over-zero 0.0.0 → 0.0.1

package/dist/cjs/createPermissions.cjs

@@ -23,20 +23,17 @@ __export(createPermissions_exports, {
   createPermissions: () => createPermissions
 });
 module.exports = __toCommonJS(createPermissions_exports);
-var import_helpers = require("@vxrn/helpers"),
-  import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery.cjs");
-function createPermissions(schema, getContext) {
-  runEnvironmentSafetyCheck();
-  const permissionCache = (0, import_helpers.createLocalStorage)("permissions-cache", {
-    storageLimit: 24
-  });
-  function where(a, b) {
-    return b && WhereTableNameMap.set(b, a), b || a;
-  }
-  const WhereTableNameMap = /* @__PURE__ */new WeakMap();
-  function getWhereTableName(where2) {
-    return WhereTableNameMap.get(where2);
-  }
+var import_zero = require("@rocicorp/zero"),
+  import_helpers = require("@vxrn/helpers"),
+  import_context = require("./helpers/context.cjs"),
+  import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery.cjs"),
+  import_where = require("./where.cjs");
+function createPermissions({
+  environment,
+  schema,
+  models,
+  getContext
+}) {
   const fallbackActions = {
     select: "read",
     insert: "write",
@@ -45,9 +42,11 @@ function createPermissions(schema, getContext) {
     delete: "write"
   };
   function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
-    const tableName = getWhereTableName(permissionWhere);
+    const tableName = (0, import_where.getWhereTableName)(permissionWhere);
     if (!tableName) throw new Error("Must use PermissionWhere for buildPermissionQuery");
-    const primaryKeys = schema.tables[tableName].primaryKey,
+    const tableSchema = schema.tables[tableName];
+    if (!tableSchema) throw new Error("No schema?");
+    const primaryKeys = tableSchema.primaryKey,
       permissionQueryBuilder = permissionWhere(eb, authData),
       fallbackAction = fallbackActions[action],
       permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
@@ -61,20 +60,20 @@ function createPermissions(schema, getContext) {
     }
     return eb.and(permissionCondition, ...primaryKeyWheres);
   }
-  async function can(where2, action, obj) {
+  async function can(where, action, obj) {
     const ctx = getContext(),
-      tableName = getWhereTableName(where2);
+      tableName = (0, import_where.getWhereTableName)(where);
     if (!tableName) throw new Error("Must use where('table') style where to pass to can()");
-    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where2, action, obj), ctx.didCanPermissionsRun = !0);
+    environment === "server" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where, action, obj), ctx.didCanPermissionsRun = !0);
   }
-  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+  async function ensurePermission(tx, authData, tableName, where, actionIn, obj) {
     if (authData?.role === "admin") return;
     const action = String(actionIn),
       name = `${tableName}.${action}`,
       queryBase = tx.query[tableName];
     let query = null;
     try {
-      query = queryBase.where(eb => buildPermissionQuery(authData, eb, where2, action, obj)).one(), (0, import_helpers.ensure)(await query);
+      query = queryBase.where(eb => buildPermissionQuery(authData, eb, where, action, obj)).one(), (0, import_helpers.ensure)(await query);
     } catch (err) {
       const errorTitle = `${name} with auth id: ${authData?.id}`;
       if (err instanceof import_helpers.EnsureError) {
@@ -86,43 +85,30 @@ function createPermissions(schema, getContext) {
 ${err}`);
     }
   }
-  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
-    const keyBase = `${table}${action}`,
-      key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`,
-      cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase),
-      authData = useAuthData(),
-      permission = modelPermissions[table],
-      query = (() => {
-        let baseQuery = zero.query[table].one();
-        return enabled ? baseQuery.where(eb => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
-      })(),
-      [data, status] = useQuery(query, {
-        enabled: !!(enabled && authData && objOrId)
-      });
-    debug && console.info("usePermission()", {
-      data,
-      status,
-      action,
-      authData,
-      permission
-    }, (0, import_prettyFormatZeroQuery.prettyFormatZeroQuery)(query));
-    const allowed = !!data;
-    return objOrId ? allowed : !1;
-  }
+  const readPermissions = (0, import_zero.definePermissions)(schema, async () => {
+    const permissionsEntries = await Promise.all((0, import_helpers.objectEntries)(models).map(async ([key, model]) => await (0, import_context.runWithContext)({
+      authData: {
+        id: "",
+        role: void 0,
+        email: ""
+      }
+    }, () => [key, {
+      row: {
+        select: [(authData, eb) => {
+          const out = model.permissions(eb, authData).read;
+          return out === !0 ? eb.and() : out === !1 ? eb.cmpLit(!0, "=", !1) : out;
+        }],
+        // we have permissions on these through our model system with custom mutators:
+        insert: import_zero.ANYONE_CAN,
+        update: import_zero.ANYONE_CAN,
+        delete: import_zero.ANYONE_CAN
+      }
+    }])));
+    return Object.fromEntries(permissionsEntries);
+  });
   return {
-    where,
     can,
-    usePermission
+    buildPermissionQuery,
+    readPermissions
   };
-}
-function runEnvironmentSafetyCheck() {
-  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
-
-ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
-This is makes Zero entirely insecure and needs to be fixed immediately.
