over-zero 0.0.0 → 0.0.2

package/dist/cjs/mutations.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/mutations.ts"],
+  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAoEO,SAAS,UAGd,OAA0B,aAAqBA,YAAkC;AACjF,MAAI,aAAa;AACf,UAAM,YAAa,MAAgB,OAAO,MAEpC,qBAAqB,CAAC,WACnB,OAAO,KAAqB,QAAa;AAS9C,YAAM,2BAA2B,YAAY;AAC3C,QAAI,IAAI,wBAMJ,QAAQ,IAAI,qBAAqB,SACnC,MAAM,IAAI,IAAI,aAAa,QAAQ,GAAG;AAAA,MAE1C;AAEA,MAAI,WAAW,YACb,MAAM,yBAAyB;AAIjC,YAAM,WAAWA,aAAY,MAAM;AAEnC,MAAI,WACF,MAAM,SAAS,KAAK,GAAG,IAGvB,MAAM,IAAI,GAAG,OAAO,SAAsB,EAAG,MAAM,EAAE,GAAG,GAGtD,WAAW,YACb,MAAM,yBAAyB;AAAA,IAEnC,GAGI,gBAAoC;AAAA,MACxC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,IACrC;AAEA,WAAO;AAAA,MACL,GAAGA;AAAA;AAAA,MAEH,GAAG;AAAA,IACL;AAAA,EACF;AAGA,SAAO;AACT;",
+  "names": ["mutations"]
+}

package/dist/cjs/mutations.native.js

@@ -0,0 +1,50 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: !0 });
+}, __copyProps = (to, from, except, desc) => {
+  if (from && typeof from == "object" || typeof from == "function")
+    for (let key of __getOwnPropNames(from))
+      !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: !0 }), mod);
+var mutations_exports = {};
+__export(mutations_exports, {
+  mutations: () => mutations
+});
+module.exports = __toCommonJS(mutations_exports);
+function mutations(table, permissions, mutations2) {
+  if (permissions) {
+    var tableName = table.schema.name, createCRUDMutation = function(action) {
+      return async function(ctx, obj) {
+        var runServerPermissionCheck = async function() {
+          ctx.didCanPermissionsRun || process.env.VITE_ENVIRONMENT === "ssr" && await ctx.can(permissions, action, obj);
+        };
+        action !== "insert" && await runServerPermissionCheck();
+        var existing = mutations2 == null ? void 0 : mutations2[action];
+        existing ? await existing(ctx, obj) : await ctx.tx.mutate[tableName][action](obj), action === "insert" && await runServerPermissionCheck();
+      };
+    }, crudMutations = {
+      insert: createCRUDMutation("insert"),
+      update: createCRUDMutation("update"),
+      delete: createCRUDMutation("delete"),
+      upsert: createCRUDMutation("upsert")
+    };
+    return {
+      ...mutations2,
+      // overwrite regular mutations but call them if they are defined by user
+      ...crudMutations
+    };
+  }
+  return table;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  mutations
+});
+//# sourceMappingURL=mutations.js.map

package/dist/cjs/mutations.native.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/mutations.ts"],
+  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAeO,SAAS,UAAU,OAAO,aAAaA,YAAW;AACrD,MAAI,aAAa;AACb,QAAI,YAAY,MAAM,OAAO,MACzB,qBAAqB,SAAS,QAAQ;AACtC,aAAO,eAAe,KAAK,KAAK;AAQhC,YAAI,2BAA2B,iBAAiB;AACxC,UAAI,IAAI,wBAKJ,QAAQ,IAAI,qBAAqB,SACjC,MAAM,IAAI,IAAI,aAAa,QAAQ,GAAG;AAAA,QAE9C;AACA,QAAI,WAAW,YACX,MAAM,yBAAyB;AAGnC,YAAI,WAAWA,cAAc,OAA+B,SAASA,WAAU,MAAM;AACrF,QAAI,WACA,MAAM,SAAS,KAAK,GAAG,IAGvB,MAAM,IAAI,GAAG,OAAO,SAAS,EAAE,MAAM,EAAE,GAAG,GAE1C,WAAW,YACX,MAAM,yBAAyB;AAAA,MAEvC;AAAA,IACJ,GACI,gBAAgB;AAAA,MAChB,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,IACvC;AACA,WAAO;AAAA,MACH,GAAGA;AAAA;AAAA,MAEH,GAAG;AAAA,IACP;AAAA,EACJ;AAEA,SAAO;AACX;",
+  "names": ["mutations"]
+}

package/dist/cjs/server.cjs

@@ -0,0 +1,18 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+    if (from && typeof from == "object" || typeof from == "function") for (let key of __getOwnPropNames(from)) !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    });
+    return to;
+  },
+  __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = mod => __copyProps(__defProp({}, "__esModule", {
+  value: !0
+}), mod);
+var server_exports = {};
+module.exports = __toCommonJS(server_exports);
+__reExport(server_exports, require("./createZeroServer.cjs"), module.exports);

package/dist/cjs/server.js

@@ -0,0 +1,15 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from == "object" || typeof from == "function")
+    for (let key of __getOwnPropNames(from))
+      !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  return to;
+}, __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: !0 }), mod);
+var server_exports = {};
+module.exports = __toCommonJS(server_exports);
+__reExport(server_exports, require("./createZeroServer"), module.exports);
+//# sourceMappingURL=server.js.map

package/dist/cjs/server.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/server.ts"],
+  "mappings": ";;;;;;;;;;;AAAA;AAAA;AAAA,2BAAc,+BAAd;",
+  "names": []
+}

package/dist/cjs/server.native.js

@@ -0,0 +1,20 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from == "object" || typeof from == "function")
+    for (let key of __getOwnPropNames(from))
+      !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  return to;
+}, __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: !0 }), mod);
+var server_exports = {};
+module.exports = __toCommonJS(server_exports);
+__reExport(server_exports, require("./createZeroServer"), module.exports);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./createZeroServer")
+});
+//# sourceMappingURL=server.js.map

