over-zero 0.0.0

package/dist/esm/createClient.mjs.map

@@ -0,0 +1 @@
+{"version":3,"names":["useZero","ZeroProvider","useQuery","zeroUseQuery","mapObject","useMemo","createPermissions","context","createMutators","useZDB","zeroEmitter","jsx","jsxs","createZero","schema","models","disable","modelPermissions","val","permissions","modelMutators","mutate","permissionsHelpers","latestZeroInstance","zero","Proxy","get","_","key","Reflect","query","options","type","out","process","env","NODE_ENV","ProvideZero","children","authData","props","mutators","environment","kvStore","onError","error","console","emit","message","SetZeroInstance","zero2"],"sources":["../../src/createClient.tsx"],"sourcesContent":[null],"mappings":"AACA,SAASA,OAAA,EAASC,YAAA,EAAcC,QAAA,IAAYC,YAAA,QAAoB;AAChE,SAASC,SAAA,QAAiB;AAC1B,SAASC,OAAA,QAA+B;AACxC,SAASC,iBAAA,QAAyB;AAClC,SAASC,OAAA,QAAe;AACxB,SAASC,cAAA,QAAsB;AAC/B,SAASC,MAAA,QAAc;AACvB,SAASC,WAAA,QAAmB;AA2EtB,SAaEC,GAAA,EAbFC,IAAA;AAzEC,SAASC,WAA6B;EAC3CC,MAAA;EACAC,MAAA;EACAC;AACF,GAIG;EAGD,MAAMC,gBAAA,GAAmBb,SAAA,CAAUW,MAAA,EAASG,GAAA,IAAQA,GAAA,CAAIC,WAAW;IAI7DC,aAAA,GAAgBhB,SAAA,CAAUW,MAAA,EAASG,GAAA,IAAQA,GAAA,CAAIG,MAAM;IAIrDC,kBAAA,GAAqBhB,iBAAA,CAAgCQ,MAAA,EAAQP,OAAO;EAS1E,IAAIgB,kBAAA,GAA0C;EAI9C,MAAMC,IAAA,GAAqB,IAAIC,KAAA,CAAM,CAAC,GAAY;MAChDC,IAAIC,CAAA,EAAGC,GAAA,EAAK;QACV,OAAOC,OAAA,CAAQH,GAAA,CAAIH,kBAAA,EAAqBK,GAAA,EAAKL,kBAAkB;MACjE;IACF,CAAC;IAEKrB,QAAA,GAAgCA,CAAC4B,KAAA,EAAOC,OAAA,KAAY;MACxD,IAAIf,OAAA,EACF,OAAO,CAAC,MAAM;QAAEgB,IAAA,EAAM;MAAU,CAAC;MAGnC,MAAMC,GAAA,GAAM9B,YAAA,CAAa2B,KAAA,EAAOC,OAAO;MAEvC,OAAIG,OAAA,CAAQC,GAAA,CAAIC,QAAA,KAAa,iBAE3B3B,MAAA,CAAOqB,KAAA,EAAOC,OAAA,EAASE,GAAG,GAGrBA,GAAA;IACT;IAEMI,WAAA,GAAcA,CAAC;MACnBC,QAAA;MACAC,QAAA;MACA,GAAGC;IACL,MAGM;MACJ,MAAMC,QAAA,GAAWpC,OAAA,CAAQ,MAChBG,cAAA,CAAe;QACpBkC,WAAA,EAAa;QACbH;MACF,CAAC,GACA,CAACA,QAAQ,CAAC;MAEb,OAAIvB,OAAA,GACKsB,QAAA,GAIP,eAAA1B,IAAA,CAACX,YAAA;QACCa,MAAA;QACA6B,OAAA,EAAS;QACTC,OAAA,EAAUC,KAAA,IAAU;UAClBC,OAAA,CAAQD,KAAA,CAAM,eAAeA,KAAK,GAClCnC,WAAA,CAAYqC,IAAA,CAAK;YACff,IAAA,EAAM;YACNgB,OAAA,EAASH;UACX,CAAC;QACH;QACAJ,QAAA;QACC,GAAGD,KAAA;QAEJF,QAAA,kBAAA3B,GAAA,CAACsC,eAAA,IAAgB,GAChBX,QAAA;MAAA,CACH;IAEJ;IAEMW,eAAA,GAAkBA,CAAA,KAAM;MAC5B,MAAMC,KAAA,GAAOlD,OAAA,CAAqB;MAQlC,OAAIkD,KAAA,KAAS3B,kBAAA,KACXA,kBAAA,GAAqB2B,KAAA,GAGhB;IACT;EAEA,OAAO;IACLb,WAAA;IACAnC,QAAA;IACAsB,IAAA;IACA,GAAGF;EACL;AACF","ignoreList":[]}

package/dist/esm/createClient.native.js

@@ -0,0 +1,74 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useZero, ZeroProvider, useQuery as zeroUseQuery } from "@rocicorp/zero/react";
+import { mapObject } from "@vxrn/helpers";
+import { useMemo } from "react";
+import { createPermissions } from "./createPermissions.native.js";
+import { context } from "./helpers/context.native.js";
+import { createMutators } from "./helpers/createMutators.native.js";
+import { useZDB } from "./helpers/useZDB.native.js";
+import { zeroEmitter } from "./helpers/zeroEmitter.native.js";
+function createZero(param) {
+  var {
+      schema,
+      models,
+      disable
+    } = param,
+    modelPermissions = mapObject(models, function (val) {
+      return val.permissions;
+    }),
+    modelMutators = mapObject(models, function (val) {
+      return val.mutate;
+    }),
+    permissionsHelpers = createPermissions(schema, context),
+    latestZeroInstance = null,
+    zero = new Proxy({}, {
+      get(_, key) {
+        return Reflect.get(latestZeroInstance, key, latestZeroInstance);
+      }
+    }),
+    useQuery = function (query, options) {
+      if (disable) return [null, {
+        type: "unknown"
+      }];
+      var out = zeroUseQuery(query, options);
+      return process.env.NODE_ENV === "development" && useZDB(query, options, out), out;
+    },
+    ProvideZero = function (param2) {
+      var {
+          children,
+          authData,
+          ...props
+        } = param2,
+        mutators = useMemo(function () {
+          return createMutators({
+            environment: "client",
+            authData
+          });
+        }, [authData]);
+      return disable ? children : /* @__PURE__ */_jsxs(ZeroProvider, {
+        schema,
+        kvStore: "mem",
+        onError: function (error) {
+          console.error("Zero Error:", error), zeroEmitter.emit({
+            type: "error",
+            message: error
+          });
+        },
+        mutators,
+        ...props,
+        children: [/* @__PURE__ */_jsx(SetZeroInstance, {}), children]
+      });
+    },
+    SetZeroInstance = function () {
+      var zero2 = useZero();
+      return zero2 !== latestZeroInstance && (latestZeroInstance = zero2), null;
+    };
+  return {
+    ProvideZero,
+    useQuery,
+    zero,
+    ...permissionsHelpers
+  };
+}
+export { createZero };
+//# sourceMappingURL=createClient.native.js.map