-
-This is likely a One framework issue, unless the user Vite config is overwriting the value.
-One automatically sets this value.
-        
-        `);
 }

package/dist/cjs/createPermissions.js

@@ -17,19 +17,13 @@ __export(createPermissions_exports, {
   createPermissions: () => createPermissions
 });
 module.exports = __toCommonJS(createPermissions_exports);
-var import_helpers = require("@vxrn/helpers"), import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery");
-function createPermissions(schema, getContext) {
-  runEnvironmentSafetyCheck();
-  const permissionCache = (0, import_helpers.createLocalStorage)("permissions-cache", {
-    storageLimit: 24
-  });
-  function where(a, b) {
-    return b && WhereTableNameMap.set(b, a), b || a;
-  }
-  const WhereTableNameMap = /* @__PURE__ */ new WeakMap();
-  function getWhereTableName(where2) {
-    return WhereTableNameMap.get(where2);
-  }
+var import_zero = require("@rocicorp/zero"), import_helpers = require("@vxrn/helpers"), import_context = require("./helpers/context"), import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery"), import_where = require("./where");
+function createPermissions({
+  environment,
+  schema,
+  models,
+  getContext
+}) {
   const fallbackActions = {
     select: "read",
     insert: "write",
@@ -38,10 +32,13 @@ function createPermissions(schema, getContext) {
     delete: "write"
   };
   function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
-    const tableName = getWhereTableName(permissionWhere);
+    const tableName = (0, import_where.getWhereTableName)(permissionWhere);
     if (!tableName)
       throw new Error("Must use PermissionWhere for buildPermissionQuery");
-    const primaryKeys = schema.tables[tableName].primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    const tableSchema = schema.tables[tableName];
+    if (!tableSchema)
+      throw new Error("No schema?");
+    const primaryKeys = tableSchema.primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
     if (permissionCondition == null)
       throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
     if (permissionCondition === !0)
@@ -55,26 +52,26 @@ function createPermissions(schema, getContext) {
     }
     return eb.and(permissionCondition, ...primaryKeyWheres);
   }
-  async function can(where2, action, obj) {
-    const ctx = getContext(), tableName = getWhereTableName(where2);
+  async function can(where, action, obj) {
+    const ctx = getContext(), tableName = (0, import_where.getWhereTableName)(where);
     if (!tableName)
       throw new Error("Must use where('table') style where to pass to can()");
-    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(
+    environment === "server" && (await ensurePermission(
       ctx.tx,
       ctx.authData,
       tableName,
-      where2,
+      where,
       action,
       obj
     ), ctx.didCanPermissionsRun = !0);
   }
-  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+  async function ensurePermission(tx, authData, tableName, where, actionIn, obj) {
     if (authData?.role === "admin")
       return;
     const action = String(actionIn), name = `${tableName}.${action}`, queryBase = tx.query[tableName];
     let query = null;
     try {
-      query = queryBase.where((eb) => buildPermissionQuery(authData, eb, where2, action, obj)).one(), (0, import_helpers.ensure)(await query);
+      query = queryBase.where((eb) => buildPermissionQuery(authData, eb, where, action, obj)).one(), (0, import_helpers.ensure)(await query);
     } catch (err) {
       const errorTitle = `${name} with auth id: ${authData?.id}`;
       if (err instanceof import_helpers.EnsureError) {
@@ -86,36 +83,37 @@ function createPermissions(schema, getContext) {
 ${err}`);
     }
   }
-  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
-    const keyBase = `${table}${action}`, key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`, cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase), authData = useAuthData(), permission = modelPermissions[table], query = (() => {
-      let baseQuery = zero.query[table].one();
-      return enabled ? baseQuery.where((eb) => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
-    })(), [data, status] = useQuery(query, {
-      enabled: !!(enabled && authData && objOrId)
-    });
-    debug && console.info(
-      "usePermission()",
-      { data, status, action, authData, permission },
-      (0, import_prettyFormatZeroQuery.prettyFormatZeroQuery)(query)
+  const readPermissions = (0, import_zero.definePermissions)(schema, async () => {
+    const permissionsEntries = await Promise.all(
+      (0, import_helpers.objectEntries)(models).map(async ([key, model]) => await (0, import_context.runWithContext)(
+        {
+          authData: { id: "", role: void 0, email: "" }
+        },
+        () => [
+          key,
+          {
+            row: {
+              select: [
+                (authData, eb) => {
+                  const out = model.permissions(eb, authData).read;
+                  return out === !0 ? eb.and() : out === !1 ? eb.cmpLit(!0, "=", !1) : out;
+                }
+              ],
+              // we have permissions on these through our model system with custom mutators:
+              insert: import_zero.ANYONE_CAN,
+              update: import_zero.ANYONE_CAN,
+              delete: import_zero.ANYONE_CAN
+            }
+          }
+        ]
+      ))
     );
-    const allowed = !!data;
-    return objOrId ? allowed : !1;
-  }
+    return Object.fromEntries(permissionsEntries);
+  });
   return {
-    where,
     can,
-    usePermission
+    buildPermissionQuery,
+    readPermissions
   };
 }
-function runEnvironmentSafetyCheck() {
-  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
-
-ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
-This is makes Zero entirely insecure and needs to be fixed immediately.