package/dist/cjs/server.native.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/server.ts"],
+  "mappings": ";;;;;;;;;;;;AAAA;AAAA;AAAA,2BAAc,+BAAd;",
+  "names": []
+}

package/dist/cjs/where.cjs

@@ -0,0 +1,33 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+    for (var name in all) __defProp(target, name, {
+      get: all[name],
+      enumerable: !0
+    });
+  },
+  __copyProps = (to, from, except, desc) => {
+    if (from && typeof from == "object" || typeof from == "function") for (let key of __getOwnPropNames(from)) !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, {
+      get: () => from[key],
+      enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+    });
+    return to;
+  };
+var __toCommonJS = mod => __copyProps(__defProp({}, "__esModule", {
+  value: !0
+}), mod);
+var where_exports = {};
+__export(where_exports, {
+  getWhereTableName: () => getWhereTableName,
+  where: () => where
+});
+module.exports = __toCommonJS(where_exports);
+function where(a, b) {
+  return b && WhereTableNameMap.set(b, a), b || a;
+}
+const WhereTableNameMap = /* @__PURE__ */new WeakMap();
+function getWhereTableName(where2) {
+  return WhereTableNameMap.get(where2);
+}

package/dist/cjs/where.js

@@ -0,0 +1,28 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: !0 });
+}, __copyProps = (to, from, except, desc) => {
+  if (from && typeof from == "object" || typeof from == "function")
+    for (let key of __getOwnPropNames(from))
+      !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: !0 }), mod);
+var where_exports = {};
+__export(where_exports, {
+  getWhereTableName: () => getWhereTableName,
+  where: () => where
+});
+module.exports = __toCommonJS(where_exports);
+function where(a, b) {
+  return b && WhereTableNameMap.set(b, a), b || a;
+}
+const WhereTableNameMap = /* @__PURE__ */ new WeakMap();
+function getWhereTableName(where2) {
+  return WhereTableNameMap.get(where2);
+}
+//# sourceMappingURL=where.js.map

package/dist/cjs/where.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/where.ts"],
+  "mappings": ";;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWO,SAAS,MACd,GACA,GACS;AACT,SAAI,KACF,kBAAkB,IAAI,GAAG,CAAU,GAE7B,KAAK;AACf;AAIA,MAAM,oBAAoB,oBAAI,QAA0B;AAEjD,SAAS,kBAAkBA,QAAc;AAC9C,SAAO,kBAAkB,IAAIA,MAAK;AACpC;",
+  "names": ["where"]
+}

package/dist/cjs/where.native.js

@@ -0,0 +1,34 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: !0 });
+}, __copyProps = (to, from, except, desc) => {
+  if (from && typeof from == "object" || typeof from == "function")
+    for (let key of __getOwnPropNames(from))
+      !__hasOwnProp.call(to, key) && key !== except && __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: !0 }), mod);
+var where_exports = {};
+__export(where_exports, {
+  getWhereTableName: () => getWhereTableName,
+  where: () => where
+});
+module.exports = __toCommonJS(where_exports);
+function where(a, b) {
+  return b && WhereTableNameMap.set(b, a), b || a;
+}
+var WhereTableNameMap = /* @__PURE__ */ new WeakMap();
+function getWhereTableName(where2) {
+  return WhereTableNameMap.get(where2);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getWhereTableName,
+  where
+});
+//# sourceMappingURL=where.js.map

package/dist/cjs/where.native.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/where.ts"],
+  "mappings": ";;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,SAAS,MAAM,GAAG,GAAG;AACxB,SAAI,KACA,kBAAkB,IAAI,GAAG,CAAC,GAEvB,KAAK;AAChB;AAEA,IAAI,oBAAoB,oBAAI,QAAQ;AAC7B,SAAS,kBAAkBA,QAAO;AACrC,SAAO,kBAAkB,IAAIA,MAAK;AACtC;",
+  "names": ["where"]
+}