package/dist/esm/createClient.native.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["jsx","_jsx","jsxs","_jsxs","useZero","ZeroProvider","useQuery","zeroUseQuery","mapObject","useMemo","createPermissions","context","createMutators","useZDB","zeroEmitter","createZero","param","schema","models","disable","modelPermissions","val","permissions","modelMutators","mutate","permissionsHelpers","latestZeroInstance","zero","Proxy","get","_","key","Reflect","query","options","type","out","process","env","NODE_ENV","ProvideZero","param2","children","authData","props","mutators","environment","kvStore","onError","error","console","emit","message","SetZeroInstance","zero2"],"sources":["../../src/createClient.tsx"],"sourcesContent":[null],"mappings":"AACA,SAASA,GAAA,IAAAC,IAAS,EAAAC,IAAA,IAAAC,KAAc,2BAAY;AAC5C,SAASC,OAAA,EAAAC,YAAiB,EAAAC,QAAA,IAAAC,YAAA;AAC1B,SAASC,SAAA,QAA+B;AACxC,SAASC,OAAA;AACT,SAASC,iBAAe;AACxB,SAASC,OAAA,qCAAsB;AAC/B,SAASC,cAAc;AACvB,SAASC,MAAA,oCAAmB;AA2EtB,SAaEC,WAbF;AAzEC,SAASC,WAA6BC,KAAA;EAC3C;MAAAC,MAAA;MAAAC,MAAA;MAAAC;IAAA,IAAAH,KAAA;IAAAI,gBAAA,GAAAZ,SAAA,CAAAU,MAAA,YAAAG,GAAA;MACA,OAAAA,GAAA,CAAAC,WAAA;IACA;IAAAC,aAAA,GAAAf,SAAA,CAAAU,MAAA,YAAAG,GAAA;MAKC,OAAAA,GAAA,CAAAG,MAAA;IAGD;IAAAC,kBAAM,GAAmBf,iBAAU,CAAQO,MAAC,EAAAN,OAAY;IAAAe,kBAIlD,OAAgB;IAAAC,IAAA,OAAUC,KAAQ,CAAC;MAazCC,GAAIA,CAAAC,CAAA,EAAAC,GAAA;QAIJ,OAAMC,OAAyB,CAAAH,GAAA,CAAMH,kBAAa,EAAAK,GAAA,EAAAL,kBAAA;MAChD;IACE;IAAApB,QAAO,YAAAA,CAAY2B,KAAA,EAAAC,OAAA;MACrB,IAAAf,OAAA,EAGI,QACA,MACF;QAGIgB,IAAA,EAAM;MAEZ,EAQI;MACJ,IAAAC,GAAA,GAAA7B,YAAA,CAAA0B,KAAA,EAAAC,OAAA;MACA,OAAAG,OAAA,CAAAC,GAAA,CAAAC,QAAA,sBAAA1B,MAAA,CAAAoB,KAAA,EAAAC,OAAA,EAAAE,GAAA,GAAAA,GAAA;IAAA;IACAI,WAAG,YAAAA,CAAAC,MAAA;MACL,IAGM;UAAAC,QAAA;UAAAC,QAAA;UAAA,GAAAC;QAAA,IAAAH,MAAA;QAAAI,QAAA,GAAApC,OAAA;UACJ,OAAMG,cAAW;YAEbkC,WAAa;YACbH;UACD,EACA;QAEH,IAKGA,QAAA;MAAA,OACCxB,OAAA,GAAAuB,QAAA,kBAAAvC,KAAA,CAAAE,YAAA;QAAAY,MACA;QAAS8B,OACT,OAAU;QACRC,OAAA,WAAAA,CAAcC,KAAA;UACGC,OACf,CAAAD,KAAM,gBAAAA,KAAA,GAAAnC,WAAA,CAAAqC,IAAA;YAAAhB,IACN,SAAS;YACXiB,OAAC,EAAAH;UACH;QAAA;QACAJ,QACI;QAAA,GAEJD,KAAA;QAAAF,QAAA,GAAiB,eAChBzC,IAAA,CAAAoD,eAAA,OAAAX,QAAA;MACH;IAEJ;IAEMW,eAAA,GAAkB,SAAAA,CAAA,EAAM;MAC5B,IAAAC,KAAM,GAAAlD,OAAO;MAQb,OAAIkD,KAAA,KAAS5B,kBAAA,KACXA,kBAAA,GAAqB4B,KAAA,GAGhB;IACT;EAEA,OAAO;IACLd,WAAA;IACAlC,QAAA;IACAqB,IAAA;IACA,GAAGF;EACL;AACF","ignoreList":[]}

package/dist/esm/createMutations.js

@@ -0,0 +1,27 @@
+function mutations(table, permissions, mutations2) {
+  if (permissions) {
+    const tableName = table.schema.name, createCRUDMutation = (action) => async (ctx, obj) => {
+      const runServerPermissionCheck = async () => {
+        ctx.didCanPermissionsRun || process.env.VITE_ENVIRONMENT === "ssr" && await ctx.can(permissions, action, obj);
+      };
+      action === "delete" && await runServerPermissionCheck();
+      const existing = mutations2?.[action];
+      existing ? await existing(ctx, obj) : await ctx.tx.mutate[tableName][action](obj), action !== "delete" && await runServerPermissionCheck();
+    }, crudMutations = {
+      insert: createCRUDMutation("insert"),
+      update: createCRUDMutation("update"),
+      delete: createCRUDMutation("delete"),
+      upsert: createCRUDMutation("upsert")
+    };
+    return {
+      ...mutations2,
+      // overwrite regular mutations but call them if they are defined by user
+      ...crudMutations
+    };
+  }
+  return table;
+}
+export {
+  mutations
+};
+//# sourceMappingURL=createMutations.js.map

package/dist/esm/createMutations.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/createMutations.ts"],
+  "mappings": "AAgEO,SAAS,UAGd,OAA0B,aAAqBA,YAAkC;AACjF,MAAI,aAAa;AACf,UAAM,YAAa,MAAgB,OAAO,MAEpC,qBAAqB,CAAC,WACnB,OAAO,KAAqB,QAAa;AAG9C,YAAM,2BAA2B,YAAY;AAC3C,QAAI,IAAI,wBAMJ,QAAQ,IAAI,qBAAqB,SACnC,MAAM,IAAI,IAAI,aAAa,QAAQ,GAAG;AAAA,MAE1C;AAEA,MAAI,WAAW,YACb,MAAM,yBAAyB;AAIjC,YAAM,WAAWA,aAAY,MAAM;AAEnC,MAAI,WACF,MAAM,SAAS,KAAK,GAAG,IAEvB,MAAM,IAAI,GAAG,OAAO,SAAS,EAAE,MAAM,EAAE,GAAG,GAGxC,WAAW,YACb,MAAM,yBAAyB;AAAA,IAEnC,GAGI,gBAAoC;AAAA,MACxC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,MACnC,QAAQ,mBAAmB,QAAQ;AAAA,IACrC;AAEA,WAAO;AAAA,MACL,GAAGA;AAAA;AAAA,MAEH,GAAG;AAAA,IACL;AAAA,EACF;AAGA,SAAO;AACT;",
+  "names": ["mutations"]
+}

package/dist/esm/createMutations.mjs

@@ -0,0 +1,27 @@
+function mutations(table, permissions, mutations2) {
+  if (permissions) {
+    const tableName = table.schema.name,
+      createCRUDMutation = action => async (ctx, obj) => {
+        const runServerPermissionCheck = async () => {
+          ctx.didCanPermissionsRun || process.env.VITE_ENVIRONMENT === "ssr" && (await ctx.can(permissions, action, obj));
+        };
+        action === "delete" && (await runServerPermissionCheck());
+        const existing = mutations2?.[action];
+        existing ? await existing(ctx, obj) : await ctx.tx.mutate[tableName][action](obj), action !== "delete" && (await runServerPermissionCheck());
+      },
+      crudMutations = {
+        insert: createCRUDMutation("insert"),
+        update: createCRUDMutation("update"),
+        delete: createCRUDMutation("delete"),
+        upsert: createCRUDMutation("upsert")
+      };
+    return {
+      ...mutations2,
+      // overwrite regular mutations but call them if they are defined by user
+      ...crudMutations
+    };
+  }
+  return table;
+}
+export { mutations };
+//# sourceMappingURL=createMutations.mjs.map

