dn-react-router-toolkit 0.7.15 → 0.8.1

package/dist/api/create_api_handler.d.mts

@@ -1,12 +1,13 @@
-import { Table, InferSelectModel, SQLWrapper } from 'drizzle-orm';
+import { InferSelectModel, SQLWrapper } from 'drizzle-orm';
 import { ActionFunctionArgs, LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.mjs';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.mjs';
-import 'drizzle-orm/pg-core';
+import 'drizzle-orm/node-postgres';
 import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
-type APIHandlerOptions<T extends Table, TSelect> = {
+type APIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<ActionFunctionArgs>;
     repository: TableRepository<T, TSelect>;
     validators?: {
@@ -21,7 +22,7 @@ type APIHandlerOptions<T extends Table, TSelect> = {
     injectUserId?: boolean;
     roles?: string[];
 };
-declare function apiHandler<T extends Table, TSelect>({ withAuthAction, repository, validators, existingConditions, injectUserId, roles, }: APIHandlerOptions<T, TSelect>): {
+declare function apiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, validators, existingConditions, injectUserId, roles, }: APIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: ActionFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/create_api_handler.d.ts

@@ -1,12 +1,13 @@
-import { Table, InferSelectModel, SQLWrapper } from 'drizzle-orm';
+import { InferSelectModel, SQLWrapper } from 'drizzle-orm';
 import { ActionFunctionArgs, LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.js';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.js';
-import 'drizzle-orm/pg-core';
+import 'drizzle-orm/node-postgres';
 import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
-type APIHandlerOptions<T extends Table, TSelect> = {
+type APIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<ActionFunctionArgs>;
     repository: TableRepository<T, TSelect>;
     validators?: {
@@ -21,7 +22,7 @@ type APIHandlerOptions<T extends Table, TSelect> = {
     injectUserId?: boolean;
     roles?: string[];
 };
-declare function apiHandler<T extends Table, TSelect>({ withAuthAction, repository, validators, existingConditions, injectUserId, roles, }: APIHandlerOptions<T, TSelect>): {
+declare function apiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, validators, existingConditions, injectUserId, roles, }: APIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: ActionFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/create_api_handler.js

@@ -25,7 +25,6 @@ __export(create_api_handler_exports, {
 module.exports = __toCommonJS(create_api_handler_exports);
 var import_http = require("dn-react-toolkit/http");
 var import_drizzle_orm = require("drizzle-orm");
-var import_react_router = require("react-router");
 var import_uuid = require("uuid");
 
 // src/crud/serialize.ts

package/dist/api/create_api_handler.mjs

@@ -10,7 +10,6 @@ import {
 import {
   and
 } from "drizzle-orm";
-import "react-router";
 import { v4 } from "uuid";
 
 // src/crud/serialize.ts

package/dist/api/index.d.mts

@@ -6,6 +6,7 @@ import 'dn-react-toolkit/auth/server';
 import 'dn-react-toolkit/file/server';
 import 'drizzle-orm';
 import '../table/repository.mjs';
+import 'drizzle-orm/node-postgres';
 import 'drizzle-orm/pg-core';
 import '../auth/with_auth.mjs';
 import 'dn-react-toolkit/auth';

package/dist/api/index.d.ts

@@ -6,6 +6,7 @@ import 'dn-react-toolkit/auth/server';
 import 'dn-react-toolkit/file/server';
 import 'drizzle-orm';
 import '../table/repository.js';
+import 'drizzle-orm/node-postgres';
 import 'drizzle-orm/pg-core';
 import '../auth/with_auth.js';
 import 'dn-react-toolkit/auth';

package/dist/api/index.js

@@ -250,7 +250,6 @@ var createAPIHandler = ({
 // src/api/create_api_handler.ts
 var import_http2 = require("dn-react-toolkit/http");
 var import_drizzle_orm = require("drizzle-orm");
-var import_react_router2 = require("react-router");
 var import_uuid = require("uuid");
 
 // src/crud/serialize.ts
@@ -378,21 +377,29 @@ function apiHandler({
 
 // src/api/item_api_handler.ts
 var import_http3 = require("dn-react-toolkit/http");
-var import_react_router3 = require("react-router");
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return (0, import_http3.UNAUTHORIZED)();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw (0, import_http3.UNAUTHORIZED)();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw (0, import_http3.NOT_FOUND)();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw (0, import_http3.FORBIDDEN)();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/index.mjs