package/dist/esm/createPermissions.js

@@ -1,17 +1,14 @@
-import { createLocalStorage, ensure, EnsureError } from "@vxrn/helpers";
+import { ANYONE_CAN, definePermissions } from "@rocicorp/zero";
+import { ensure, EnsureError, objectEntries } from "@vxrn/helpers";
+import { runWithContext } from "./helpers/context";
 import { prettyFormatZeroQuery } from "./helpers/prettyFormatZeroQuery";
-function createPermissions(schema, getContext) {
-  runEnvironmentSafetyCheck();
-  const permissionCache = createLocalStorage("permissions-cache", {
-    storageLimit: 24
-  });
-  function where(a, b) {
-    return b && WhereTableNameMap.set(b, a), b || a;
-  }
-  const WhereTableNameMap = /* @__PURE__ */ new WeakMap();
-  function getWhereTableName(where2) {
-    return WhereTableNameMap.get(where2);
-  }
+import { getWhereTableName } from "./where";
+function createPermissions({
+  environment,
+  schema,
+  models,
+  getContext
+}) {
   const fallbackActions = {
     select: "read",
     insert: "write",
@@ -23,7 +20,10 @@ function createPermissions(schema, getContext) {
     const tableName = getWhereTableName(permissionWhere);
     if (!tableName)
       throw new Error("Must use PermissionWhere for buildPermissionQuery");
-    const primaryKeys = schema.tables[tableName].primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    const tableSchema = schema.tables[tableName];
+    if (!tableSchema)
+      throw new Error("No schema?");
+    const primaryKeys = tableSchema.primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
     if (permissionCondition == null)
       throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
     if (permissionCondition === !0)
@@ -37,26 +37,26 @@ function createPermissions(schema, getContext) {
     }
     return eb.and(permissionCondition, ...primaryKeyWheres);
   }
-  async function can(where2, action, obj) {
-    const ctx = getContext(), tableName = getWhereTableName(where2);
+  async function can(where, action, obj) {
+    const ctx = getContext(), tableName = getWhereTableName(where);
     if (!tableName)
       throw new Error("Must use where('table') style where to pass to can()");
-    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(
+    environment === "server" && (await ensurePermission(
       ctx.tx,
       ctx.authData,
       tableName,
-      where2,
+      where,
       action,
       obj
     ), ctx.didCanPermissionsRun = !0);
   }
-  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+  async function ensurePermission(tx, authData, tableName, where, actionIn, obj) {
     if (authData?.role === "admin")
       return;
     const action = String(actionIn), name = `${tableName}.${action}`, queryBase = tx.query[tableName];
     let query = null;
     try {
-      query = queryBase.where((eb) => buildPermissionQuery(authData, eb, where2, action, obj)).one(), ensure(await query);
+      query = queryBase.where((eb) => buildPermissionQuery(authData, eb, where, action, obj)).one(), ensure(await query);
     } catch (err) {
       const errorTitle = `${name} with auth id: ${authData?.id}`;
       if (err instanceof EnsureError) {
@@ -68,38 +68,39 @@ function createPermissions(schema, getContext) {
 ${err}`);
     }
   }
-  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
-    const keyBase = `${table}${action}`, key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`, cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase), authData = useAuthData(), permission = modelPermissions[table], query = (() => {
-      let baseQuery = zero.query[table].one();
-      return enabled ? baseQuery.where((eb) => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
-    })(), [data, status] = useQuery(query, {
-      enabled: !!(enabled && authData && objOrId)
-    });
-    debug && console.info(
-      "usePermission()",
-      { data, status, action, authData, permission },
-      prettyFormatZeroQuery(query)
+  const readPermissions = definePermissions(schema, async () => {
+    const permissionsEntries = await Promise.all(
+      objectEntries(models).map(async ([key, model]) => await runWithContext(
+        {
+          authData: { id: "", role: void 0, email: "" }
+        },
+        () => [
+          key,
+          {
+            row: {
+              select: [
+                (authData, eb) => {
+                  const out = model.permissions(eb, authData).read;
+                  return out === !0 ? eb.and() : out === !1 ? eb.cmpLit(!0, "=", !1) : out;
+                }
+              ],
+              // we have permissions on these through our model system with custom mutators:
+              insert: ANYONE_CAN,
+              update: ANYONE_CAN,
+              delete: ANYONE_CAN
+            }
+          }
+        ]
+      ))
     );
-    const allowed = !!data;
-    return objOrId ? allowed : !1;
-  }
+    return Object.fromEntries(permissionsEntries);
+  });
   return {
-    where,
     can,
-    usePermission
+    buildPermissionQuery,
+    readPermissions
   };
 }
-function runEnvironmentSafetyCheck() {
-  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
-
-ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
-This is makes Zero entirely insecure and needs to be fixed immediately.
-
-This is likely a One framework issue, unless the user Vite config is overwriting the value.
-One automatically sets this value.
-        
-        `);
-}
 export {
   createPermissions
 };