package/dist/esm/createMutations.mjs.map

@@ -0,0 +1 @@
+{"version":3,"names":["mutations","table","permissions","mutations2","tableName","schema","name","createCRUDMutation","action","ctx","obj","runServerPermissionCheck","didCanPermissionsRun","process","env","VITE_ENVIRONMENT","can","existing","tx","mutate","crudMutations","insert","update","delete","upsert"],"sources":["../../src/createMutations.ts"],"sourcesContent":[null],"mappings":"AAgEO,SAASA,UAGdC,KAAA,EAA0BC,WAAA,EAAqBC,UAAA,EAAkC;EACjF,IAAID,WAAA,EAAa;IACf,MAAME,SAAA,GAAaH,KAAA,CAAgBI,MAAA,CAAOC,IAAA;MAEpCC,kBAAA,GAAsBC,MAAA,IACnB,OAAOC,GAAA,EAAqBC,GAAA,KAAa;QAG9C,MAAMC,wBAAA,GAA2B,MAAAA,CAAA,KAAY;UACvCF,GAAA,CAAIG,oBAAA,IAMJC,OAAA,CAAQC,GAAA,CAAIC,gBAAA,KAAqB,UACnC,MAAMN,GAAA,CAAIO,GAAA,CAAId,WAAA,EAAaM,MAAA,EAAQE,GAAG;QAE1C;QAEIF,MAAA,KAAW,aACb,MAAMG,wBAAA,CAAyB;QAIjC,MAAMM,QAAA,GAAWd,UAAA,GAAYK,MAAM;QAE/BS,QAAA,GACF,MAAMA,QAAA,CAASR,GAAA,EAAKC,GAAG,IAEvB,MAAMD,GAAA,CAAIS,EAAA,CAAGC,MAAA,CAAOf,SAAS,EAAEI,MAAM,EAAEE,GAAG,GAGxCF,MAAA,KAAW,aACb,MAAMG,wBAAA,CAAyB;MAEnC;MAGIS,aAAA,GAAoC;QACxCC,MAAA,EAAQd,kBAAA,CAAmB,QAAQ;QACnCe,MAAA,EAAQf,kBAAA,CAAmB,QAAQ;QACnCgB,MAAA,EAAQhB,kBAAA,CAAmB,QAAQ;QACnCiB,MAAA,EAAQjB,kBAAA,CAAmB,QAAQ;MACrC;IAEA,OAAO;MACL,GAAGJ,UAAA;MAAA;MAEH,GAAGiB;IACL;EACF;EAGA,OAAOnB,KAAA;AACT","ignoreList":[]}

package/dist/esm/createMutations.native.js

@@ -0,0 +1,29 @@
+function mutations(table, permissions, mutations2) {
+  if (permissions) {
+    var tableName = table.schema.name,
+      createCRUDMutation = function (action) {
+        return async function (ctx, obj) {
+          var runServerPermissionCheck = async function () {
+            ctx.didCanPermissionsRun || process.env.VITE_ENVIRONMENT === "ssr" && (await ctx.can(permissions, action, obj));
+          };
+          action === "delete" && (await runServerPermissionCheck());
+          var existing = mutations2?.[action];
+          existing ? await existing(ctx, obj) : await ctx.tx.mutate[tableName][action](obj), action !== "delete" && (await runServerPermissionCheck());
+        };
+      },
+      crudMutations = {
+        insert: createCRUDMutation("insert"),
+        update: createCRUDMutation("update"),
+        delete: createCRUDMutation("delete"),
+        upsert: createCRUDMutation("upsert")
+      };
+    return {
+      ...mutations2,
+      // overwrite regular mutations but call them if they are defined by user
+      ...crudMutations
+    };
+  }
+  return table;
+}
+export { mutations };
+//# sourceMappingURL=createMutations.native.js.map

package/dist/esm/createMutations.native.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["mutations","table","permissions","mutations2","tableName","schema","name","createCRUDMutation","action","ctx","obj","runServerPermissionCheck","didCanPermissionsRun","process","env","VITE_ENVIRONMENT","can","existing","tx","mutate","crudMutations","insert","update","delete","upsert"],"sources":["../../src/createMutations.ts"],"sourcesContent":[null],"mappings":"AAgEO,SAASA,UAGdC,KAAA,EAA0BC,WAAA,EAAqBC,UAAA,EAAkC;EACjF,IAAID,WAAA,EAAa;IACf,IAAAE,SAAM,GAAAH,KAAa,CAAAI,MAAgB,CAAAC,IAAO;MAAAC,kBAEpC,YAAAA,CAAsBC,MACnB;QAGL,OAAM,gBAAAC,GAAA,EAAAC,GAAA;UACA,IAAIC,wBAMJ,kBAAAA,CAAA,EAAY;YAGlBF,GAAA,CAAAG,oBAAA,IAAAC,OAAA,CAAAC,GAAA,CAAAC,gBAAA,qBAAAN,GAAA,CAAAO,GAAA,CAAAd,WAAA,EAAAM,MAAA,EAAAE,GAAA;UAEI;UAKJF,MAAM,aAAW,WAAYG,wBAAM;UAE/B,IAAAM,QACF,GAAMd,UAAS,GAAAK,MAAQ;UAWvBS,QAAA,SAAoCA,QAAA,CAAAR,GAAA,EAAAC,GAAA,UAAAD,GAAA,CAAAS,EAAA,CAAAC,MAAA,CAAAf,SAAA,EAAAI,MAAA,EAAAE,GAAA,GAAAF,MAAA,wBAAAG,wBAAA;QACxC;MAAmC;MACnCS,aAAQ;QACRC,MAAA,EAAQd,kBAAA,CAAmB,QAAQ;QACnCe,MAAA,EAAQf,kBAAA,CAAmB,QAAQ;QACrCgB,MAAA,EAAAhB,kBAAA;QAEAiB,MAAO,EAAAjB,kBAAA;MAAA;IACF;MAEH,GAAGJ,UAAA;MACL;MACF,GAAAiB;IAGA;EACF","ignoreList":[]}

package/dist/esm/createPermissions.js

@@ -0,0 +1,106 @@
+import { createLocalStorage, ensure, EnsureError } from "@vxrn/helpers";
+import { prettyFormatZeroQuery } from "./helpers/prettyFormatZeroQuery";
+function createPermissions(schema, getContext) {
+  runEnvironmentSafetyCheck();
+  const permissionCache = createLocalStorage("permissions-cache", {
+    storageLimit: 24
+  });
+  function where(a, b) {
+    return b && WhereTableNameMap.set(b, a), b || a;
+  }
+  const WhereTableNameMap = /* @__PURE__ */ new WeakMap();
+  function getWhereTableName(where2) {
+    return WhereTableNameMap.get(where2);
+  }
+  const fallbackActions = {
+    select: "read",
+    insert: "write",
+    update: "write",
+    upsert: "write",
+    delete: "write"
+  };
+  function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
+    const tableName = getWhereTableName(permissionWhere);
+    if (!tableName)
+      throw new Error("Must use PermissionWhere for buildPermissionQuery");
+    const primaryKeys = schema.tables[tableName].primaryKey, permissionQueryBuilder = permissionWhere(eb, authData), fallbackAction = fallbackActions[action], permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    if (permissionCondition == null)
+      throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
+    if (permissionCondition === !0)
+      return eb.cmpLit(!0, "=", !0);
+    if (permissionCondition === !1)
+      return eb.cmpLit(!0, "=", !1);
+    const primaryKeyWheres = [];
+    for (const key of primaryKeys) {
+      const value = typeof objOrId == "string" ? objOrId : objOrId[key];
+      primaryKeyWheres.push(eb.cmp(key, value));
+    }
+    return eb.and(permissionCondition, ...primaryKeyWheres);
+  }
+  async function can(where2, action, obj) {
+    const ctx = getContext(), tableName = getWhereTableName(where2);
+    if (!tableName)
+      throw new Error("Must use where('table') style where to pass to can()");
+    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(
+      ctx.tx,
+      ctx.authData,
+      tableName,
+      where2,
+      action,
+      obj
+    ), ctx.didCanPermissionsRun = !0);
+  }
+  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+    if (authData?.role === "admin")
+      return;
+    const action = String(actionIn), name = `${tableName}.${action}`, queryBase = tx.query[tableName];
+    let query = null;
+    try {
+      query = queryBase.where((eb) => buildPermissionQuery(authData, eb, where2, action, obj)).one(), ensure(await query);
+    } catch (err) {
+      const errorTitle = `${name} with auth id: ${authData?.id}`;
+      if (err instanceof EnsureError) {
+        let msg = `[permission] \u{1F6AB} Not Allowed: ${errorTitle}`;
+        throw process.env.NODE_ENV === "development" && query && (msg += `
+ ${prettyFormatZeroQuery(query)}`), new Error(msg);
+      }
+      throw new Error(`Error running permission ${errorTitle}
+${err}`);
+    }
+  }
+  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
+    const keyBase = `${table}${action}`, key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`, cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase), authData = useAuthData(), permission = modelPermissions[table], query = (() => {
+      let baseQuery = zero.query[table].one();
+      return enabled ? baseQuery.where((eb) => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
+    })(), [data, status] = useQuery(query, {
+      enabled: !!(enabled && authData && objOrId)
+    });
+    debug && console.info(
+      "usePermission()",
+      { data, status, action, authData, permission },
+      prettyFormatZeroQuery(query)
+    );
+    const allowed = !!data;
+    return objOrId ? allowed : !1;
+  }
+  return {
+    where,
+    can,
+    usePermission
+  };
+}
+function runEnvironmentSafetyCheck() {
+  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
+
+ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
+This is makes Zero entirely insecure and needs to be fixed immediately.
+
+This is likely a One framework issue, unless the user Vite config is overwriting the value.
+One automatically sets this value.
+        
+        `);
+}
+export {
+  createPermissions
+};
+//# sourceMappingURL=createPermissions.js.map

