogAuthor: CustomRoleConfig = {
+ *   name: "blog-author",
+ *   displayName: "Blog Author",
+ *   description: "Can create and manage blog posts only",
+ *   permissions: [
+ *     { resource: "contentTypes", action: "read" },
+ *     { resource: "contentEntries", action: "create", contentTypes: ["blog_post"] },
+ *     { resource: "contentEntries", action: "read", scope: "own", contentTypes: ["blog_post"] },
+ *     { resource: "contentEntries", action: "update", scope: "own", contentTypes: ["blog_post"] },
+ *   ],
+ * };
+ * ```
+ */
+export interface CustomRoleConfig {
+    /** Unique identifier for the custom role */
+    name: string;
+    /** Human-readable display name */
+    displayName: string;
+    /** Description of the role's purpose */
+    description: string;
+    /** Permissions granted to this role */
+    permissions: ContentTypePermission[];
+    /** Whether this role should be treated as a system role (cannot be deleted) */
+    isSystem?: boolean;
+}
+/**
+ * Configuration for extending an existing role.
+ *
+ * @example
+ * ```typescript
+ * // Extend the author role with additional permissions
+ * const seniorAuthor: ExtendRoleConfig = {
+ *   name: "senior-author",
+ *   displayName: "Senior Author",
+ *   description: "Author with additional publishing rights",
+ *   extends: "author",
+ *   addPermissions: [
+ *     { resource: "contentEntries", action: "publish" },
+ *   ],
+ * };
+ *
+ * // Extend editor but restrict to certain content types
+ * const blogEditor: ExtendRoleConfig = {
+ *   name: "blog-editor",
+ *   displayName: "Blog Editor",
+ *   description: "Editor for blog content only",
+ *   extends: "editor",
+ *   addPermissions: [],
+ *   removePermissions: [
+ *     { resource: "contentEntries", action: "create" },
+ *   ],
+ *   restrictToContentTypes: ["blog_post", "blog_category"],
+ * };
+ * ```
+ */
+export interface ExtendRoleConfig {
+    /** Unique identifier for the extended role */
+    name: string;
+    /** Human-readable display name */
+    displayName: string;
+    /** Description of the role's purpose */
+    description: string;
+    /** Name of the role to extend (can be built-in or custom) */
+    extends: RoleName | string;
+    /** Additional permissions to add to the extended role */
+    addPermissions?: ContentTypePermission[];
+    /**
+     * Permissions to remove from the extended role.
+     * Matching is done by resource + action (scope is ignored for removal).
+     */
+    removePermissions?: Array<{
+        resource: Resource;
+        action: Action;
+    }>;
+    /**
+     * Restrict all contentEntries permissions to these content types.
+     * If specified, all contentEntries permissions are limited to only these types.
+     */
+    restrictToContentTypes?: string[];
+    /** Whether this role should be treated as a system role */
+    isSystem?: boolean;
+}
+/**
+ * Extended role definition that supports content-type-specific permissions.
+ * This is the runtime representation of a role that may have per-content-type restrictions.
+ */
+export interface ExtendedRoleDefinition {
+    /** Unique role identifier */
+    name: string;
+    /** Human-readable display name */
+    displayName: string;
+    /** Description of the role's purpose */
+    description: string;
+    /** List of permissions granted to this role (may include content-type restrictions) */
+    permissions: ContentTypePermission[];
+    /** Whether this is a system role that cannot be deleted */
+    isSystem: boolean;
+    /** If this role was extended from another, the source role name */
+    extendsRole?: string;
+}
+/**
+ * Creates a new custom role from configuration.
+ *
+ * @param config - The custom role configuration
+ * @returns A role definition ready to use with the RBAC system
+ *
+ * @example
+ * ```typescript
+ * const blogAuthor = createCustomRole({
+ *   name: "blog-author",
+ *   displayName: "Blog Author",
+ *   description: "Can create and manage blog posts",
+ *   permissions: [
+ *     { resource: "contentTypes", action: "read" },
+ *     { resource: "contentEntries", action: "create", contentTypes: ["blog_post"] },
+ *     { resource: "contentEntries", action: "read", scope: "own", contentTypes: ["blog_post"] },
+ *     { resource: "contentEntries", action: "update", scope: "own", contentTypes: ["blog_post"] },
+ *     { resource: "contentEntries", action: "delete", scope: "own", contentTypes: ["blog_post"] },
+ *     { resource: "mediaItems", action: "create" },
+ *     { resource: "mediaItems", action: "read" },
+ *   ],
+ * });
+ * ```
+ */
+export declare function createCustomRole(config: CustomRoleConfig): ExtendedRoleDefinition;
+/**
+ * Extends an existing role with additional or removed permissions.