-
-This is likely a One framework issue, unless the user Vite config is overwriting the value.
-One automatically sets this value.
-        
-        `);
-}
 //# sourceMappingURL=createPermissions.js.map

package/dist/cjs/createPermissions.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../src/createPermissions.ts"],
-  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAQA,qBAAwD,0BAGxD,+BAAsC;AAE/B,SAAS,kBACd,QACA,YACA;AACA,4BAA0B;AAO1B,QAAM,sBAAkB,mCAAoC,qBAAqB;AAAA,IAC/E,cAAc;AAAA,EAChB,CAAC;AAoBD,WAAS,MACP,GACA,GACS;AACT,WAAI,KACF,kBAAkB,IAAI,GAAG,CAAU,GAE7B,KAAK;AAAA,EACf;AAIA,QAAM,oBAAoB,oBAAI,QAA0B;AAExD,WAAS,kBAAkBA,QAAc;AACvC,WAAO,kBAAkB,IAAIA,MAAK;AAAA,EACpC;AAqBA,QAAM,kBAA0C;AAAA,IAC9C,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,WAAS,qBAIP,UACA,IACA,iBACA,QAEA,SACA;AACA,UAAM,YAAY,kBAAkB,eAAe;AAEnD,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,mDAAmD;AAIrE,UAAM,cADc,OAAO,OAAO,SAAS,EACX,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GAEvC,sBACJ,uBAAuB,MAAM,MAC5B,iBAAiB,uBAAuB,cAAc,IAAI;AAE7D,QAAI,uBAAuB;AACzB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAG9E,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAGlC,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAGnC,UAAM,mBAAgC,CAAC;AAEvC,eAAW,OAAO,aAAa;AAC7B,YAAM,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AACjE,uBAAiB,KAAK,GAAG,IAAI,KAAY,KAAK,CAAC;AAAA,IACjD;AAEA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EACxD;AAEA,iBAAe,IAGbA,QAAe,QAAgB,KAAU;AACzC,UAAM,MAAM,WAAW,GACjB,YAAY,kBAAkBA,MAAK;AACzC,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,sDAAsD;AAIxE,IAAI,QAAQ,IAAI,qBAAqB,UACnC,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACAA;AAAA,MACA;AAAA,MACA;AAAA,IACF,GACA,IAAI,uBAAuB;AAAA,EAE/B;AAIA,iBAAe,iBAIb,IACA,UACA,WACAA,QACA,UACA,KACe;AACf,QAAI,UAAU,SAAS;AAErB;AAGF,UAAM,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAC7B,YAAY,GAAG,MAAM,SAAS;AACpC,QAAI,QAAqC;AAEzC,QAAI;AACF,cAAQ,UACL,MAAM,CAAC,OACC,qBAAqB,UAAU,IAAIA,QAAO,QAAQ,GAAG,CAC7D,EACA,IAAI,OAEP,uBAAO,MAAM,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,YAAM,aAAa,GAAG,IAAI,kBAAkB,UAAU,EAAE;AAExD,UAAI,eAAe,4BAAa;AAC9B,YAAI,MAAM,uCAAgC,UAAU;AACpD,cAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC5C,OAAO;AAAA,OAAM,oDAAsB,KAAK,CAAC,KAErC,IAAI,MAAM,GAAG;AAAA,MACrB;AAEA,YAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,IAClE;AAAA,EACF;AAEA,WAAS,cAIP,OACA,QACA,SACA,UAAU,OAAO,UAAY,KAC7B,QAAQ,IACQ;AAEhB,UAAM,UAAU,GAAG,KAAK,GAAG,MAAM,IAC3B,MAAM,GAAG,OAAO,GAAG,OAAO,WAAY,WAAW,UAAU,KAAK,UAAU,OAAO,CAAC,IAClF,WAAW,gBAAgB,IAAI,GAAG,KAAK,gBAAgB,IAAI,OAAO,GAClE,WAAW,YAAY,GACvB,aAAa,iBAAiB,KAAK,GAEnC,SAAS,MAAM;AACnB,UAAI,YAAY,KAAK,MAAM,KAAK,EAAE,IAAI;AAEtC,aAAK,UAIE,UAAU,MAAM,CAAC,OACf,qBAAqB,UAAU,IAAI,YAAY,QAAQ,OAAc,CAC7E,IALQ;AAAA,IAMX,GAAG,GAEG,CAAC,MAAM,MAAM,IAAI,SAAS,OAAO;AAAA,MACrC,SAAS,GAAQ,WAAW,YAAY;AAAA,IAC1C,CAAC;AAED,IAAI,SACF,QAAQ;AAAA,MACN;AAAA,MACA,EAAE,MAAM,QAAQ,QAAQ,UAAU,WAAW;AAAA,UAC7C,oDAAsB,KAAK;AAAA,IAC7B;AAKF,UAAM,UAAU,EAFD;AAIf,WAAK,UAIE,UAHE;AAAA,EAIX;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAIA,SAAS,4BAA4B;AACnC,EAAI,OAAO,WAAa,OAEb,OAAO,YAAc,OAAe,UAAU,YAAY,iBAI/D,QAAQ,IAAI,qBAAqB,SACnC,QAAQ,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQX;AAGT;",
-  "names": ["where"]
+  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,kBAA8C,2BAC9C,iBAAmD,0BACnD,iBAA+B,8BAC/B,+BAAsC,4CAEtC,eAAkC;AAE3B,SAAS,kBAA6C;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAKG;AAkBD,QAAM,kBAA0C;AAAA,IAC9C,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,WAAS,qBAIP,UACA,IACA,iBACA,QAEA,SACA;AACA,UAAM,gBAAY,gCAAkB,eAAe;AAEnD,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,mDAAmD;AAGrE,UAAM,cAAc,OAAO,OAAO,SAAS;AAE3C,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,YAAY;AAG9B,UAAM,cAAc,YAAY,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GAEvC,sBACJ,uBAAuB,MAAM,MAC5B,iBAAiB,uBAAuB,cAAc,IAAI;AAE7D,QAAI,uBAAuB;AACzB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAG9E,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAGlC,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAGnC,UAAM,mBAAgC,CAAC;AAEvC,eAAW,OAAO,aAAa;AAC7B,YAAM,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AACjE,uBAAiB,KAAK,GAAG,IAAI,KAAY,KAAK,CAAC;AAAA,IACjD;AAEA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EACxD;AAEA,iBAAe,IAGb,OAAe,QAAgB,KAAU;AACzC,UAAM,MAAM,WAAW,GACjB,gBAAY,gCAAkB,KAAK;AACzC,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,sDAAsD;AAIxE,IAAI,gBAAgB,aAClB,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,GACA,IAAI,uBAAuB;AAAA,EAE/B;AAEA,iBAAe,iBAIb,IACA,UACA,WACA,OACA,UACA,KACe;AACf,QAAI,UAAU,SAAS;AAErB;AAGF,UAAM,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAE7B,YAAY,GAAG,MAAM,SAAS;AACpC,QAAI,QAAqC;AAEzC,QAAI;AACF,cAAQ,UACL,MAAM,CAAC,OACC,qBAAqB,UAAU,IAAI,OAAO,QAAQ,GAAG,CAC7D,EACA,IAAI,OAEP,uBAAO,MAAM,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,YAAM,aAAa,GAAG,IAAI,kBAAkB,UAAU,EAAE;AAExD,UAAI,eAAe,4BAAa;AAC9B,YAAI,MAAM,uCAAgC,UAAU;AACpD,cAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC5C,OAAO;AAAA,OAAM,oDAAsB,KAAK,CAAC,KAErC,IAAI,MAAM,GAAG;AAAA,MACrB;AAEA,YAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,IAClE;AAAA,EACF;AAEA,QAAM,sBAAkB,+BAAoC,QAAQ,YAAY;AAC9E,UAAM,qBAAqB,MAAM,QAAQ;AAAA,UACvC,8BAAc,MAAM,EAAE,IAAI,OAAO,CAAC,KAAK,KAAK,MACnC,UAAM;AAAA,QACX;AAAA,UACE,UAAU,EAAE,IAAI,IAAI,MAAM,QAAW,OAAO,GAAG;AAAA,QACjD;AAAA,QACA,MACS;AAAA,UACL;AAAA,UACA;AAAA,YACE,KAAK;AAAA,cACH,QAAQ;AAAA,gBACN,CAAC,UAAoB,OAAoC;AACvD,wBAAM,MAAM,MAAM,YAAY,IAAI,QAAQ,EAAE;AAE5C,yBAAI,QAAQ,KACH,GAAG,IAAI,IAGZ,QAAQ,KACH,GAAG,OAAO,IAAM,KAAK,EAAK,IAG5B;AAAA,gBACT;AAAA,cACF;AAAA;AAAA,cAEA,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,QAAQ;AAAA,YACV;AAAA,UACF;AAAA,QACF;AAAA,MAEJ,CACD;AAAA,IACH;AAIA,WAFoB,OAAO,YAAY,kBAAkB;AAAA,EAG3D,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
+  "names": []
 }

package/dist/cjs/createPermissions.native.js

@@ -18,20 +18,9 @@ __export(createPermissions_exports, {
   createPermissions: () => createPermissions
 });
 module.exports = __toCommonJS(createPermissions_exports);
-var import_helpers = require("@vxrn/helpers"), import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery");
-function createPermissions(schema, getContext) {
-  runEnvironmentSafetyCheck();
-  var permissionCache = (0, import_helpers.createLocalStorage)("permissions-cache", {
-    storageLimit: 24
-  });
-  function where(a, b) {
-    return b && WhereTableNameMap.set(b, a), b || a;
-  }
-  var WhereTableNameMap = /* @__PURE__ */ new WeakMap();
-  function getWhereTableName(where2) {
-    return WhereTableNameMap.get(where2);
-  }
-  var fallbackActions = {
+var import_zero = require("@rocicorp/zero"), import_helpers = require("@vxrn/helpers"), import_context = require("./helpers/context"), import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery"), import_where = require("./where");
+function createPermissions(param) {
+  var { environment, schema, models, getContext } = param, fallbackActions = {
     select: "read",
     insert: "write",
     update: "write",
@@ -39,10 +28,13 @@ function createPermissions(schema, getContext) {
     delete: "write"
   };
   function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
-    var tableName = getWhereTableName(permissionWhere);
+    var tableName = (0, import_where.getWhereTableName)(permissionWhere);
     if (!tableName)
       throw new Error("Must use PermissionWhere for buildPermissionQuery");
-    var tableSchema = schema.tables[tableName], primaryKeys = tableSchema.primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    var tableSchema = schema.tables[tableName];
+    if (!tableSchema)
+      throw new Error("No schema?");
+    var primaryKeys = tableSchema.primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
     if (permissionCondition == null)
       throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
     if (permissionCondition === !0)
@@ -67,18 +59,18 @@ function createPermissions(schema, getContext) {
     }
     return eb.and(permissionCondition, ...primaryKeyWheres);
   }
-  async function can(where2, action, obj) {