package/dist/esm/createPermissions.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/createPermissions.ts"],
+  "mappings": "AAQA,SAAS,oBAAoB,QAAQ,mBAAmB;AAGxD,SAAS,6BAA6B;AAE/B,SAAS,kBACd,QACA,YACA;AACA,4BAA0B;AAO1B,QAAM,kBAAkB,mBAAoC,qBAAqB;AAAA,IAC/E,cAAc;AAAA,EAChB,CAAC;AAoBD,WAAS,MACP,GACA,GACS;AACT,WAAI,KACF,kBAAkB,IAAI,GAAG,CAAU,GAE7B,KAAK;AAAA,EACf;AAIA,QAAM,oBAAoB,oBAAI,QAA0B;AAExD,WAAS,kBAAkBA,QAAc;AACvC,WAAO,kBAAkB,IAAIA,MAAK;AAAA,EACpC;AAqBA,QAAM,kBAA0C;AAAA,IAC9C,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,IACR,QAAQ;AAAA,EACV;AAEA,WAAS,qBAIP,UACA,IACA,iBACA,QAEA,SACA;AACA,UAAM,YAAY,kBAAkB,eAAe;AAEnD,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,mDAAmD;AAIrE,UAAM,cADc,OAAO,OAAO,SAAS,EACX,YAC1B,yBAAyB,gBAAgB,IAAI,QAAQ,GACrD,iBAAiB,gBAAgB,MAAM,GAEvC,sBACJ,uBAAuB,MAAM,MAC5B,iBAAiB,uBAAuB,cAAc,IAAI;AAE7D,QAAI,uBAAuB;AACzB,YAAM,IAAI,MAAM,6BAA6B,MAAM,QAAQ,cAAc,GAAG;AAG9E,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAI;AAGlC,QAAI,wBAAwB;AAC1B,aAAO,GAAG,OAAO,IAAM,KAAK,EAAK;AAGnC,UAAM,mBAAgC,CAAC;AAEvC,eAAW,OAAO,aAAa;AAC7B,YAAM,QAAQ,OAAO,WAAY,WAAW,UAAU,QAAQ,GAAG;AACjE,uBAAiB,KAAK,GAAG,IAAI,KAAY,KAAK,CAAC;AAAA,IACjD;AAEA,WAAO,GAAG,IAAI,qBAAqB,GAAG,gBAAgB;AAAA,EACxD;AAEA,iBAAe,IAGbA,QAAe,QAAgB,KAAU;AACzC,UAAM,MAAM,WAAW,GACjB,YAAY,kBAAkBA,MAAK;AACzC,QAAI,CAAC;AACH,YAAM,IAAI,MAAM,sDAAsD;AAIxE,IAAI,QAAQ,IAAI,qBAAqB,UACnC,MAAM;AAAA,MACJ,IAAI;AAAA,MACJ,IAAI;AAAA,MACJ;AAAA,MACAA;AAAA,MACA;AAAA,MACA;AAAA,IACF,GACA,IAAI,uBAAuB;AAAA,EAE/B;AAIA,iBAAe,iBAIb,IACA,UACA,WACAA,QACA,UACA,KACe;AACf,QAAI,UAAU,SAAS;AAErB;AAGF,UAAM,SAAS,OAAO,QAAQ,GACxB,OAAO,GAAG,SAAS,IAAI,MAAM,IAC7B,YAAY,GAAG,MAAM,SAAS;AACpC,QAAI,QAAqC;AAEzC,QAAI;AACF,cAAQ,UACL,MAAM,CAAC,OACC,qBAAqB,UAAU,IAAIA,QAAO,QAAQ,GAAG,CAC7D,EACA,IAAI,GAEP,OAAO,MAAM,KAAK;AAAA,IACpB,SAAS,KAAK;AACZ,YAAM,aAAa,GAAG,IAAI,kBAAkB,UAAU,EAAE;AAExD,UAAI,eAAe,aAAa;AAC9B,YAAI,MAAM,uCAAgC,UAAU;AACpD,cAAI,QAAQ,IAAI,aAAa,iBAAiB,UAC5C,OAAO;AAAA,GAAM,sBAAsB,KAAK,CAAC,KAErC,IAAI,MAAM,GAAG;AAAA,MACrB;AAEA,YAAM,IAAI,MAAM,4BAA4B,UAAU;AAAA,EAAK,GAAG,EAAE;AAAA,IAClE;AAAA,EACF;AAEA,WAAS,cAIP,OACA,QACA,SACA,UAAU,OAAO,UAAY,KAC7B,QAAQ,IACQ;AAEhB,UAAM,UAAU,GAAG,KAAK,GAAG,MAAM,IAC3B,MAAM,GAAG,OAAO,GAAG,OAAO,WAAY,WAAW,UAAU,KAAK,UAAU,OAAO,CAAC,IAClF,WAAW,gBAAgB,IAAI,GAAG,KAAK,gBAAgB,IAAI,OAAO,GAClE,WAAW,YAAY,GACvB,aAAa,iBAAiB,KAAK,GAEnC,SAAS,MAAM;AACnB,UAAI,YAAY,KAAK,MAAM,KAAK,EAAE,IAAI;AAEtC,aAAK,UAIE,UAAU,MAAM,CAAC,OACf,qBAAqB,UAAU,IAAI,YAAY,QAAQ,OAAc,CAC7E,IALQ;AAAA,IAMX,GAAG,GAEG,CAAC,MAAM,MAAM,IAAI,SAAS,OAAO;AAAA,MACrC,SAAS,GAAQ,WAAW,YAAY;AAAA,IAC1C,CAAC;AAED,IAAI,SACF,QAAQ;AAAA,MACN;AAAA,MACA,EAAE,MAAM,QAAQ,QAAQ,UAAU,WAAW;AAAA,MAC7C,sBAAsB,KAAK;AAAA,IAC7B;AAKF,UAAM,UAAU,EAFD;AAIf,WAAK,UAIE,UAHE;AAAA,EAIX;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAIA,SAAS,4BAA4B;AACnC,EAAI,OAAO,WAAa,OAEb,OAAO,YAAc,OAAe,UAAU,YAAY,iBAI/D,QAAQ,IAAI,qBAAqB,SACnC,QAAQ,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQX;AAGT;",
+  "names": ["where"]
+}