package/dist/esm/createPermissions.js.map

@@ -1,6 +1,6 @@
 {
   "version": 3,
   "sources": ["../../src/createPermissions.ts"],
-  "mappings": "AAQA,SAAS,oBAAoB,QAAQ,mBAAmB;AAGxD,SAAS,6BAA6B;AAE/B,SAAS,kBACd,QACA,YACA;AACA,4BAA0B;AAO1B,QAAM,kBAAkB,mBAAoC,qBAAqB;AAAA,IAC/E,cAAc;AAAA,EAChB,CAAC;AAoBD,WAAS,MACP,GACA,GACS;AACT,WAAI,KACF,kBAAkB,IAAI,GAAG,CAAU,GAE7B,KAAK;AAAA,EACf;AAIA,QAAM,oBAAoB,oBAAI,QAA0B;AAExD,WAAS,kBAAkBA,QAAc;AACvC,WAAO,kBAAkB,IAAIA,MAAK;AAAA,EACpC;AAqBA,QAAM,kBAA0C;AAAA,IAC9C,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,WAAS,qBAIP,UACA,IACA,iBACA,QAEA,SACA;AACA,UAAM,YAAY,kBAAkB,eAAe;AAEnD,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,mDAAmD;AAIrE,UAAM,cADc,OAAO,OAAO,SAAS,EACX,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GAEvC,sBACJ,uBAAuB,MAAM,MAC5B,iBAAiB,uBAAuB,cAAc,IAAI;AAE7D,QAAI,uBAAuB;AACzB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAG9E,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAGlC,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAGnC,UAAM,mBAAgC,CAAC;AAEvC,eAAW,OAAO,aAAa;AAC7B,YAAM,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AACjE,uBAAiB,KAAK,GAAG,IAAI,KAAY,KAAK,CAAC;AAAA,IACjD;AAEA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EACxD;AAEA,iBAAe,IAGbA,QAAe,QAAgB,KAAU;AACzC,UAAM,MAAM,WAAW,GACjB,YAAY,kBAAkBA,MAAK;AACzC,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,sDAAsD;AAIxE,IAAI,QAAQ,IAAI,qBAAqB,UACnC,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACAA;AAAA,MACA;AAAA,MACA;AAAA,IACF,GACA,IAAI,uBAAuB;AAAA,EAE/B;AAIA,iBAAe,iBAIb,IACA,UACA,WACAA,QACA,UACA,KACe;AACf,QAAI,UAAU,SAAS;AAErB;AAGF,UAAM,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAC7B,YAAY,GAAG,MAAM,SAAS;AACpC,QAAI,QAAqC;AAEzC,QAAI;AACF,cAAQ,UACL,MAAM,CAAC,OACC,qBAAqB,UAAU,IAAIA,QAAO,QAAQ,GAAG,CAC7D,EACA,IAAI,GAEP,OAAO,MAAM,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,YAAM,aAAa,GAAG,IAAI,kBAAkB,UAAU,EAAE;AAExD,UAAI,eAAe,aAAa;AAC9B,YAAI,MAAM,uCAAgC,UAAU;AACpD,cAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC5C,OAAO;AAAA,GAAM,sBAAsB,KAAK,CAAC,KAErC,IAAI,MAAM,GAAG;AAAA,MACrB;AAEA,YAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,IAClE;AAAA,EACF;AAEA,WAAS,cAIP,OACA,QACA,SACA,UAAU,OAAO,UAAY,KAC7B,QAAQ,IACQ;AAEhB,UAAM,UAAU,GAAG,KAAK,GAAG,MAAM,IAC3B,MAAM,GAAG,OAAO,GAAG,OAAO,WAAY,WAAW,UAAU,KAAK,UAAU,OAAO,CAAC,IAClF,WAAW,gBAAgB,IAAI,GAAG,KAAK,gBAAgB,IAAI,OAAO,GAClE,WAAW,YAAY,GACvB,aAAa,iBAAiB,KAAK,GAEnC,SAAS,MAAM;AACnB,UAAI,YAAY,KAAK,MAAM,KAAK,EAAE,IAAI;AAEtC,aAAK,UAIE,UAAU,MAAM,CAAC,OACf,qBAAqB,UAAU,IAAI,YAAY,QAAQ,OAAc,CAC7E,IALQ;AAAA,IAMX,GAAG,GAEG,CAAC,MAAM,MAAM,IAAI,SAAS,OAAO;AAAA,MACrC,SAAS,GAAQ,WAAW,YAAY;AAAA,IAC1C,CAAC;AAED,IAAI,SACF,QAAQ;AAAA,MACN;AAAA,MACA,EAAE,MAAM,QAAQ,QAAQ,UAAU,WAAW;AAAA,MAC7C,sBAAsB,KAAK;AAAA,IAC7B;AAKF,UAAM,UAAU,EAFD;AAIf,WAAK,UAIE,UAHE;AAAA,EAIX;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAIA,SAAS,4BAA4B;AACnC,EAAI,OAAO,WAAa,OAEb,OAAO,YAAc,OAAe,UAAU,YAAY,iBAI/D,QAAQ,IAAI,qBAAqB,SACnC,QAAQ,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQX;AAGT;",
-  "names": ["where"]
+  "mappings": "AAMA,SAAS,YAAY,yBAAyB;AAC9C,SAAS,QAAQ,aAAa,qBAAqB;AACnD,SAAS,sBAAsB;AAC/B,SAAS,6BAA6B;AAEtC,SAAS,yBAAyB;AAE3B,SAAS,kBAA6C;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAKG;AAkBD,QAAM,kBAA0C;AAAA,IAC9C,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,WAAS,qBAIP,UACA,IACA,iBACA,QAEA,SACA;AACA,UAAM,YAAY,kBAAkB,eAAe;AAEnD,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,mDAAmD;AAGrE,UAAM,cAAc,OAAO,OAAO,SAAS;AAE3C,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,YAAY;AAG9B,UAAM,cAAc,YAAY,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GAEvC,sBACJ,uBAAuB,MAAM,MAC5B,iBAAiB,uBAAuB,cAAc,IAAI;AAE7D,QAAI,uBAAuB;AACzB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAG9E,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAGlC,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAGnC,UAAM,mBAAgC,CAAC;AAEvC,eAAW,OAAO,aAAa;AAC7B,YAAM,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AACjE,uBAAiB,KAAK,GAAG,IAAI,KAAY,KAAK,CAAC;AAAA,IACjD;AAEA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EACxD;AAEA,iBAAe,IAGb,OAAe,QAAgB,KAAU;AACzC,UAAM,MAAM,WAAW,GACjB,YAAY,kBAAkB,KAAK;AACzC,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,sDAAsD;AAIxE,IAAI,gBAAgB,aAClB,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,GACA,IAAI,uBAAuB;AAAA,EAE/B;AAEA,iBAAe,iBAIb,IACA,UACA,WACA,OACA,UACA,KACe;AACf,QAAI,UAAU,SAAS;AAErB;AAGF,UAAM,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAE7B,YAAY,GAAG,MAAM,SAAS;AACpC,QAAI,QAAqC;AAEzC,QAAI;AACF,cAAQ,UACL,MAAM,CAAC,OACC,qBAAqB,UAAU,IAAI,OAAO,QAAQ,GAAG,CAC7D,EACA,IAAI,GAEP,OAAO,MAAM,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,YAAM,aAAa,GAAG,IAAI,kBAAkB,UAAU,EAAE;AAExD,UAAI,eAAe,aAAa;AAC9B,YAAI,MAAM,uCAAgC,UAAU;AACpD,cAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC5C,OAAO;AAAA,GAAM,sBAAsB,KAAK,CAAC,KAErC,IAAI,MAAM,GAAG;AAAA,MACrB;AAEA,YAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,IAClE;AAAA,EACF;AAEA,QAAM,kBAAkB,kBAAoC,QAAQ,YAAY;AAC9E,UAAM,qBAAqB,MAAM,QAAQ;AAAA,MACvC,cAAc,MAAM,EAAE,IAAI,OAAO,CAAC,KAAK,KAAK,MACnC,MAAM;AAAA,QACX;AAAA,UACE,UAAU,EAAE,IAAI,IAAI,MAAM,QAAW,OAAO,GAAG;AAAA,QACjD;AAAA,QACA,MACS;AAAA,UACL;AAAA,UACA;AAAA,YACE,KAAK;AAAA,cACH,QAAQ;AAAA,gBACN,CAAC,UAAoB,OAAoC;AACvD,wBAAM,MAAM,MAAM,YAAY,IAAI,QAAQ,EAAE;AAE5C,yBAAI,QAAQ,KACH,GAAG,IAAI,IAGZ,QAAQ,KACH,GAAG,OAAO,IAAM,KAAK,EAAK,IAG5B;AAAA,gBACT;AAAA,cACF;AAAA;AAAA,cAEA,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,QAAQ;AAAA,YACV;AAAA,UACF;AAAA,QACF;AAAA,MAEJ,CACD;AAAA,IACH;AAIA,WAFoB,OAAO,YAAY,kBAAkB;AAAA,EAG3D,CAAC;AAED,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
+  "names": []
 }