+ *
+ * This function creates a new role based on an existing one, allowing you to:
+ * - Add new permissions
+ * - Remove existing permissions
+ * - Restrict all contentEntries permissions to specific content types
+ *
+ * @param config - The extend role configuration
+ * @param customRoles - Optional existing custom roles to look up the base role from
+ * @returns A new role definition with the modified permissions
+ *
+ * @example
+ * ```typescript
+ * // Create a senior author who can publish their own content
+ * const seniorAuthor = extendRole({
+ *   name: "senior-author",
+ *   displayName: "Senior Author",
+ *   description: "Author with publishing rights",
+ *   extends: "author",
+ *   addPermissions: [
+ *     { resource: "contentEntries", action: "publish", scope: "own" },
+ *     { resource: "contentEntries", action: "unpublish", scope: "own" },
+ *   ],
+ * });
+ *
+ * // Create a blog-only editor
+ * const blogEditor = extendRole({
+ *   name: "blog-editor",
+ *   displayName: "Blog Editor",
+ *   description: "Can only edit blog content",
+ *   extends: "editor",
+ *   restrictToContentTypes: ["blog_post", "blog_category"],
+ * });
+ * ```
+ */
+export declare function extendRole(config: ExtendRoleConfig, customRoles?: Record<string, RoleDefinition | ExtendedRoleDefinition>): ExtendedRoleDefinition;
+/**
+ * Merges custom roles with the default roles.
+ *
+ * Creates a combined role registry that includes both default and custom roles.
+ * Custom roles do NOT override default roles - they exist alongside them.
+ *
+ * @param customRoles - Array of custom role definitions
+ * @returns A record of all roles (default + custom)
+ *
+ * @example
+ * ```typescript
+ * const blogAuthor = createCustomRole({...});
+ * const seniorAuthor = extendRole({...});
+ *
+ * const allRoles = mergeRolesWithDefaults([blogAuthor, seniorAuthor]);
+ * // allRoles contains: admin, editor, author, viewer, blog-author, senior-author
+ * ```
+ */
+export declare function mergeRolesWithDefaults(customRoles: Array<RoleDefinition | ExtendedRoleDefinition>): Record<string, RoleDefinition | ExtendedRoleDefinition>;
+/**
+ * Creates a custom roles record from an array of role definitions.
+ * Use this to pass custom roles to permission checking functions.
+ *
+ * @param roles - Array of custom role definitions
+ * @returns A record indexed by role name
+ *
+ * @example
+ * ```typescript
+ * const customRoles = buildCustomRolesRecord([blogAuthor, seniorAuthor]);
+ * hasPermission("blog-author", { resource: "contentEntries", action: "create" }, customRoles);
+ * ```
+ */
+export declare function buildCustomRolesRecord(roles: Array<RoleDefinition | ExtendedRoleDefinition>): Record<string, RoleDefinition | ExtendedRoleDefinition>;
+/**
+ * Options for checking permissions with content-type awareness.
+ */
+export interface ContentTypePermissionCheckOptions {
+    /**
+     * Custom roles to include when checking permissions.
+     */
+    customRoles?: Record<string, RoleDefinition | ExtendedRoleDefinition>;
+    /**
+     * The content type name to check permissions for.
+     * Required when the permission may have content-type restrictions.
+     */
+    contentTypeName?: string;
+}
+/**
+ * Extended permission check that includes content-type-specific restrictions.
+ *
+ * Use this function when you need to check if a role can perform an action
+ * on a specific content type.
+ *
+ * @param roleName - The name of the role to check
+ * @param permission - The permission to check (resource + action + optional scope)
+ * @param options - Additional options including custom roles and content type
+ * @returns True if the role has the permission for the specified content type
+ *
+ * @example
+ * ```typescript
+ * // Check if blog-author can create blog posts
+ * hasContentTypePermission("blog-author", {
+ *   resource: "contentEntries",
+ *   action: "create",
+ * }, {
+ *   customRoles: allRoles,
+ *   contentTypeName: "blog_post",
+ * }); // true
+ *
+ * // Check if blog-author can create legal documents
+ * hasContentTypePermission("blog-author", {
+ *   resource: "contentEntries",
+ *   action: "create",
+ * }, {
+ *   customRoles: allRoles,
+ *   contentTypeName: "legal_document",
+ * }); // false (restricted to blog_post only)
+ * ```
+ */
+export declare function hasContentTypePermission(roleName: RoleName | string, permission: {
+    resource: Resource;
+    action: Action;
+    scope?: OwnershipScope;
+}, options?: ContentTypePermissionCheckOptions): boolean;
+/**
+ * Gets all content types that a role can perform an action on.