package/dist/esm/createPermissions.mjs

@@ -0,0 +1,105 @@
+import { createLocalStorage, ensure, EnsureError } from "@vxrn/helpers";
+import { prettyFormatZeroQuery } from "./helpers/prettyFormatZeroQuery.mjs";
+function createPermissions(schema, getContext) {
+  runEnvironmentSafetyCheck();
+  const permissionCache = createLocalStorage("permissions-cache", {
+    storageLimit: 24
+  });
+  function where(a, b) {
+    return b && WhereTableNameMap.set(b, a), b || a;
+  }
+  const WhereTableNameMap = /* @__PURE__ */new WeakMap();
+  function getWhereTableName(where2) {
+    return WhereTableNameMap.get(where2);
+  }
+  const fallbackActions = {
+    select: "read",
+    insert: "write",
+    update: "write",
+    upsert: "write",
+    delete: "write"
+  };
+  function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
+    const tableName = getWhereTableName(permissionWhere);
+    if (!tableName) throw new Error("Must use PermissionWhere for buildPermissionQuery");
+    const primaryKeys = schema.tables[tableName].primaryKey,
+      permissionQueryBuilder = permissionWhere(eb, authData),
+      fallbackAction = fallbackActions[action],
+      permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    if (permissionCondition == null) throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
+    if (permissionCondition === !0) return eb.cmpLit(!0, "=", !0);
+    if (permissionCondition === !1) return eb.cmpLit(!0, "=", !1);
+    const primaryKeyWheres = [];
+    for (const key of primaryKeys) {
+      const value = typeof objOrId == "string" ? objOrId : objOrId[key];
+      primaryKeyWheres.push(eb.cmp(key, value));
+    }
+    return eb.and(permissionCondition, ...primaryKeyWheres);
+  }
+  async function can(where2, action, obj) {
+    const ctx = getContext(),
+      tableName = getWhereTableName(where2);
+    if (!tableName) throw new Error("Must use where('table') style where to pass to can()");
+    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where2, action, obj), ctx.didCanPermissionsRun = !0);
+  }
+  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+    if (authData?.role === "admin") return;
+    const action = String(actionIn),
+      name = `${tableName}.${action}`,
+      queryBase = tx.query[tableName];
+    let query = null;
+    try {
+      query = queryBase.where(eb => buildPermissionQuery(authData, eb, where2, action, obj)).one(), ensure(await query);
+    } catch (err) {
+      const errorTitle = `${name} with auth id: ${authData?.id}`;
+      if (err instanceof EnsureError) {
+        let msg = `[permission] \u{1F6AB} Not Allowed: ${errorTitle}`;
+        throw process.env.NODE_ENV === "development" && query && (msg += `
+ ${prettyFormatZeroQuery(query)}`), new Error(msg);
+      }
+      throw new Error(`Error running permission ${errorTitle}
+${err}`);
+    }
+  }
+  function usePermission(table, action, objOrId, enabled = typeof objOrId < "u", debug = !1) {
+    const keyBase = `${table}${action}`,
+      key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`,
+      cacheVal = permissionCache.get(key) ?? permissionCache.get(keyBase),
+      authData = useAuthData(),
+      permission = modelPermissions[table],
+      query = (() => {
+        let baseQuery = zero.query[table].one();
+        return enabled ? baseQuery.where(eb => buildPermissionQuery(authData, eb, permission, action, objOrId)) : baseQuery;
+      })(),
+      [data, status] = useQuery(query, {
+        enabled: !!(enabled && authData && objOrId)
+      });
+    debug && console.info("usePermission()", {
+      data,
+      status,
+      action,
+      authData,
+      permission
+    }, prettyFormatZeroQuery(query));
+    const allowed = !!data;
+    return objOrId ? allowed : !1;
+  }
+  return {
+    where,
+    can,
+    usePermission
+  };
+}
+function runEnvironmentSafetyCheck() {
+  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
+
+ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
+This is makes Zero entirely insecure and needs to be fixed immediately.
+
+This is likely a One framework issue, unless the user Vite config is overwriting the value.
+One automatically sets this value.
+        
+        `);
+}
+export { createPermissions };
+//# sourceMappingURL=createPermissions.mjs.map