package/dist/esm/createPermissions.mjs

@@ -1,17 +1,14 @@
-import { createLocalStorage, ensure, EnsureError } from "@vxrn/helpers";
+import { ANYONE_CAN, definePermissions } from "@rocicorp/zero";
+import { ensure, EnsureError, objectEntries } from "@vxrn/helpers";
+import { runWithContext } from "./helpers/context.mjs";
 import { prettyFormatZeroQuery } from "./helpers/prettyFormatZeroQuery.mjs";
-function createPermissions(schema, getContext) {
-  runEnvironmentSafetyCheck();
-  const permissionCache = createLocalStorage("permissions-cache", {
-    storageLimit: 24
-  });
-  function where(a, b) {
-    return b && WhereTableNameMap.set(b, a), b || a;
-  }
-  const WhereTableNameMap = /* @__PURE__ */new WeakMap();
-  function getWhereTableName(where2) {
-    return WhereTableNameMap.get(where2);
-  }
+import { getWhereTableName } from "./where.mjs";
+function createPermissions({
+  environment,
+  schema,
+  models,
+  getContext
+}) {
   const fallbackActions = {
     select: "read",
     insert: "write",
@@ -22,7 +19,9 @@ function createPermissions(schema, getContext) {
   function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
     const tableName = getWhereTableName(permissionWhere);
     if (!tableName) throw new Error("Must use PermissionWhere for buildPermissionQuery");
-    const primaryKeys = schema.tables[tableName].primaryKey,
+    const tableSchema = schema.tables[tableName];
+    if (!tableSchema) throw new Error("No schema?");
+    const primaryKeys = tableSchema.primaryKey,
       permissionQueryBuilder = permissionWhere(eb, authData),
       fallbackAction = fallbackActions[action],
       permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
@@ -36,20 +35,20 @@ function createPermissions(schema, getContext) {
     }
     return eb.and(permissionCondition, ...primaryKeyWheres);
   }
-  async function can(where2, action, obj) {
+  async function can(where, action, obj) {
     const ctx = getContext(),
-      tableName = getWhereTableName(where2);
+      tableName = getWhereTableName(where);
     if (!tableName) throw new Error("Must use where('table') style where to pass to can()");
-    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where2, action, obj), ctx.didCanPermissionsRun = !0);
+    environment === "server" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where, action, obj), ctx.didCanPermissionsRun = !0);
   }
-  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+  async function ensurePermission(tx, authData, tableName, where, actionIn, obj) {
     if (authData?.role === "admin") return;
     const action = String(actionIn),
       name = `${tableName}.${action}`,
       queryBase = tx.query[tableName];
     let query = null;
     try {
-      query = queryBase.where(eb => buildPermissionQuery(authData, eb, where2, action, obj)).one(), ensure(await query);
+      query = queryBase.where(eb => buildPermissionQuery(authData, eb, where, action, obj)).one(), ensure(await query);
     } catch (err) {
       const errorTitle = `${name} with auth id: ${authData?.id}`;
       if (err instanceof EnsureError) {
@@ -61,45 +60,32 @@ function createPermissions(schema, getContext) {
 ${err}`);
     }
   }
-  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
-    const keyBase = `${table}${action}`,
-      key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`,
-      cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase),
-      authData = useAuthData(),
-      permission = modelPermissions[table],
-      query = (() => {
-        let baseQuery = zero.query[table].one();
-        return enabled ? baseQuery.where(eb => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
-      })(),
-      [data, status] = useQuery(query, {
-        enabled: !!(enabled && authData && objOrId)
-      });
-    debug && console.info("usePermission()", {
-      data,
-      status,
-      action,
-      authData,
-      permission
-    }, prettyFormatZeroQuery(query));
-    const allowed = !!data;
-    return objOrId ? allowed : !1;
-  }
+  const readPermissions = definePermissions(schema, async () => {
+    const permissionsEntries = await Promise.all(objectEntries(models).map(async ([key, model]) => await runWithContext({
+      authData: {
+        id: "",
+        role: void 0,
+        email: ""
+      }
+    }, () => [key, {
+      row: {
+        select: [(authData, eb) => {
+          const out = model.permissions(eb, authData).read;
+          return out === !0 ? eb.and() : out === !1 ? eb.cmpLit(!0, "=", !1) : out;
+        }],
+        // we have permissions on these through our model system with custom mutators:
+        insert: ANYONE_CAN,
+        update: ANYONE_CAN,
+        delete: ANYONE_CAN
+      }
+    }])));
+    return Object.fromEntries(permissionsEntries);
+  });
   return {
-    where,
     can,
-    usePermission
+    buildPermissionQuery,
+    readPermissions
   };
 }
-function runEnvironmentSafetyCheck() {
-  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
-
-ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
-This is makes Zero entirely insecure and needs to be fixed immediately.
-
-This is likely a One framework issue, unless the user Vite config is overwriting the value.
-One automatically sets this value.
-        
-        `);
-}
 export { createPermissions };
 //# sourceMappingURL=createPermissions.mjs.map