@@ -245,7 +245,6 @@ import {
 import {
   and
 } from "drizzle-orm";
-import "react-router";
 import { v4 } from "uuid";
 
 // src/crud/serialize.ts
@@ -372,22 +371,30 @@ function apiHandler({
 }
 
 // src/api/item_api_handler.ts
-import { UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
-import "react-router";
+import { FORBIDDEN, NOT_FOUND as NOT_FOUND2, UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return UNAUTHORIZED2();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw UNAUTHORIZED2();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw NOT_FOUND2();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw FORBIDDEN();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/item_api_handler.d.mts

@@ -1,16 +1,19 @@
-import { Table } from 'drizzle-orm';
 import { LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.mjs';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.mjs';
-import 'drizzle-orm/pg-core';
-import 'dn-react-toolkit/auth';
+import { AccessTokenPayload } from 'dn-react-toolkit/auth';
+import 'drizzle-orm';
+import 'drizzle-orm/node-postgres';
 import 'dn-react-toolkit/auth/server';
 
-type ItemAPIHandlerOptions<T extends Table, TSelect> = {
+type ItemAPIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<LoaderFunctionArgs>;
     repository: TableRepository<T, TSelect>;
+    isOwnedBy?: (item: TSelect, auth: AccessTokenPayload | undefined) => boolean;
+    roles?: string[];
 };
-declare function itemApiHandler<T extends Table, TSelect>({ withAuthAction, repository, }: ItemAPIHandlerOptions<T, TSelect>): {
+declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, isOwnedBy, roles, }: ItemAPIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: LoaderFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/item_api_handler.d.ts

@@ -1,16 +1,19 @@
-import { Table } from 'drizzle-orm';
 import { LoaderFunctionArgs } from 'react-router';
 import { TableRepository } from '../table/repository.js';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { WithAuthHandler } from '../auth/with_auth.js';
-import 'drizzle-orm/pg-core';
-import 'dn-react-toolkit/auth';
+import { AccessTokenPayload } from 'dn-react-toolkit/auth';
+import 'drizzle-orm';
+import 'drizzle-orm/node-postgres';
 import 'dn-react-toolkit/auth/server';
 
-type ItemAPIHandlerOptions<T extends Table, TSelect> = {
+type ItemAPIHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     withAuthAction: WithAuthHandler<LoaderFunctionArgs>;
     repository: TableRepository<T, TSelect>;
+    isOwnedBy?: (item: TSelect, auth: AccessTokenPayload | undefined) => boolean;
+    roles?: string[];
 };
-declare function itemApiHandler<T extends Table, TSelect>({ withAuthAction, repository, }: ItemAPIHandlerOptions<T, TSelect>): {
+declare function itemApiHandler<T extends PgTableWithColumns<any>, TSelect>({ withAuthAction, repository, isOwnedBy, roles, }: ItemAPIHandlerOptions<T, TSelect>): {
     loader: ({ request }: LoaderFunctionArgs) => Promise<{}>;
     action: (arg: LoaderFunctionArgs<any>) => Promise<unknown> | unknown;
 };

package/dist/api/item_api_handler.js

@@ -24,21 +24,29 @@ __export(item_api_handler_exports, {
 });
 module.exports = __toCommonJS(item_api_handler_exports);
 var import_http = require("dn-react-toolkit/http");
-var import_react_router = require("react-router");
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return (0, import_http.UNAUTHORIZED)();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw (0, import_http.UNAUTHORIZED)();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw (0, import_http.NOT_FOUND)();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw (0, import_http.FORBIDDEN)();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/api/item_api_handler.mjs

@@ -1,20 +1,28 @@
 // src/api/item_api_handler.ts
-import { UNAUTHORIZED } from "dn-react-toolkit/http";
-import "react-router";
+import { FORBIDDEN, NOT_FOUND, UNAUTHORIZED } from "dn-react-toolkit/http";
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return UNAUTHORIZED();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw UNAUTHORIZED();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw NOT_FOUND();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw FORBIDDEN();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/crud/crud_loader.d.mts