package/dist/esm/createPermissions.mjs.map

@@ -0,0 +1 @@
+{"version":3,"names":["createLocalStorage","ensure","EnsureError","prettyFormatZeroQuery","createPermissions","schema","getContext","runEnvironmentSafetyCheck","permissionCache","storageLimit","where","a","b","WhereTableNameMap","set","WeakMap","getWhereTableName","where2","get","fallbackActions","select","insert","update","upsert","delete","buildPermissionQuery","authData","eb","permissionWhere","action","objOrId","tableName","Error","primaryKeys","tables","primaryKey","permissionQueryBuilder","fallbackAction","permissionCondition","cmpLit","primaryKeyWheres","key","value","push","cmp","and","can","obj","ctx","process","env","VITE_ENVIRONMENT","ensurePermission","tx","didCanPermissionsRun","actionIn","role","String","name","queryBase","query","one","err","errorTitle","id","msg","NODE_ENV","usePermission","table","enabled","debug","keyBase","JSON","stringify","cacheVal","useAuthData","permission","modelPermissions","baseQuery","zero","data","status","useQuery","console","info","allowed","document","navigator","product","error"],"sources":["../../src/createPermissions.ts"],"sourcesContent":[null],"mappings":"AAQA,SAASA,kBAAA,EAAoBC,MAAA,EAAQC,WAAA,QAAmB;AAGxD,SAASC,qBAAA,QAA6B;AAE/B,SAASC,kBACdC,MAAA,EACAC,UAAA,EACA;EACAC,yBAAA,CAA0B;EAO1B,MAAMC,eAAA,GAAkBR,kBAAA,CAAoC,qBAAqB;IAC/ES,YAAA,EAAc;EAChB,CAAC;EAoBD,SAASC,MACPC,CAAA,EACAC,CAAA,EACS;IACT,OAAIA,CAAA,IACFC,iBAAA,CAAkBC,GAAA,CAAIF,CAAA,EAAGD,CAAU,GAE7BC,CAAA,IAAKD,CAAA;EACf;EAIA,MAAME,iBAAA,GAAoB,mBAAIE,OAAA,CAA0B;EAExD,SAASC,kBAAkBC,MAAA,EAAc;IACvC,OAAOJ,iBAAA,CAAkBK,GAAA,CAAID,MAAK;EACpC;EAqBA,MAAME,eAAA,GAA0C;IAC9CC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;EACV;EAEA,SAASC,qBAIPC,QAAA,EACAC,EAAA,EACAC,eAAA,EACAC,MAAA,EAEAC,OAAA,EACA;IACA,MAAMC,SAAA,GAAYf,iBAAA,CAAkBY,eAAe;IAEnD,IAAI,CAACG,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,mDAAmD;IAIrE,MAAMC,WAAA,GADc5B,MAAA,CAAO6B,MAAA,CAAOH,SAAS,EACXI,UAAA;MAC1BC,sBAAA,GAAyBR,eAAA,CAAgBD,EAAA,EAAID,QAAQ;MACrDW,cAAA,GAAiBlB,eAAA,CAAgBU,MAAM;MAEvCS,mBAAA,GACJF,sBAAA,CAAuBP,MAAM,MAC5BQ,cAAA,GAAiBD,sBAAA,CAAuBC,cAAc,IAAI;IAE7D,IAAIC,mBAAA,IAAuB,MACzB,MAAM,IAAIN,KAAA,CAAM,6BAA6BH,MAAM,QAAQQ,cAAc,GAAG;IAG9E,IAAIC,mBAAA,KAAwB,IAC1B,OAAOX,EAAA,CAAGY,MAAA,CAAO,IAAM,KAAK,EAAI;IAGlC,IAAID,mBAAA,KAAwB,IAC1B,OAAOX,EAAA,CAAGY,MAAA,CAAO,IAAM,KAAK,EAAK;IAGnC,MAAMC,gBAAA,GAAgC,EAAC;IAEvC,WAAWC,GAAA,IAAOR,WAAA,EAAa;MAC7B,MAAMS,KAAA,GAAQ,OAAOZ,OAAA,IAAY,WAAWA,OAAA,GAAUA,OAAA,CAAQW,GAAG;MACjED,gBAAA,CAAiBG,IAAA,CAAKhB,EAAA,CAAGiB,GAAA,CAAIH,GAAA,EAAYC,KAAK,CAAC;IACjD;IAEA,OAAOf,EAAA,CAAGkB,GAAA,CAAIP,mBAAA,EAAqB,GAAGE,gBAAgB;EACxD;EAEA,eAAeM,IAGb7B,MAAA,EAAeY,MAAA,EAAgBkB,GAAA,EAAU;IACzC,MAAMC,GAAA,GAAM1C,UAAA,CAAW;MACjByB,SAAA,GAAYf,iBAAA,CAAkBC,MAAK;IACzC,IAAI,CAACc,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,sDAAsD;IAIpEiB,OAAA,CAAQC,GAAA,CAAIC,gBAAA,KAAqB,UACnC,MAAMC,gBAAA,CACJJ,GAAA,CAAIK,EAAA,EACJL,GAAA,CAAItB,QAAA,EACJK,SAAA,EACAd,MAAA,EACAY,MAAA,EACAkB,GACF,GACAC,GAAA,CAAIM,oBAAA,GAAuB;EAE/B;EAIA,eAAeF,iBAIbC,EAAA,EACA3B,QAAA,EACAK,SAAA,EACAd,MAAA,EACAsC,QAAA,EACAR,GAAA,EACe;IACf,IAAIrB,QAAA,EAAU8B,IAAA,KAAS,SAErB;IAGF,MAAM3B,MAAA,GAAS4B,MAAA,CAAOF,QAAQ;MACxBG,IAAA,GAAO,GAAG3B,SAAS,IAAIF,MAAM;MAC7B8B,SAAA,GAAYN,EAAA,CAAGO,KAAA,CAAM7B,SAAS;IACpC,IAAI6B,KAAA,GAAqC;IAEzC,IAAI;MACFA,KAAA,GAAQD,SAAA,CACLjD,KAAA,CAAOiB,EAAA,IACCF,oBAAA,CAAqBC,QAAA,EAAUC,EAAA,EAAIV,MAAA,EAAOY,MAAA,EAAQkB,GAAG,CAC7D,EACAc,GAAA,CAAI,GAEP5D,MAAA,CAAO,MAAM2D,KAAK;IACpB,SAASE,GAAA,EAAK;MACZ,MAAMC,UAAA,GAAa,GAAGL,IAAI,kBAAkBhC,QAAA,EAAUsC,EAAE;MAExD,IAAIF,GAAA,YAAe5D,WAAA,EAAa;QAC9B,IAAI+D,GAAA,GAAM,uCAAgCF,UAAU;QACpD,MAAId,OAAA,CAAQC,GAAA,CAAIgB,QAAA,KAAa,iBAAiBN,KAAA,KAC5CK,GAAA,IAAO;AAAA,GAAM9D,qBAAA,CAAsByD,KAAK,CAAC,KAErC,IAAI5B,KAAA,CAAMiC,GAAG;MACrB;MAEA,MAAM,IAAIjC,KAAA,CAAM,4BAA4B+B,UAAU;AAAA,EAAKD,GAAG,EAAE;IAClE;EACF;EAEA,SAASK,cAIPC,KAAA,EACAvC,MAAA,EACAC,OAAA,EACAuC,OAAA,GAAU,OAAOvC,OAAA,GAAY,KAC7BwC,KAAA,GAAQ,IACQ;IAEhB,MAAMC,OAAA,GAAU,GAAGH,KAAK,GAAGvC,MAAM;MAC3BY,GAAA,GAAM,GAAG8B,OAAO,GAAG,OAAOzC,OAAA,IAAY,WAAWA,OAAA,GAAU0C,IAAA,CAAKC,SAAA,CAAU3C,OAAO,CAAC;MAClF4C,QAAA,GAAWlE,eAAA,CAAgBU,GAAA,CAAIuB,GAAG,KAAKjC,eAAA,CAAgBU,GAAA,CAAIqD,OAAO;MAClE7C,QAAA,GAAWiD,WAAA,CAAY;MACvBC,UAAA,GAAaC,gBAAA,CAAiBT,KAAK;MAEnCR,KAAA,IAAS,MAAM;QACnB,IAAIkB,SAAA,GAAYC,IAAA,CAAKnB,KAAA,CAAMQ,KAAK,EAAEP,GAAA,CAAI;QAEtC,OAAKQ,OAAA,GAIES,SAAA,CAAUpE,KAAA,CAAOiB,EAAA,IACfF,oBAAA,CAAqBC,QAAA,EAAUC,EAAA,EAAIiD,UAAA,EAAY/C,MAAA,EAAQC,OAAc,CAC7E,IALQgD,SAAA;MAMX,GAAG;MAEG,CAACE,IAAA,EAAMC,MAAM,IAAIC,QAAA,CAAStB,KAAA,EAAO;QACrCS,OAAA,EAAS,GAAQA,OAAA,IAAW3C,QAAA,IAAYI,OAAA;MAC1C,CAAC;IAEGwC,KAAA,IACFa,OAAA,CAAQC,IAAA,CACN,mBACA;MAAEJ,IAAA;MAAMC,MAAA;MAAQpD,MAAA;MAAQH,QAAA;MAAUkD;IAAW,GAC7CzE,qBAAA,CAAsByD,KAAK,CAC7B;IAKF,MAAMyB,OAAA,GAAU,EAFDL,IAAA;IAIf,OAAKlD,OAAA,GAIEuD,OAAA,GAHE;EAIX;EAEA,OAAO;IACL3E,KAAA;IACAoC,GAAA;IACAqB;EACF;AACF;AAIA,SAAS5D,0BAAA,EAA4B;EAC/B,OAAO+E,QAAA,GAAa,OAEb,OAAOC,SAAA,GAAc,OAAeA,SAAA,CAAUC,OAAA,KAAY,iBAI/DvC,OAAA,CAAQC,GAAA,CAAIC,gBAAA,KAAqB,SACnCgC,OAAA,CAAQM,KAAA,CAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAQX;AAGT","ignoreList":[]}