-    var ctx = getContext(), tableName = getWhereTableName(where2);
+  async function can(where, action, obj) {
+    var ctx = getContext(), tableName = (0, import_where.getWhereTableName)(where);
     if (!tableName)
       throw new Error("Must use where('table') style where to pass to can()");
-    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where2, action, obj), ctx.didCanPermissionsRun = !0);
+    environment === "server" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where, action, obj), ctx.didCanPermissionsRun = !0);
   }
-  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+  async function ensurePermission(tx, authData, tableName, where, actionIn, obj) {
     if ((authData == null ? void 0 : authData.role) !== "admin") {
       var action = String(actionIn), name = `${tableName}.${action}`, queryBase = tx.query[tableName], query = null;
       try {
         query = queryBase.where(function(eb) {
-          return buildPermissionQuery(authData, eb, where2, action, obj);
+          return buildPermissionQuery(authData, eb, where, action, obj);
         }).one(), (0, import_helpers.ensure)(await query);
       } catch (err) {
         var errorTitle = `${name} with auth id: ${authData == null ? void 0 : authData.id}`;
@@ -92,42 +84,43 @@ ${err}`);
       }
     }
   }
-  function usePermission(table, action, objOrId) {
-    var enabled = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : typeof objOrId < "u", debug = arguments.length > 4 && arguments[4] !== void 0 ? arguments[4] : !1, keyBase = `${table}${action}`, key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`, _permissionCache_get, cacheVal = (_permissionCache_get = permissionCache.get(key)) !== null && _permissionCache_get !== void 0 ? _permissionCache_get : permissionCache.get(keyBase), authData = useAuthData(), permission = modelPermissions[table], query = (function() {
-      var baseQuery = zero.query[table].one();
-      return enabled ? baseQuery.where(function(eb) {
-        return buildPermissionQuery(authData, eb, permission, action, objOrId);
-      }) : baseQuery;
-    })(), [data, status] = useQuery(query, {
-      enabled: !!(enabled && authData && objOrId)
-    });
-    debug && console.info("usePermission()", {
-      data,
-      status,
-      action,
-      authData,
-      permission
-    }, (0, import_prettyFormatZeroQuery.prettyFormatZeroQuery)(query));
-    var result = data, allowed = !!result;
-    return objOrId ? allowed : !1;
-  }
+  var readPermissions = (0, import_zero.definePermissions)(schema, async function() {
+    var permissionsEntries = await Promise.all((0, import_helpers.objectEntries)(models).map(async function(param2) {
+      var [key, model] = param2;
+      return await (0, import_context.runWithContext)({
+        authData: {
+          id: "",
+          role: void 0,
+          email: ""
+        }
+      }, function() {
+        return [
+          key,
+          {
+            row: {
+              select: [
+                function(authData, eb) {
+                  var out = model.permissions(eb, authData).read;
+                  return out === !0 ? eb.and() : out === !1 ? eb.cmpLit(!0, "=", !1) : out;
+                }
+              ],
+              // we have permissions on these through our model system with custom mutators:
+              insert: import_zero.ANYONE_CAN,
+              update: import_zero.ANYONE_CAN,
+              delete: import_zero.ANYONE_CAN
+            }
+          }
+        ];
+      });
+    })), permissions = Object.fromEntries(permissionsEntries);
+    return permissions;
+  });
   return {
-    where,
     can,
-    usePermission
+    buildPermissionQuery,
+    readPermissions
   };
 }
-function runEnvironmentSafetyCheck() {
-  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
-
-ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
-This is makes Zero entirely insecure and needs to be fixed immediately.
-
-This is likely a One framework issue, unless the user Vite config is overwriting the value.
-One automatically sets this value.