@@ -1,15 +1,16 @@
 import { LoaderFunctionArgs, LoaderFunction } from 'react-router';
-import { TableLoaderOptions } from '../table/loader.mjs';
 import { TableItemLoaderOptions } from '../table/item_loader.mjs';
-import { Table } from 'drizzle-orm';
 import { TableRepository } from '../table/repository.mjs';
+import { TableLoaderOptions } from '../table/load_table.mjs';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { APIHandlerOptions } from '../api/create_api_handler.mjs';
-import 'drizzle-orm/pg-core';
+import 'drizzle-orm';
+import 'drizzle-orm/node-postgres';
 import '../auth/with_auth.mjs';
 import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
-type CrudHandlerOptions<T extends Table, TSelect> = {
+type CrudHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     repository: TableRepository<T, TSelect>;
     apiHandlerOptions: Omit<APIHandlerOptions<T, TSelect>, "repository">;
     loaderOptions: Omit<TableLoaderOptions<T, TSelect>, "repository"> & {
@@ -20,6 +21,6 @@ type CrudHandlerOptions<T extends Table, TSelect> = {
     };
 };
 type CrudHandler = (prefix: string) => (args: LoaderFunctionArgs) => Promise<any>;
-declare function crudHandler<T extends Table, TSelect>({ repository, apiHandlerOptions, loaderOptions, itemLoaderOptions, }: CrudHandlerOptions<T, TSelect>): (prefix: string) => (args: LoaderFunctionArgs) => Promise<unknown>;
+declare function crudHandler<T extends PgTableWithColumns<any>, TSelect>({ repository, apiHandlerOptions, loaderOptions, itemLoaderOptions, }: CrudHandlerOptions<T, TSelect>): (prefix: string) => (args: LoaderFunctionArgs) => Promise<unknown>;
 
 export { type CrudHandler, type CrudHandlerOptions, crudHandler };

package/dist/crud/crud_loader.d.ts

@@ -1,15 +1,16 @@
 import { LoaderFunctionArgs, LoaderFunction } from 'react-router';
-import { TableLoaderOptions } from '../table/loader.js';
 import { TableItemLoaderOptions } from '../table/item_loader.js';
-import { Table } from 'drizzle-orm';
 import { TableRepository } from '../table/repository.js';
+import { TableLoaderOptions } from '../table/load_table.js';
+import { PgTableWithColumns } from 'drizzle-orm/pg-core';
 import { APIHandlerOptions } from '../api/create_api_handler.js';
-import 'drizzle-orm/pg-core';
+import 'drizzle-orm';
+import 'drizzle-orm/node-postgres';
 import '../auth/with_auth.js';
 import 'dn-react-toolkit/auth';
 import 'dn-react-toolkit/auth/server';
 
-type CrudHandlerOptions<T extends Table, TSelect> = {
+type CrudHandlerOptions<T extends PgTableWithColumns<any>, TSelect> = {
     repository: TableRepository<T, TSelect>;
     apiHandlerOptions: Omit<APIHandlerOptions<T, TSelect>, "repository">;
     loaderOptions: Omit<TableLoaderOptions<T, TSelect>, "repository"> & {
@@ -20,6 +21,6 @@ type CrudHandlerOptions<T extends Table, TSelect> = {
     };
 };
 type CrudHandler = (prefix: string) => (args: LoaderFunctionArgs) => Promise<any>;
-declare function crudHandler<T extends Table, TSelect>({ repository, apiHandlerOptions, loaderOptions, itemLoaderOptions, }: CrudHandlerOptions<T, TSelect>): (prefix: string) => (args: LoaderFunctionArgs) => Promise<unknown>;
+declare function crudHandler<T extends PgTableWithColumns<any>, TSelect>({ repository, apiHandlerOptions, loaderOptions, itemLoaderOptions, }: CrudHandlerOptions<T, TSelect>): (prefix: string) => (args: LoaderFunctionArgs) => Promise<unknown>;
 
 export { type CrudHandler, type CrudHandlerOptions, crudHandler };

package/dist/crud/crud_loader.js

@@ -24,45 +24,79 @@ __export(crud_loader_exports, {
 });
 module.exports = __toCommonJS(crud_loader_exports);
 