package/dist/esm/createPermissions.mjs.map

@@ -1 +1 @@
-{"version":3,"names":["createLocalStorage","ensure","EnsureError","prettyFormatZeroQuery","createPermissions","schema","getContext","runEnvironmentSafetyCheck","permissionCache","storageLimit","where","a","b","WhereTableNameMap","set","WeakMap","getWhereTableName","where2","get","fallbackActions","select","insert","update","upsert","delete","buildPermissionQuery","authData","eb","permissionWhere","action","objOrId","tableName","Error","primaryKeys","tables","primaryKey","permissionQueryBuilder","fallbackAction","permissionCondition","cmpLit","primaryKeyWheres","key","value","push","cmp","and","can","obj","ctx","process","env","VITE_ENVIRONMENT","ensurePermission","tx","didCanPermissionsRun","actionIn","role","String","name","queryBase","query","one","err","errorTitle","id","msg","NODE_ENV","usePermission","table","enabled","debug","keyBase","JSON","stringify","cacheVal","useAuthData","permission","modelPermissions","baseQuery","zero","data","status","useQuery","console","info","allowed","document","navigator","product","error"],"sources":["../../src/createPermissions.ts"],"sourcesContent":[null],"mappings":"AAQA,SAASA,kBAAA,EAAoBC,MAAA,EAAQC,WAAA,QAAmB;AAGxD,SAASC,qBAAA,QAA6B;AAE/B,SAASC,kBACdC,MAAA,EACAC,UAAA,EACA;EACAC,yBAAA,CAA0B;EAO1B,MAAMC,eAAA,GAAkBR,kBAAA,CAAoC,qBAAqB;IAC/ES,YAAA,EAAc;EAChB,CAAC;EAoBD,SAASC,MACPC,CAAA,EACAC,CAAA,EACS;IACT,OAAIA,CAAA,IACFC,iBAAA,CAAkBC,GAAA,CAAIF,CAAA,EAAGD,CAAU,GAE7BC,CAAA,IAAKD,CAAA;EACf;EAIA,MAAME,iBAAA,GAAoB,mBAAIE,OAAA,CAA0B;EAExD,SAASC,kBAAkBC,MAAA,EAAc;IACvC,OAAOJ,iBAAA,CAAkBK,GAAA,CAAID,MAAK;EACpC;EAqBA,MAAME,eAAA,GAA0C;IAC9CC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;EACV;EAEA,SAASC,qBAIPC,QAAA,EACAC,EAAA,EACAC,eAAA,EACAC,MAAA,EAEAC,OAAA,EACA;IACA,MAAMC,SAAA,GAAYf,iBAAA,CAAkBY,eAAe;IAEnD,IAAI,CAACG,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,mDAAmD;IAIrE,MAAMC,WAAA,GADc5B,MAAA,CAAO6B,MAAA,CAAOH,SAAS,EACXI,UAAA;MAC1BC,sBAAA,GAAyBR,eAAA,CAAgBD,EAAA,EAAID,QAAQ;MACrDW,cAAA,GAAiBlB,eAAA,CAAgBU,MAAM;MAEvCS,mBAAA,GACJF,sBAAA,CAAuBP,MAAM,MAC5BQ,cAAA,GAAiBD,sBAAA,CAAuBC,cAAc,IAAI;IAE7D,IAAIC,mBAAA,IAAuB,MACzB,MAAM,IAAIN,KAAA,CAAM,6BAA6BH,MAAM,QAAQQ,cAAc,GAAG;IAG9E,IAAIC,mBAAA,KAAwB,IAC1B,OAAOX,EAAA,CAAGY,MAAA,CAAO,IAAM,KAAK,EAAI;IAGlC,IAAID,mBAAA,KAAwB,IAC1B,OAAOX,EAAA,CAAGY,MAAA,CAAO,IAAM,KAAK,EAAK;IAGnC,MAAMC,gBAAA,GAAgC,EAAC;IAEvC,WAAWC,GAAA,IAAOR,WAAA,EAAa;MAC7B,MAAMS,KAAA,GAAQ,OAAOZ,OAAA,IAAY,WAAWA,OAAA,GAAUA,OAAA,CAAQW,GAAG;MACjED,gBAAA,CAAiBG,IAAA,CAAKhB,EAAA,CAAGiB,GAAA,CAAIH,GAAA,EAAYC,KAAK,CAAC;IACjD;IAEA,OAAOf,EAAA,CAAGkB,GAAA,CAAIP,mBAAA,EAAqB,GAAGE,gBAAgB;EACxD;EAEA,eAAeM,IAGb7B,MAAA,EAAeY,MAAA,EAAgBkB,GAAA,EAAU;IACzC,MAAMC,GAAA,GAAM1C,UAAA,CAAW;MACjByB,SAAA,GAAYf,iBAAA,CAAkBC,MAAK;IACzC,IAAI,CAACc,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,sDAAsD;IAIpEiB,OAAA,CAAQC,GAAA,CAAIC,gBAAA,KAAqB,UACnC,MAAMC,gBAAA,CACJJ,GAAA,CAAIK,EAAA,EACJL,GAAA,CAAItB,QAAA,EACJK,SAAA,EACAd,MAAA,EACAY,MAAA,EACAkB,GACF,GACAC,GAAA,CAAIM,oBAAA,GAAuB;EAE/B;EAIA,eAAeF,iBAIbC,EAAA,EACA3B,QAAA,EACAK,SAAA,EACAd,MAAA,EACAsC,QAAA,EACAR,GAAA,EACe;IACf,IAAIrB