-        
-        `);
-}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   createPermissions

package/dist/cjs/createPermissions.native.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../src/createPermissions.ts"],
-  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAAwD,0BACxD,+BAAsC;AAC/B,SAAS,kBAAkB,QAAQ,YAAY;AAClD,4BAA0B;AAK1B,MAAI,sBAAkB,mCAAmB,qBAAqB;AAAA,IAC1D,cAAc;AAAA,EAClB,CAAC;AAID,WAAS,MAAM,GAAG,GAAG;AACjB,WAAI,KACA,kBAAkB,IAAI,GAAG,CAAC,GAEvB,KAAK;AAAA,EAChB;AAEA,MAAI,oBAAoB,oBAAI,QAAQ;AACpC,WAAS,kBAAkBA,QAAO;AAC9B,WAAO,kBAAkB,IAAIA,MAAK;AAAA,EACtC;AAEA,MAAI,kBAAkB;AAAA,IAClB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACZ;AACA,WAAS,qBAAqB,UAAU,IAAI,iBAAiB,QAC7D,SAAS;AACL,QAAI,YAAY,kBAAkB,eAAe;AACjD,QAAI,CAAC;AACD,YAAM,IAAI,MAAM,mDAAmD;AAEvE,QAAI,cAAc,OAAO,OAAO,SAAS,GACrC,cAAc,YAAY,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GACvC,sBAAsB,uBAAuB,MAAM,MAAM,iBAAiB,uBAAuB,cAAc,IAAI;AACvH,QAAI,uBAAuB;AACvB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAEhF,QAAI,wBAAwB;AACxB,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAEpC,QAAI,wBAAwB;AACxB,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAErC,QAAI,mBAAmB,CAAC,GACpB,4BAA4B,IAAM,oBAAoB,IAAO,iBAAiB;AAClF,QAAI;AACA,eAAQ,YAAY,YAAY,OAAO,QAAQ,EAAE,GAAG,OAAO,EAAE,6BAA6B,QAAQ,UAAU,KAAK,GAAG,OAAO,4BAA4B,IAAK;AACxJ,YAAI,MAAM,MAAM,OACZ,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AAC/D,yBAAiB,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC;AAAA,MAC5C;AAAA,IACJ,SAAS,KAAK;AACV,0BAAoB,IACpB,iBAAiB;AAAA,IACrB,UAAE;AACE,UAAI;AACA,QAAI,CAAC,6BAA6B,UAAU,UAAU,QAClD,UAAU,OAAO;AAAA,MAEzB,UAAE;AACE,YAAI;AACA,gBAAM;AAAA,MAEd;AAAA,IACJ;AACA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EAC1D;AACA,iBAAe,IAAIA,QAAO,QAAQ,KAAK;AACnC,QAAI,MAAM,WAAW,GACjB,YAAY,kBAAkBA,MAAK;AACvC,QAAI,CAAC;AACD,YAAM,IAAI,MAAM,sDAAsD;AAG1E,IAAI,QAAQ,IAAI,qBAAqB,UACjC,MAAM,iBAAiB,IAAI,IAAI,IAAI,UAAU,WAAWA,QAAO,QAAQ,GAAG,GAC1E,IAAI,uBAAuB;AAAA,EAEnC;AACA,iBAAe,iBAAiB,IAAI,UAAU,WAAWA,QAAO,UAAU,KAC1E;AACI,SAAK,YAAa,OAA8B,SAAS,SAAS,UAAU,SAI5E;AAAA,UAAI,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAC7B,YAAY,GAAG,MAAM,SAAS,GAC9B,QAAQ;AACZ,UAAI;AACA,gBAAQ,UAAU,MAAM,SAAS,IAAI;AACjC,iBAAO,qBAAqB,UAAU,IAAIA,QAAO,QAAQ,GAAG;AAAA,QAChE,CAAC,EAAE,IAAI,OACP,uBAAO,MAAM,KAAK;AAAA,MACtB,SAAS,KAAK;AACV,YAAI,aAAa,GAAG,IAAI,kBAAkB,YAAa,OAA8B,SAAS,SAAS,EAAE;AACzG,YAAI,eAAe,4BAAa;AAC5B,cAAI,MAAM,uCAAgC,UAAU;AACpD,gBAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC1C,OAAO;AAAA,OAAM,oDAAsB,KAAK,CAAC,KAEvC,IAAI,MAAM,GAAG;AAAA,QACvB;AACA,cAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,MACpE;AAAA;AAAA,EACJ;AACA,WAAS,cAAc,OAAO,QAAQ,SAAS;AAC3C,QAAI,UAAU,UAAU,SAAS,KAAK,UAAU,CAAC,MAAM,SAAS,UAAU,CAAC,IAAI,OAAO,UAAY,KAAa,QAAQ,UAAU,SAAS,KAAK,UAAU,CAAC,MAAM,SAAS,UAAU,CAAC,IAAI,IAEpL,UAAU,GAAG,KAAK,GAAG,MAAM,IAC3B,MAAM,GAAG,OAAO,GAAG,OAAO,WAAY,WAAW,UAAU,KAAK,UAAU,OAAO,CAAC,IAClF,sBACA,YAAY,uBAAuB,gBAAgB,IAAI,GAAG,OAAO,QAAQ,yBAAyB,SAAS,uBAAuB,gBAAgB,IAAI,OAAO,GAC7J,WAAW,YAAY,GACvB,aAAa,iBAAiB,KAAK,GACnC,SAAQ,WAAW;AACnB,UAAI,YAAY,KAAK,MAAM,KAAK,EAAE,IAAI;AACtC,aAAK,UAGE,UAAU,MAAM,SAAS,IAAI;AAChC,eAAO,qBAAqB,UAAU,IAAI,YAAY,QAAQ,OAAO;AAAA,MACzE,CAAC,IAJU;AAAA,IAKf,GAAE,GACE,CAAC,MAAM,MAAM,IAAI,SAAS,OAAO;AAAA,MACjC,SAAS,GAAQ,WAAW,YAAY;AAAA,IAC5C,CAAC;AACD,IAAI,SACA,QAAQ,KAAK,mBAAmB;AAAA,MAC5B;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACJ,OAAG,oDAAsB,KAAK,CAAC;AAEnC,QAAI,SAAS,MACT,UAAU,EAAQ;AACtB,WAAK,UAGE,UAFI;AAAA,EAGf;AACA,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;AAGA,SAAS,4BAA4B;AACjC,EAAI,OAAO,WAAa,OACpB,OAAO,YAAc,OAAe,UAAU,YAAY,iBAGtD,QAAQ,IAAI,qBAAqB,SACjC,QAAQ,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQjB;AAGT;",
-  "names": ["where"]