-// src/table/loader.tsx
+// src/table/load_table.tsx
 var import_drizzle_orm = require("drizzle-orm");
+async function loadTable({
+  request,
+  repository,
+  options
+}) {
+  const searchParams = new URL(request.url).searchParams;
+  const { where, searchKey, defaultOrderBy, defaultDirection } = options;
+  const query = searchParams.get("query") ?? void 0;
+  const limit = Number(searchParams.get("limit") ?? "20");
+  const offset = Number(searchParams.get("offset") ?? "0");
+  const orderBy = searchParams.get("orderBy") ?? defaultOrderBy;
+  const direction = searchParams.get("direction") ?? defaultDirection;
+  const filterWhere = Object.entries(options.filters ?? {}).map(([key, value]) => {
+    const param = searchParams.get(key);
+    if (param) {
+      return (0, import_drizzle_orm.eq)(
+        repository.schema[key],
+        decodeURIComponent(param)
+      );
+    }
+    return void 0;
+  }).filter(Boolean);
+  const whereClauses = (0, import_drizzle_orm.and)(
+    searchKey && query ? (0, import_drizzle_orm.ilike)(
+      repository.schema[searchKey],
+      `%${query}%`
+    ) : void 0,
+    ...filterWhere,
+    ...where ?? []
+  );
+  const total = await repository.countTotal({ where: whereClauses });
+  const items = await repository.findAll({
+    orderBy,
+    direction,
+    limit,
+    offset,
+    where: whereClauses
+  });
+  const filters = Object.fromEntries(
+    await Promise.all(
+      Object.keys(options.filters ?? {}).map(async (key) => {
+        const values = await repository.select(key);
+        return [key, values.filter(Boolean)];
+      })
+    )
+  );
+  return {
+    items,
+    total,
+    limit,
+    offset,
+    orderBy,
+    direction,
+    searchKey,
+    filters
+  };
+}
+
+// src/table/loader.tsx
 function tableLoader({
   repository,
-  tableOptions
+  options
 }) {
   return async ({ request }) => {
-    const searchParams = new URL(request.url).searchParams;
-    const { where, searchKey, defaultOrderBy, defaultDirection } = tableOptions;
-    const query = searchParams.get("query") ?? void 0;
-    const limit = Number(searchParams.get("limit") ?? "10");
-    const offset = Number(searchParams.get("offset") ?? "0");
-    const orderBy = searchParams.get("orderBy") ?? defaultOrderBy;
-    const direction = searchParams.get("direction") ?? defaultDirection;
-    const whereClauses = (0, import_drizzle_orm.and)(
-      searchKey && query ? (0, import_drizzle_orm.ilike)(
-        repository.schema[searchKey],
-        `%${query}%`
-      ) : void 0,
-      ...where ?? []
-    );
-    const total = await repository.countTotal({ where: whereClauses });
-    const items = await repository.findAll({
-      orderBy,
-      direction,
-      limit,
-      offset,
-      where: whereClauses
+    const table = await loadTable({
+      request,
+      repository,
+      options
     });
     return {
-      table: {
-        items,
-        total,
-        limit,
-        offset,
-        orderBy,
-        direction,
-        searchKey
-      }
+      table
     };
   };
 }
@@ -86,7 +120,6 @@ var tableItemloader = ({
 // src/api/create_api_handler.ts
 var import_http = require("dn-react-toolkit/http");
 var import_drizzle_orm2 = require("drizzle-orm");
-var import_react_router = require("react-router");
 var import_uuid = require("uuid");
 
 // src/crud/serialize.ts
@@ -214,21 +247,29 @@ function apiHandler({
 
 // src/api/item_api_handler.ts
 var import_http2 = require("dn-react-toolkit/http");
-var import_react_router2 = require("react-router");
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return (0, import_http2.UNAUTHORIZED)();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw (0, import_http2.UNAUTHORIZED)();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw (0, import_http2.NOT_FOUND)();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw (0, import_http2.FORBIDDEN)();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }

package/dist/crud/crud_loader.mjs

@@ -1,45 +1,80 @@
-// src/table/loader.tsx
+// src/table/load_table.tsx
 import {
   and,
+  eq,
   ilike
 } from "drizzle-orm";
+async function loadTable({
+  request,
+  repository,
+  options
+}) {
+  const searchParams = new URL(request.url).searchParams;
+  const { where, searchKey, defaultOrderBy, defaultDirection } = options;
+  const query = searchParams.get("query") ?? void 0;
+  const limit = Number(searchParams.get("limit") ?? "20");
+  const offset = Number(searchParams.get("offset") ?? "0");
+  const orderBy = searchParams.get("orderBy") ?? defaultOrderBy;
+  const direction = searchParams.get("direction") ?? defaultDirection;
+  const filterWhere = Object.entries(options.filters ?? {}).map(([key, value]) => {
+    const param = searchParams.get(key);
+    if (param) {
+      return eq(
+        repository.schema[key],
+        decodeURIComponent(param)
+      );
+    }
+    return void 0;
+  }).filter(Boolean);
+  const whereClauses = and(
+    searchKey && query ? ilike(
+      repository.schema[searchKey],
+      `%${query}%`
+    ) : void 0,
+    ...filterWhere,
+    ...where ?? []
+  );
+  const total = await repository.countTotal({ where: whereClauses });
+  const items = await repository.findAll({
+    orderBy,
+    direction,
+    limit,
+    offset,
+    where: whereClauses
+  });
+  const filters = Object.fromEntries(
+    await Promise.all(
+      Object.keys(options.filters ?? {}).map(async (key) => {
+        const values = await repository.select(key);
+        return [key, values.filter(Boolean)];
+      })
+    )
+  );
+  return {
+    items,
+    total,
+    limit,
+    offset,
+    orderBy,
+    direction,
+    searchKey,
+    filters
+  };
+}
+
+// src/table/loader.tsx
 function tableLoader({
   repository,
-  tableOptions
+  options
 }) {
   return async ({ request }) => {
-    const searchParams = new URL(request.url).searchParams;
-    const { where, searchKey, defaultOrderBy, defaultDirection } = tableOptions;
-    const query = searchParams.get("query") ?? void 0;
-    const limit = Number(searchParams.get("limit") ?? "10");
-    const offset = Number(searchParams.get("offset") ?? "0");
-    const orderBy = searchParams.get("orderBy") ?? defaultOrderBy;
-    const direction = searchParams.get("direction") ?? defaultDirection;
-    const whereClauses = and(
-      searchKey && query ? ilike(
-        repository.schema[searchKey],
-        `%${query}%`
-      ) : void 0,
-      ...where ?? []
-    );
-    const total = await repository.countTotal({ where: whereClauses });
-    const items = await repository.findAll({
-      orderBy,
-      direction,
-      limit,
-      offset,
-      where: whereClauses
+    const table = await loadTable({
+      request,
+      repository,
+      options
     });
     return {
-      table: {
-        items,
-        total,
-        limit,
-        offset,
-        orderBy,
-        direction,
-        searchKey
-      }
+      table
     };
   };
 }
@@ -72,7 +107,6 @@ import {
 import {
   and as and2
 } from "drizzle-orm";
-import "react-router";
 import { v4 } from "uuid";
 
 // src/crud/serialize.ts
@@ -199,22 +233,30 @@ function apiHandler({
 }
 
 // src/api/item_api_handler.ts
-import { UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
-import "react-router";
+import { FORBIDDEN, NOT_FOUND, UNAUTHORIZED as UNAUTHORIZED2 } from "dn-react-toolkit/http";
 function itemApiHandler({
   withAuthAction,
-  repository
+  repository,
+  isOwnedBy,
+  roles
 }) {
   const loader = async ({ request }) => {
     return {};
   };
   const action = withAuthAction((auth) => async ({ params, request }) => {
-    if (!auth || auth.role !== "admin") {
-      return UNAUTHORIZED2();
+    if (roles && roles.length > 0 && (!auth || !roles.includes(auth.role))) {
+      throw UNAUTHORIZED2();
+    }
+    const itemId = params.itemId;
+    const existing = await repository.find(itemId);
+    if (!existing) {
+      throw NOT_FOUND();
+    }
+    if (isOwnedBy && !isOwnedBy(existing, auth)) {
+      throw FORBIDDEN();
     }
     switch (request.method) {
       case "DELETE": {
-        const itemId = params.itemId;
         await repository.delete(itemId);
         return {};
       }