+ *
+ * @param roleName - The name of the role
+ * @param action - The action to check
+ * @param options - Additional options
+ * @returns Array of content type names, or ["*"] if unrestricted, or [] if no permission
+ *
+ * @example
+ * ```typescript
+ * // Get content types the blog-author can create
+ * getPermittedContentTypes("blog-author", "create", { customRoles });
+ * // Returns: ["blog_post"]
+ *
+ * // Get content types the editor can update
+ * getPermittedContentTypes("editor", "update", { customRoles });
+ * // Returns: ["*"] (unrestricted)
+ * ```
+ */
+export declare function getPermittedContentTypes(roleName: RoleName | string, action: Action, options?: {
+    customRoles?: Record<string, RoleDefinition | ExtendedRoleDefinition>;
+}): string[];
+/**
+ * Gets all content types that a role is excluded from for an action.
+ *
+ * @param roleName - The name of the role
+ * @param action - The action to check
+ * @param options - Additional options
+ * @returns Array of excluded content type names, or [] if none
+ */
+export declare function getExcludedContentTypes(roleName: RoleName | string, action: Action, options?: {
+    customRoles?: Record<string, RoleDefinition | ExtendedRoleDefinition>;
+}): string[];
+/**
+ * Helper to create a full CRUD permission set for a resource with optional content type restriction.
+ *
+ * @param resource - The resource to grant permissions on
+ * @param options - Optional scope and content type restrictions
+ * @returns Array of permissions
+ *
+ * @example
+ * ```typescript
+ * // Full CRUD on contentEntries for blog_post only
+ * fullCrudForContentType("contentEntries", {
+ *   contentTypes: ["blog_post"],
+ *   scope: "own",
+ * });
+ * ```
+ */
+export declare function fullCrudForContentType(resource: Resource, options?: {
+    scope?: OwnershipScope;
+    contentTypes?: string[];
+    excludeContentTypes?: string[];
+}): ContentTypePermission[];
+/**
+ * Helper to create publish permissions with optional content type restriction.
+ *
+ * @param options - Optional scope and content type restrictions
+ * @returns Array of publish/unpublish permissions
+ */
+export declare function publishPermissionsForContentType(options?: {
+    scope?: OwnershipScope;
+    contentTypes?: string[];
+    excludeContentTypes?: string[];
+}): ContentTypePermission[];
+/**
+ * Helper to create read-only permission with optional content type restriction.
+ *
+ * @param resource - The resource to grant read permission on
+ * @param options - Optional scope and content type restrictions
+ * @returns Array with single read permission
+ */
+export declare function readOnlyForContentType(resource: Resource, options?: {
+    scope?: OwnershipScope;
+    contentTypes?: string[];
+    excludeContentTypes?: string[];
+}): ContentTypePermission[];
+/**
+ * Validates a custom role configuration.
+ *
+ * @param config - The custom role configuration to validate
+ * @returns An object with isValid boolean and optional error messages
+ */
+export declare function validateCustomRoleConfig(config: CustomRoleConfig): {
+    isValid: boolean;
+    errors: string[];
+};
+/**
+ * Validates an extend role configuration.