+  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA8C,2BAC9C,iBAAmD,0BACnD,iBAA+B,8BAC/B,+BAAsC,4CACtC,eAAkC;AAC3B,SAAS,kBAAkB,OAAO;AACrC,MAAI,EAAE,aAAa,QAAQ,QAAQ,WAAW,IAAI,OAC9C,kBAAkB;AAAA,IAClB,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACZ;AACA,WAAS,qBAAqB,UAAU,IAAI,iBAAiB,QAC7D,SAAS;AACL,QAAI,gBAAY,gCAAkB,eAAe;AACjD,QAAI,CAAC;AACD,YAAM,IAAI,MAAM,mDAAmD;AAEvE,QAAI,cAAc,OAAO,OAAO,SAAS;AACzC,QAAI,CAAC;AACD,YAAM,IAAI,MAAM,YAAY;AAEhC,QAAI,cAAc,YAAY,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GACvC,sBAAsB,uBAAuB,MAAM,MAAM,iBAAiB,uBAAuB,cAAc,IAAI;AACvH,QAAI,uBAAuB;AACvB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAEhF,QAAI,wBAAwB;AACxB,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAEpC,QAAI,wBAAwB;AACxB,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAErC,QAAI,mBAAmB,CAAC,GACpB,4BAA4B,IAAM,oBAAoB,IAAO,iBAAiB;AAClF,QAAI;AACA,eAAQ,YAAY,YAAY,OAAO,QAAQ,EAAE,GAAG,OAAO,EAAE,6BAA6B,QAAQ,UAAU,KAAK,GAAG,OAAO,4BAA4B,IAAK;AACxJ,YAAI,MAAM,MAAM,OACZ,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AAC/D,yBAAiB,KAAK,GAAG,IAAI,KAAK,KAAK,CAAC;AAAA,MAC5C;AAAA,IACJ,SAAS,KAAK;AACV,0BAAoB,IACpB,iBAAiB;AAAA,IACrB,UAAE;AACE,UAAI;AACA,QAAI,CAAC,6BAA6B,UAAU,UAAU,QAClD,UAAU,OAAO;AAAA,MAEzB,UAAE;AACE,YAAI;AACA,gBAAM;AAAA,MAEd;AAAA,IACJ;AACA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EAC1D;AACA,iBAAe,IAAI,OAAO,QAAQ,KAAK;AACnC,QAAI,MAAM,WAAW,GACjB,gBAAY,gCAAkB,KAAK;AACvC,QAAI,CAAC;AACD,YAAM,IAAI,MAAM,sDAAsD;AAG1E,IAAI,gBAAgB,aAChB,MAAM,iBAAiB,IAAI,IAAI,IAAI,UAAU,WAAW,OAAO,QAAQ,GAAG,GAC1E,IAAI,uBAAuB;AAAA,EAEnC;AACA,iBAAe,iBAAiB,IAAI,UAAU,WAAW,OAAO,UAAU,KAC1E;AACI,SAAK,YAAa,OAA8B,SAAS,SAAS,UAAU,SAI5E;AAAA,UAAI,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAE7B,YAAY,GAAG,MAAM,SAAS,GAC9B,QAAQ;AACZ,UAAI;AACA,gBAAQ,UAAU,MAAM,SAAS,IAAI;AACjC,iBAAO,qBAAqB,UAAU,IAAI,OAAO,QAAQ,GAAG;AAAA,QAChE,CAAC,EAAE,IAAI,OACP,uBAAO,MAAM,KAAK;AAAA,MACtB,SAAS,KAAK;AACV,YAAI,aAAa,GAAG,IAAI,kBAAkB,YAAa,OAA8B,SAAS,SAAS,EAAE;AACzG,YAAI,eAAe,4BAAa;AAC5B,cAAI,MAAM,uCAAgC,UAAU;AACpD,gBAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC1C,OAAO;AAAA,OAAM,oDAAsB,KAAK,CAAC,KAEvC,IAAI,MAAM,GAAG;AAAA,QACvB;AACA,cAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,MACpE;AAAA;AAAA,EACJ;AACA,MAAI,sBAAkB,+BAAkB,QAAQ,iBAAiB;AAC7D,QAAI,qBAAqB,MAAM,QAAQ,QAAI,8BAAc,MAAM,EAAE,IAAI,eAAeA,QAAO;AACvF,UAAI,CAAC,KAAK,KAAK,IAAIA;AACnB,aAAO,UAAM,+BAAe;AAAA,QACxB,UAAU;AAAA,UACN,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,OAAO;AAAA,QACX;AAAA,MACJ,GAAG,WAAW;AACV,eAAO;AAAA,UACH;AAAA,UACA;AAAA,YACI,KAAK;AAAA,cACD,QAAQ;AAAA,gBACJ,SAAS,UAAU,IAAI;AACnB,sBAAI,MAAM,MAAM,YAAY,IAAI,QAAQ,EAAE;AAC1C,yBAAI,QAAQ,KACD,GAAG,IAAI,IAEd,QAAQ,KACD,GAAG,OAAO,IAAM,KAAK,EAAK,IAE9B;AAAA,gBACX;AAAA,cACJ;AAAA;AAAA,cAEA,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,QAAQ;AAAA,YACZ;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ,CAAC;AAAA,IACL,CAAC,CAAC,GACE,cAAc,OAAO,YAAY,kBAAkB;AACvD,WAAO;AAAA,EACX,CAAC;AACD,SAAO;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,EACJ;AACJ;",
+  "names": ["param"]
 }

package/dist/cjs/createZero.cjs

@@ -0,0 +1,128 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+    for (var name in all) __defProp(target, name, {
+      get: all[name],
+      enumerable: !0
+    });
+  },
+  __copyProps = (to, from, except, desc) => {
+    if (from && typeof from == "object" || typeof from == "function") for (let key of __getOwnPropNames(from)) !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    });
+    return to;
+  };
+var __toCommonJS = mod => __copyProps(__defProp({}, "__esModule", {
+  value: !0
+}), mod);
+var createZero_exports = {};
+__export(createZero_exports, {
+  createZero: () => createZero
+});
+module.exports = __toCommonJS(createZero_exports);
+var import_react = require("@rocicorp/zero/react"),