package/dist/esm/createPermissions.native.js

@@ -0,0 +1,129 @@
+import { createLocalStorage, ensure, EnsureError } from "@vxrn/helpers";
+import { prettyFormatZeroQuery } from "./helpers/prettyFormatZeroQuery.native.js";
+function createPermissions(schema, getContext) {
+  runEnvironmentSafetyCheck();
+  var permissionCache = createLocalStorage("permissions-cache", {
+    storageLimit: 24
+  });
+  function where(a, b) {
+    return b && WhereTableNameMap.set(b, a), b || a;
+  }
+  var WhereTableNameMap = /* @__PURE__ */new WeakMap();
+  function getWhereTableName(where2) {
+    return WhereTableNameMap.get(where2);
+  }
+  var fallbackActions = {
+    select: "read",
+    insert: "write",
+    update: "write",
+    upsert: "write",
+    delete: "write"
+  };
+  function buildPermissionQuery(authData, eb, permissionWhere, action, objOrId) {
+    var tableName = getWhereTableName(permissionWhere);
+    if (!tableName) throw new Error("Must use PermissionWhere for buildPermissionQuery");
+    var tableSchema = schema.tables[tableName],
+      primaryKeys = tableSchema.primaryKey,
+      permissionQueryBuilder = permissionWhere(eb, authData),
+      fallbackAction = fallbackActions[action],
+      permissionCondition = permissionQueryBuilder[action] || (fallbackAction ? permissionQueryBuilder[fallbackAction] : void 0);
+    if (permissionCondition == null) throw new Error(`No permission defined for ${action} (or ${fallbackAction})`);
+    if (permissionCondition === !0) return eb.cmpLit(!0, "=", !0);
+    if (permissionCondition === !1) return eb.cmpLit(!0, "=", !1);
+    var primaryKeyWheres = [],
+      _iteratorNormalCompletion = !0,
+      _didIteratorError = !1,
+      _iteratorError = void 0;
+    try {
+      for (var _iterator = primaryKeys[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = !0) {
+        var key = _step.value,
+          value = typeof objOrId == "string" ? objOrId : objOrId[key];
+        primaryKeyWheres.push(eb.cmp(key, value));
+      }
+    } catch (err) {
+      _didIteratorError = !0, _iteratorError = err;
+    } finally {
+      try {
+        !_iteratorNormalCompletion && _iterator.return != null && _iterator.return();
+      } finally {
+        if (_didIteratorError) throw _iteratorError;
+      }
+    }
+    return eb.and(permissionCondition, ...primaryKeyWheres);
+  }
+  async function can(where2, action, obj) {
+    var ctx = getContext(),
+      tableName = getWhereTableName(where2);
+    if (!tableName) throw new Error("Must use where('table') style where to pass to can()");
+    process.env.VITE_ENVIRONMENT === "ssr" && (await ensurePermission(ctx.tx, ctx.authData, tableName, where2, action, obj), ctx.didCanPermissionsRun = !0);
+  }
+  async function ensurePermission(tx, authData, tableName, where2, actionIn, obj) {
+    if (authData?.role !== "admin") {
+      var action = String(actionIn),
+        name = `${tableName}.${action}`,
+        queryBase = tx.query[tableName],
+        query = null;
+      try {
+        query = queryBase.where(function (eb) {
+          return buildPermissionQuery(authData, eb, where2, action, obj);
+        }).one(), ensure(await query);
+      } catch (err) {
+        var errorTitle = `${name} with auth id: ${authData?.id}`;
+        if (err instanceof EnsureError) {
+          var msg = `[permission] \u{1F6AB} Not Allowed: ${errorTitle}`;
+          throw process.env.NODE_ENV === "development" && query && (msg += `
+ ${prettyFormatZeroQuery(query)}`), new Error(msg);
+        }
+        throw new Error(`Error running permission ${errorTitle}
+${err}`);
+      }
+    }
+  }
+  function usePermission(table, action, objOrId) {
+    var enabled = arguments.length > 3 && arguments[3] !== void 0 ? arguments[3] : typeof objOrId < "u",
+      debug = arguments.length > 4 && arguments[4] !== void 0 ? arguments[4] : !1,
+      keyBase = `${table}${action}`,
+      key = `${keyBase}${typeof objOrId == "string" ? objOrId : JSON.stringify(objOrId)}`,
+      _permissionCache_get,
+      cacheVal = (_permissionCache_get = permissionCache.get(key)) !== null && _permissionCache_get !== void 0 ? _permissionCache_get : permissionCache.get(keyBase),
+      authData = useAuthData(),
+      permission = modelPermissions[table],
+      query = function () {
+        var baseQuery = zero.query[table].one();
+        return enabled ? baseQuery.where(function (eb) {
+          return buildPermissionQuery(authData, eb, permission, action, objOrId);
+        }) : baseQuery;
+      }(),
+      [data, status] = useQuery(query, {
+        enabled: !!(enabled && authData && objOrId)
+      });
+    debug && console.info("usePermission()", {
+      data,
+      status,
+      action,
+      authData,
+      permission
+    }, prettyFormatZeroQuery(query));
+    var result = data,
+      allowed = !!result;
+    return objOrId ? allowed : !1;
+  }
+  return {
+    where,
+    can,
+    usePermission
+  };
+}
+function runEnvironmentSafetyCheck() {
+  typeof document < "u" || typeof navigator < "u" && navigator.product === "ReactNative" || process.env.VITE_ENVIRONMENT !== "ssr" && console.error(`\u274C\u274C\u274C\u274C
+
+ERROR: VITE_ENVIRONMENT is not set to "ssr" on server, which means permissions checks won't run when they should
+This is makes Zero entirely insecure and needs to be fixed immediately.
+
+This is likely a One framework issue, unless the user Vite config is overwriting the value.
+One automatically sets this value.
+        
+        `);
+}
+export { createPermissions };
+//# sourceMappingURL=createPermissions.native.js.map