+ *
+ * @param config - The extend role configuration to validate
+ * @param customRoles - Optional custom roles to check the base role in
+ * @returns An object with isValid boolean and optional error messages
+ */
+export declare function validateExtendRoleConfig(config: ExtendRoleConfig, customRoles?: Record<string, RoleDefinition | ExtendedRoleDefinition>): {
+    isValid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=roles.d.ts.map

package/dist/component/roles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.d.ts","sourceRoot":"","sources":["../../src/component/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAQH;;;GAGG;AACH,eAAO,MAAM,SAAS,kDAAmD,CAAC;AAE1E;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;AAEhD;;;GAGG;AACH,eAAO,MAAM,iBAAiB,8TAK7B,CAAC;AAMF;;GAEG;AACH,eAAO,MAAM,SAAS,uEAKZ,CAAC;AAEX,MAAM,MAAM,QAAQ,GAAG,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;AAEhD;;GAEG;AACH,eAAO,MAAM,iBAAiB,wWAK7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,sGAUV,CAAC;AAEX,MAAM,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAE5C;;GAEG;AACH,eAAO,MAAM,eAAe,ipBAU3B,CAAC;AAMF;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,KAAK,GAAG,KAAK,CAAC;AAE3C;;;GAGG;AACH,MAAM,WAAW,UAAU;IAC1B,8CAA8C;IAC9C,QAAQ,EAAE,QAAQ,CAAC;IACnB,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,KAAK,CAAC,EAAE,cAAc,CAAC;CACvB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;+CAI9B,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,6BAA6B;IAC7B,IAAI,EAAE,QAAQ,GAAG,MAAM,CAAC;IACxB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,2DAA2D;IAC3D,QAAQ,EAAE,OAAO,CAAC;CAClB;AA6CD;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,EAAE,cAsBxB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,WAAW,EAAE,cAkBzB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,WAAW,EAAE,cAwBzB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,WAAW,EAAE,cAezB,CAAC;AAMF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,cAAc,CAK1D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,cAAc,EAE9C,CAAC;AAMF;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAChC,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,cAAc,CAAA;CAAE,GACvE,OAAO,CAqBT;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,aAAa,CAC5B,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,UAAU,EAAE;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,cAAc,CAAA;CAAE,EAC1E,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC1C,OAAO,CAUT;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CACjC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC1C,UAAU,EAAE,CAId;AAED;;;;;;GAMG;AACH,wBAAgB,OAAO,CACtB,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC1C,cAAc,GAAG,SAAS,CAE5B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,IAAI,QAAQ,CAE5D;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,sBAAsB,CACrC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,QAAQ,EAAE,QAAQ,EAClB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC1C,UAAU,EAAE,CAId;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAChC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,QAAQ,EAAE,QAAQ,EAClB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,GAC1C,OAAO,CAET;AAMD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,WAAW,qBAAsB,SAAQ,UAAU;IACxD;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,WAAW,gBAAgB;IAChC,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,WAAW,EAAE,qBAAqB,EAAE,CAAC;IACrC,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,WAAW,gBAAgB;IAChC,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,6DAA6D;IAC7D,OAAO,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC3B,yDAAyD;IACzD,cAAc,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACzC;;;OAGG;IACH,iBAAiB,CAAC,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClE;;;OAGG;IACH,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACtC,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,uFAAuF;IACvF,WAAW,EAAE,qBAAqB,EAAE,CAAC;IACrC,2DAA2D;IAC3D,QAAQ,EAAE,OAAO,CAAC;IAClB,mEAAmE;IACnE,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAMD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,gBAAgB,CAC/B,MAAM,EAAE,gBAAgB,GACtB,sBAAsB,CAoBxB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,UAAU,CACzB,MAAM,EAAE,gBAAgB,EACxB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,GACnE,sBAAsB,CA8DxB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,sBAAsB,CACrC,WAAW,EAAE,KAAK,CAAC,cAAc,GAAG,sBAAsB,CAAC,GACzD,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,CAiBzD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CACrC,KAAK,EAAE,KAAK,CAAC,cAAc,GAAG,sBAAsB,CAAC,GACnD,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,CAMzD;AAMD;;GAEG;AACH,MAAM,WAAW,iCAAiC;IACjD;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,CAAC;IAEtE;;;OAGG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;CACzB;AAmCD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,wBAAwB,CACvC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,UAAU,EAAE;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,cAAc,CAAA;CAAE,EAC1E,OAAO,CAAC,EAAE,iCAAiC,GACzC,OAAO,CAsBT;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,wBAAwB,CACvC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IACT,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,CAAC;CACtE,GACC,MAAM,EAAE,CAoCV;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CACtC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAC3B,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE;IACT,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,CAAC;CACtE,GACC,MAAM,EAAE,CAqBV;AAMD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,sBAAsB,CACrC,QAAQ,EAAE,QAAQ,EAClB,OAAO,CAAC,EAAE;IACT,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B,GACC,qBAAqB,EAAE,CAczB;AAED;;;;;GAKG;AACH,wBAAgB,gCAAgC,CAAC,OAAO,CAAC,EAAE;IAC1D,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B,GAAG,qBAAqB,EAAE,CAY1B;AAED;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACrC,QAAQ,EAAE,QAAQ,EAClB,OAAO,CAAC,EAAE;IACT,KAAK,CAAC,EAAE,cAAc,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC/B,GACC,qBAAqB,EAAE,CAUzB;AAMD;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACvC,MAAM,EAAE,gBAAgB,GACtB;IACF,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CACjB,CA0DA;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACvC,MAAM,EAAE,gBAAgB,EACxB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,GAAG,sBAAsB,CAAC,GACnE;IACF,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CACjB,CAuEA"}