+  import_helpers = require("@vxrn/helpers"),
+  import_react2 = require("react"),
+  import_createPermissions = require("./createPermissions.cjs"),
+  import_context = require("./helpers/context.cjs"),
+  import_createMutators = require("./helpers/createMutators.cjs"),
+  import_prettyFormatZeroQuery = require("./helpers/prettyFormatZeroQuery.cjs"),
+  import_useZeroDebug = require("./helpers/useZeroDebug.cjs"),
+  import_jsx_runtime = require("react/jsx-runtime");
+function createZero({
+  schema,
+  models,
+  disable
+}) {
+  const modelPermissions = (0, import_helpers.mapObject)(models, val => val.permissions),
+    permissionsHelpers = (0, import_createPermissions.createPermissions)({
+      schema,
+      models,
+      getContext: import_context.context,
+      environment: "client"
+    }),
+    permissionCache = (0, import_helpers.createLocalStorage)("permissions-cache", {
+      storageLimit: 24
+    }),
+    zeroEvents = (0, import_helpers.createEmitter)("zero", null),
+    AuthDataContext = (0, import_react2.createContext)({}),
+    useAuthData = () => (0, import_react2.use)(AuthDataContext);
+  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
+    const keyBase = `${String(table)}${action}`,
+      key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`,
+      cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase),
+      authData = useAuthData(),
+      permission = modelPermissions[table],
+      query = (() => {
+        let baseQuery = zero.query[table].one();
+        return enabled ? baseQuery.where(eb => permissionsHelpers.buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
+      })(),
+      [data, status] = useQuery(query, {
+        enabled: !!(enabled && authData && objOrId)
+      });
+    debug && console.info("usePermission()", {
+      data,
+      status,
+      action,
+      authData,
+      permission
+    }, (0, import_prettyFormatZeroQuery.prettyFormatZeroQuery)(query));
+    const allowed = !!data;
+    return objOrId ? allowed : !1;
+  }
+  let latestZeroInstance = null;
+  const zero = new Proxy({}, {
+      get(_, key) {
+        return Reflect.get(latestZeroInstance, key, latestZeroInstance);
+      }
+    }),
+    useQuery = (query, options) => {
+      if (disable) return [null, {
+        type: "unknown"
+      }];
+      const out = (0, import_react.useQuery)(query, options);
+      return process.env.NODE_ENV === "development" && (0, import_useZeroDebug.useZeroDebug)(query, options, out), out;
+    },
+    ProvideZero = ({
+      children,
+      authData,
+      ...props
+    }) => {
+      const mutators = (0, import_react2.useMemo)(() => (0, import_createMutators.createMutators)({
+        models,
+        environment: "client",
+        authData,
+        can: permissionsHelpers.can
+      }), [models, authData]);
+      return disable ? children : /* @__PURE__ */(0, import_jsx_runtime.jsx)(AuthDataContext.Provider, {
+        value: authData,
+        children: /* @__PURE__ */(0, import_jsx_runtime.jsxs)(import_react.ZeroProvider, {
+          schema,
+          kvStore: "mem",
+          onError: error => {
+            console.error("Zero Error:", error), zeroEvents.emit({
+              type: "error",
+              message: error
+            });
+          },
+          mutators,
+          ...props,
+          children: [/* @__PURE__ */(0, import_jsx_runtime.jsx)(SetZeroInstance, {}), children]
+        })
+      });
+    },
+    SetZeroInstance = () => {
+      const zero2 = (0, import_react.useZero)();
+      return zero2 !== latestZeroInstance && (latestZeroInstance = zero2), null;
+    };
+  return {
+    zeroEvents,
+    ProvideZero,
+    useQuery,
+    usePermission,
+    zero
+  };
+}