,QAAA,EAAU8B,IAAA,KAAS,SAErB;IAGF,MAAM3B,MAAA,GAAS4B,MAAA,CAAOF,QAAQ;MACxBG,IAAA,GAAO,GAAG3B,SAAS,IAAIF,MAAM;MAC7B8B,SAAA,GAAYN,EAAA,CAAGO,KAAA,CAAM7B,SAAS;IACpC,IAAI6B,KAAA,GAAqC;IAEzC,IAAI;MACFA,KAAA,GAAQD,SAAA,CACLjD,KAAA,CAAOiB,EAAA,IACCF,oBAAA,CAAqBC,QAAA,EAAUC,EAAA,EAAIV,MAAA,EAAOY,MAAA,EAAQkB,GAAG,CAC7D,EACAc,GAAA,CAAI,GAEP5D,MAAA,CAAO,MAAM2D,KAAK;IACpB,SAASE,GAAA,EAAK;MACZ,MAAMC,UAAA,GAAa,GAAGL,IAAI,kBAAkBhC,QAAA,EAAUsC,EAAE;MAExD,IAAIF,GAAA,YAAe5D,WAAA,EAAa;QAC9B,IAAI+D,GAAA,GAAM,uCAAgCF,UAAU;QACpD,MAAId,OAAA,CAAQC,GAAA,CAAIgB,QAAA,KAAa,iBAAiBN,KAAA,KAC5CK,GAAA,IAAO;AAAA,GAAM9D,qBAAA,CAAsByD,KAAK,CAAC,KAErC,IAAI5B,KAAA,CAAMiC,GAAG;MACrB;MAEA,MAAM,IAAIjC,KAAA,CAAM,4BAA4B+B,UAAU;AAAA,EAAKD,GAAG,EAAE;IAClE;EACF;EAEA,SAASK,cAIPC,KAAA,EACAvC,MAAA,EACAC,OAAA,EACAuC,OAAA,GAAU,OAAOvC,OAAA,GAAY,KAC7BwC,KAAA,GAAQ,IACQ;IAEhB,MAAMC,OAAA,GAAU,GAAGH,KAAK,GAAGvC,MAAM;MAC3BY,GAAA,GAAM,GAAG8B,OAAO,GAAG,OAAOzC,OAAA,IAAY,WAAWA,OAAA,GAAU0C,IAAA,CAAKC,SAAA,CAAU3C,OAAO,CAAC;MAClF4C,QAAA,GAAWlE,eAAA,CAAgBU,GAAA,CAAIuB,GAAG,KAAKjC,eAAA,CAAgBU,GAAA,CAAIqD,OAAO;MAClE7C,QAAA,GAAWiD,WAAA,CAAY;MACvBC,UAAA,GAAaC,gBAAA,CAAiBT,KAAK;MAEnCR,KAAA,IAAS,MAAM;QACnB,IAAIkB,SAAA,GAAYC,IAAA,CAAKnB,KAAA,CAAMQ,KAAK,EAAEP,GAAA,CAAI;QAEtC,OAAKQ,OAAA,GAIES,SAAA,CAAUpE,KAAA,CAAOiB,EAAA,IACfF,oBAAA,CAAqBC,QAAA,EAAUC,EAAA,EAAIiD,UAAA,EAAY/C,MAAA,EAAQC,OAAc,CAC7E,IALQgD,SAAA;MAMX,GAAG;MAEG,CAACE,IAAA,EAAMC,MAAM,IAAIC,QAAA,CAAStB,KAAA,EAAO;QACrCS,OAAA,EAAS,GAAQA,OAAA,IAAW3C,QAAA,IAAYI,OAAA;MAC1C,CAAC;IAEGwC,KAAA,IACFa,OAAA,CAAQC,IAAA,CACN,mBACA;MAAEJ,IAAA;MAAMC,MAAA;MAAQpD,MAAA;MAAQH,QAAA;MAAUkD;IAAW,GAC7CzE,qBAAA,CAAsByD,KAAK,CAC7B;IAKF,MAAMyB,OAAA,GAAU,EAFDL,IAAA;IAIf,OAAKlD,OAAA,GAIEuD,OAAA,GAHE;EAIX;EAEA,OAAO;IACL3E,KAAA;IACAoC,GAAA;IACAqB;EACF;AACF;AAIA,SAAS5D,0BAAA,EAA4B;EAC/B,OAAO+E,QAAA,GAAa,OAEb,OAAOC,SAAA,GAAc,OAAeA,SAAA,CAAUC,OAAA,KAAY,iBAI/DvC,OAAA,CAAQC,GAAA,CAAIC,gBAAA,KAAqB,SACnCgC,OAAA,CAAQM,KAAA,CAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQX;AAGT","ignoreList":[]}
+{"version":3,"names":["ANYONE_CAN","definePermissions","ensure","EnsureError","objectEntries","runWithContext","prettyFormatZeroQuery","getWhereTableName","createPermissions","environment","schema","models","getContext","fallbackActions","select","insert","update","upsert","delete","buildPermissionQuery","authData","eb","permissionWhere","action","objOrId","tableName","Error","tableSchema","tables","primaryKeys","primaryKey","permissionQueryBuilder","fallbackAction","permissionCondition","cmpLit","primaryKeyWheres","key","value","push","cmp","and","can","where","obj","ctx","ensurePermission","tx","didCanPermissionsRun","actionIn","role","String","name","queryBase","query","one","err","errorTitle","id","msg","process","env","NODE_ENV","readPermissions","permissionsEntries","Promise","all","map","model","email","row","out","permissions","read","Object","fromEntries"],"sources":["../../src/createPermissions.ts"],"sourcesContent":[null],"mappings":"AAMA,SAASA,UAAA,EAAYC,iBAAA,QAAyB;AAC9C,SAASC,MAAA,EAAQC,WAAA,EAAaC,aAAA,QAAqB;AACnD,SAASC,cAAA,QAAsB;AAC/B,SAASC,qBAAA,QAA6B;AAEtC,SAASC,iBAAA,QAAyB;AAE3B,SAASC,kBAA6C;EAC3DC,WAAA;EACAC,MAAA;EACAC,MAAA;EACAC;AACF,GAKG;EAkBD,MAAMC,eAAA,GAA0C;IAC9CC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;EACV;EAEA,SAASC,qBAIPC,QAAA,EACAC,EAAA,EACAC,eAAA,EACAC,MAAA,EAEAC,OAAA,EACA;IACA,MAAMC,SAAA,GAAYlB,iBAAA,CAAkBe,eAAe;IAEnD,IAAI,CAACG,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,mDAAmD;IAGrE,MAAMC,WAAA,GAAcjB,MAAA,CAAOkB,MAAA,CAAOH,SAAS;IAE3C,IAAI,CAACE,WAAA,EACH,MAAM,IAAID,KAAA,CAAM,YAAY;IAG9B,MAAMG,WAAA,GAAcF,WAAA,CAAYG,UAAA;MAC1BC,sBAAA,GAAyBT,eAAA,CAAgBD,EAAA,EAAID,QAAQ;MACrDY,cAAA,GAAiBnB,eAAA,CAAgBU,MAAM;MAEvCU,mBAAA,GACJF,sBAAA,CAAuBR,MAAM,MAC5BS,cAAA,GAAiBD,sBAAA,CAAuBC,cAAc,IAAI;IAE7D,IAAIC,mBAAA,IAAuB,MACzB,MAAM,IAAIP,KAAA,CAAM,6BAA6BH,MAAM,QAAQS,cAAc,GAAG;IAG9E,IAAIC,mBAAA,KAAwB,IAC1B,OAAOZ,EAAA,CAAGa,MAAA,CAAO,IAAM,KAAK,EAAI;IAGlC,IAAID,mBAAA,KAAwB,IAC1B,OAAOZ,EAAA,CAAGa,MAAA,CAAO,IAAM,KAAK,EAAK;IAGnC,MAAMC,gBAAA,GAAgC,EAAC;IAEvC,WAAWC,GAAA,IAAOP,WAAA,EAAa;MAC7B,MAAMQ,KAAA,GAAQ,OAAOb,OAAA,IAAY,WAAWA,OAAA,GAAUA,OAAA,CAAQY,GAAG;MACjED,gBAAA,CAAiBG,IAAA,CAAKjB,EAAA,CAAGkB,GAAA,CAAIH,GAAA,EAAYC,KAAK,CAAC;IACjD;IAEA,OAAOhB,EAAA,CAAGmB,GAAA,CAAIP,mBAAA,EAAqB,GAAGE,gBAAgB;EACxD;EAEA,eAAeM,IAGbC,KAAA,EAAenB,MAAA,EAAgBoB,GAAA,EAAU;IACzC,MAAMC,GAAA,GAAMhC,UAAA,CAAW;MACjBa,SAAA,GAAYlB,iBAAA,CAAkBmC,KAAK;IACzC,IAAI,CAACjB,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,sDAAsD;IAIpEjB,WAAA,KAAgB,aAClB,MAAMoC,gBAAA,CACJD,GAAA,CAAIE,EAAA,EACJF,GAAA,CAAIxB,QAAA,EACJK,SAAA,EACAiB,KAAA,EACAnB,MAAA,EACAoB,GACF,GACAC,GAAA,CAAIG,oBAAA,GAAuB;EAE/B;EAEA,eAAeF,iBAIbC,EAAA,EACA1B,QAAA,EACAK,SAAA,EACAiB,KAAA,EACAM,QAAA,EACAL,GAAA,EACe;IACf,IAAIvB,QAAA,EAAU6B,IAAA,KAAS,SAErB;IAGF,MAAM1B,MAAA,GAAS2B,MAAA,CAAOF,QAAQ;MACxBG,IAAA,GAAO,GAAG1B,SAAS,IAAIF,MAAM;MAE7B6B,SAAA,GAAYN,EAAA,CAAGO,KAAA,CAAM5B,SAAS;IACpC,IAAI4B,KAAA,GAAqC;IAEzC,IAAI;MACFA,KAAA,GAAQD,SAAA,CACLV,KAAA,CAAOrB,EAAA,IACCF,oBAAA,CAAqBC,QAAA,EAAUC,EAAA,EAAIqB,KAAA,EAAOnB,MAAA,EAAQoB,GAAG,CAC7D,EACAW,GAAA,CAAI,GAEPpD,MAAA,CAAO,MAAMmD,KAAK;IACpB,SAASE,GAAA,EAAK;MACZ,MAAMC,UAAA,GAAa,GAAGL,IAAI,kBAAkB/B,QAAA,EAAUqC,EAAE;MAExD,IAAIF,GAAA,YAAepD,WAAA,EAAa;QAC9B,IAAIuD,GAAA,GAAM,uCAAgCF,UAAU;QACpD,MAAIG,OAAA,CAAQC,GAAA,CAAIC,QAAA,KAAa,iBAAiBR,KAAA,KAC5CK,GAAA,IAAO;AAAA,GAAMpD,qBAAA,CAAsB+C,KAAK,CAAC,KAErC,IAAI3B,KAAA,CAAMgC,GAAG;MACrB;MAEA,MAAM,IAAIhC,KAAA,CAAM,4BAA4B8B,UAAU;AAAA,EAAKD,GAAG,EAAE;IAClE;EACF;EAEA,MAAMO,eAAA,GAAkB7D,iBAAA,CAAoCS,MAAA,EAAQ,YAAY;IAC9E,MAAMqD,kBAAA,GAAqB,MAAMC,OAAA,CAAQC,GAAA,CACvC7D,aAAA,CAAcO,MAAM,EAAEuD,GAAA,CAAI,OAAO,CAAC9B,GAAA,EAAK+B,KAAK,MACnC,MAAM9D,cAAA,CACX;MACEe,QAAA,EAAU;QAAEqC,EAAA,EAAI;QAAIR,IAAA,EAAM;QAAWmB,KAAA,EAAO;MAAG;IACjD,GACA,MACS,CACLhC,GAAA,EACA;MACEiC,GAAA,EAAK;QACHvD,MAAA,EAAQ,CACN,CAACM,QAAA,EAAoBC,EAAA,KAAoC;UACvD,MAAMiD,GAAA,GAAMH,KAAA,CAAMI,WAAA,CAAYlD,EAAA,EAAID,QAAQ,EAAEoD,IAAA;UAE5C,OAAIF,GAAA,KAAQ,KACHjD,EAAA,CAAGmB,GAAA,CAAI,IAGZ8B,GAAA,KAAQ,KACHjD,EAAA,CAAGa,MAAA,CAAO,IAAM,KAAK,EAAK,IAG5BoC,GAAA;QACT,EACF;QAAA;QAEAvD,MAAA,EAAQf,UAAA;QACRgB,MAAA,EAAQhB,UAAA;QACRkB,MAAA,EAAQlB;MACV;IACF,EAGN,CACD,CACH;IAIA,OAFoByE,MAAA,CAAOC,WAAA,CAAYX,kBAAkB;EAG3D,CAAC;EAED,OAAO;IACLtB,GAAA;IACAtB,oBAAA;IACA2C;EACF;AACF","ignoreList":[]}