package/dist/esm/createPermissions.native.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["createLocalStorage","ensure","EnsureError","prettyFormatZeroQuery","createPermissions","schema","getContext","runEnvironmentSafetyCheck","permissionCache","storageLimit","where","a","b","WhereTableNameMap","set","WeakMap","getWhereTableName","where2","get","fallbackActions","select","insert","update","upsert","delete","buildPermissionQuery","authData","eb","permissionWhere","action","objOrId","tableName","Error","tableSchema","tables","primaryKeys","primaryKey","permissionQueryBuilder","fallbackAction","permissionCondition","cmpLit","primaryKeyWheres","_iteratorNormalCompletion","_didIteratorError","_iteratorError","_iterator","Symbol","iterator","_step","next","done","key","value","push","cmp","err","return","and","can","obj","ctx","process","env","VITE_ENVIRONMENT","ensurePermission","tx","didCanPermissionsRun","actionIn","role","String","name","queryBase","query","one","errorTitle","id","msg","NODE_ENV","usePermission","table","enabled","arguments","length","debug","keyBase","JSON","stringify","_permissionCache_get","cacheVal","useAuthData","permission","modelPermissions","baseQuery","zero","data","status","useQuery","console","info","result","allowed","document","navigator","product","error"],"sources":["../../src/createPermissions.ts"],"sourcesContent":[null],"mappings":"AAQA,SAASA,kBAAA,EAAoBC,MAAA,EAAQC,WAAA,QAAmB;AAGxD,SAASC,qBAAA,QAA6B;AAE/B,SAASC,kBACdC,MAAA,EACAC,UAAA,EACA;EACAC,yBAAA,CAA0B;EAO1B,IAAAC,eAAM,GAAAR,kBAAkB,oBAAoC;IAC1DS,YAAA,EAAc;EAChB,CAAC;EAoBD,SAASC,MACPC,CAAA,EACAC,CAAA,EACS;IACT,OAAIA,CAAA,IACFC,iBAAA,CAAkBC,GAAA,CAAIF,CAAA,EAAGD,CAAU,GAE7BC,CAAA,IAAKD,CAAA;EACf;EAIA,IAAAE,iBAAM,kBAAoB,IAAAE,OAAI;EAE9B,SAASC,kBAAkBC,MAAA,EAAc;IACvC,OAAOJ,iBAAA,CAAkBK,GAAA,CAAID,MAAK;EACpC;EAqBA,IAAAE,eAAM;IACJC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;IACRC,MAAA,EAAQ;EACV;EAEA,SAASC,qBAIPC,QAAA,EACAC,EAAA,EACAC,eAAA,EACAC,MAAA,EAEAC,OAAA,EACA;IACA,IAAAC,SAAM,GAAAf,iBAAY,CAAAY,eAAkB;IAEpC,IAAI,CAACG,SAAA,EACH,MAAM,IAAIC,KAAA,CAAM,mDAAmD;IAIrE,IAAAC,WAAM,GAAA5B,MADc,CAAA6B,MAAO,CAAAH,SAAO;MAASI,WACX,GAC1BF,WAAA,CAAAG,UAAA;MAAyBC,sBAAoB,GAAAT,eAC7C,CAAAD,EAAA,EAAAD,QAAiB;MAAAY,cAAsB,GAEvCnB,eAAA,CAAAU,MACJ;MAAAU,mBAAA,GAAuBF,sBACtB,CAAAR,MAAiB,MAAAS,cAAA,GAAuBD,sBAAkB,CAAAC,cAAA;IAE7D,IAAIC,mBAAA,IAAuB,MACzB,MAAM,IAAIP,KAAA,CAAM,6BAA6BH,MAAM,QAAQS,cAAc,GAAG;IAG9E,IAAIC,mBAAA,KAAwB,IAC1B,OAAOZ,EAAA,CAAGa,MAAA,CAAO,IAAM,KAAK,EAAI;IAGlC,IAAID,mBAAA,KAAwB,IAC1B,OAAOZ,EAAA,CAAGa,MAAA,CAAO,IAAM,KAAK,EAAK;IAGnC,IAAAC,gBAAM,KAAgC;MAACC,yBAAA;MAAAC,iBAAA;MAAAC,cAAA;IAEvC;MACE,SAAMC,SAAQ,GAAOV,WAAY,CAAAW,MAAA,CAAAC,QAAW,KAAUC,KAAA,IAAQN,yBAAG,IAAAM,KAAA,GAAAH,SAAA,CAAAI,IAAA,IAAAC,IAAA,GAAAR,yBAAA;QACjE,IAAAS,GAAA,GAAAH,KAAiB,CAAAI,KAAK;UAAGA,KAAI,UAAkBtB,OAAA,eAAAA,OAAA,GAAAA,OAAA,CAAAqB,GAAA;QACjDV,gBAAA,CAAAY,IAAA,CAAA1B,EAAA,CAAA2B,GAAA,CAAAH,GAAA,EAAAC,KAAA;MAEA;IACF,SAAAG,GAAA;MAEAZ,iBAGE,OAAeC,cAA0B,GAAAW,GAAA;IACzC,UAAM;MAEN,IAAK;QACH,CAAAb,yBAAgB,IAAAG,SAAA,CAAAW,MAAA,YAAAX,SAAA,CAAsDW,MAAA;MAIpE,UAAY;QAEZ,IAAIb,iBAAA,EACA,MAAAC,cAAA;MACJ;IAAA;IACA,OACAjB,EAAA,CAAA8B,GAAA,CAAAlB,mBAAA,KAAAE,gBAAA;EAAA;EACA,eAEEiB,IAAAzC,MAAA,EAAAY,MAAuB,EAAA8B,GAAA;IAE/B,IAAAC,GAAA,GAAAtD,UAAA;MAAAyB,SAAA,GAAAf,iBAAA,CAAAC,MAAA;IAIA,KAAAc,SAAe,EAWb,MAAI,IAAAC,KAAU,uDAAS;IAErB6B,OAAA,CAAAC,GAAA,CAAAC,gBAAA,qBAAAC,gBAAA,CAAAJ,GAAA,CAAAK,EAAA,EAAAL,GAAA,CAAAlC,QAAA,EAAAK,SAAA,EAAAd,MAAA,EAAAY,MAAA,EAAA8B,GAAA,GAAAC,GAAA,CAAAM,oBAAA;EAGF;EAGA,eAAyCF,iBAAAC,EAAA,EAAAvC,QAAA,EAAAK,SAAA,EAAAd,MAAA,EAAAkD,QAAA,EAAAR,GAAA;IAEzC,IAAIjC,QAAA,EAAA0C,IAAA;MACF,IAAAvC,MAAQ,GAAAwC,MACL,CAAAF,QAAO;QAAAG,IACC,MAAAvC,SAAA,IAAqBF,MAAA;QAAU0C,SAAI,GAAON,EAAA,CAAAO,KAAQ,CAAAzC,SAEtD;QAEPyC,KAAA,GAAO,IAAM;MACf;QACEA,KAAM,GAAAD,SAAa,CAAA7D,KAAG,CAAI,UAAAiB,EAAA;UAEtB,OAAAF,oBAAe,CAAaC,QAAA,EAAAC,EAAA,EAAAV,MAAA,EAAAY,MAAA,EAAA8B,GAAA;QAC9B,GAAAc,GAAI,IAAMxE,MAAA,OAAAuE,KAAA;MACV,SAAIjB,GAAA;QACW,IAAAmB,UAAA,GAAsB,GAAAJ,IAAM,kBAExB5C,QAAA,EAAAiD,EAAA;QACrB,IAAApB,GAAA,YAAArD,WAAA;UAEA,IAAM0E,GAAI,0CAAkCF,UAAU;UAAU,MAAAb,OAAA,CAAAC,GAAA,CAAAe,QAAA,sBAAAL,KAAA,KAAAI,GAAA;AAAA,GAAAzE,qBAClE,CAAAqE,KAAA,UAAAxC,KAAA,CAAA4C,GAAA;QACF;QAEA,MAAS,IAAA5C,KAAA,6BAOP0C,UAAU;AAIV,EAAAnB,GAAA;MAOE;IAEA;EACS;EAQ4B,SACrCuB,aAAiBA,CAAAC,KAAW,EAAAlD,MAAA,EAAAC,OAAY;IAC1C,IAACkD,OAAA,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,iBAAAA,SAAA,aAAAnD,OAAA;MAAAqD,KAAA,GAAAF,SAAA,CAAAC,MAAA,QAAAD,SAAA,iBAAAA,SAAA;MAAAG,OAAA,MAAAL,KAAA,GAAAlD,MAAA;MAAAsB,GAAA,MAAAiC,OAAA,UAAAtD,OAAA,eAAAA,OAAA,GAAAuD,IAAA,CAAAC,SAAA,CAAAxD,OAAA;MAAAyD,oBAAA;MAAAC,QAAA,IAAAD,oBAAA,GAAA/E,eAAA,CAAAU,GAAA,CAAAiC,GAAA,eAAAoC,oBAAA,cAAAA,oBAAA,GAAA/E,eAAA,CAAAU,GAAA,CAAAkE,OAAA;MAAA1D,QAAA,GAAA+D,WAAA;MAAAC,UAAA,GAAAC,gBAAA,CAAAZ,KAAA;MAAAP,KAAA;QAEG,IAAAoB,SACF,GAAQC,IAAA,CAAArB,KAAA,CAAAO,KAAA,EAAAN,GAAA;QACN,OAAAO,OAAA,GAAAY,SAAA,CAAAlF,KAAA,WAAAiB,EAAA;UACE,OAAMF,oBAAgB,CAAAC,QAAU,EAAAC,EAAA,EAAA+D,UAAW,EAAA7D,MAAA,EAAAC,OAAA;QAC7C,KAAA8D,SAAA;MACF;MAAA,CAAAE,IAAA,EAAAC,MAAA,IAAAC,QAAA,CAAAxB,KAAA;QAKFQ,OAAM,KAAAA,OAFS,IAAAtD,QAAA,IAAAI,OAAA;MAIf;IAKFqD,KAAA,IAAAc,OAAA,CAAAC,IAAA;MAEAJ,IAAO;MACLC,MAAA;MACAlE,MAAA;MACAH,QAAA;MACFgE;IACF,GAAAvF,qBAAA,CAAAqE,KAAA;IAIA,IAAA2B,MAAS,GAAAL,IAAA;MAAAM,OAAA,KAAAD,MAA4B;IAC/B,OAAOrE,OAAA,GAAasE,OAEb;EAKO;EAAA;IAAA1F,KAAA;IAAAgD,GAAA;IAAAoB;EAAA;AAAA;AAAA,SAQXvE,0BAAA;EAGT,OAAA8F,QAAA,iBAAAC,SAAA,UAAAA,SAAA,CAAAC,OAAA,sBAAA1C,OAAA,CAAAC,GAAA,CAAAC,gBAAA,cAAAkC,OAAA,CAAAO,KAAA","ignoreList":[]}

package/dist/esm/createServer.js

@@ -0,0 +1,54 @@
+import { PostgresJSConnection } from "@rocicorp/zero/pg";
+import { ZQLDatabase } from "@rocicorp/zero/server";
+import postgres from "postgres";
+import { context, isInZeroMutation } from "src/context";
+import { createMutators } from "~/data/helpers/createMutators";
+import { schema } from "~/data/schema";
+import { createServerActions } from "~/data/server/createServerActions";
+import { assertString } from "@vxrn/helpers";
+function createServer({ actions }) {
+  const dbString = assertString(process.env.ZERO_UPSTREAM_DB), zeroServerDatabase = new ZQLDatabase(
+    new PostgresJSConnection(postgres(dbString)),
+    schema
+  ), serverMutate = async (run, authData) => {
+    const asyncTasks = [], mutators = createMutators({
+      environment: "server",
+      asyncTasks,
+      authData: {
+        id: "",
+        email: "admin@start.chat",
+        role: "admin",
+        ...authData
+      },
+      createServerActions
+    });
+    await serverTransaction(async (tx) => {
+      await run(tx, mutators);
+    }), await Promise.all(asyncTasks.map((t) => t()));
+  }, serverQuery = serverTransaction, dummyTransactionInput = {
+    clientGroupID: "unused",
+    clientID: "unused",
+    mutationID: 42,
+    upstreamSchema: "unused"
+  };
+  async function serverTransaction(query) {
+    try {
+      if (isInZeroMutation()) {
+        const { tx } = context();
+        return await query(tx);
+      }
+      return await zeroServerDatabase.transaction(query, dummyTransactionInput);
+    } catch (err) {
+      throw console.error(`Error running serverTransaction(): ${err}`), err;
+    }
+  }
+  return {
+    serverTransaction,
+    serverMutate,
+    serverQuery
+  };
+}
+export {
+  createServer
+};
+//# sourceMappingURL=createServer.js.map

package/dist/esm/createServer.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../src/createServer.ts"],
+  "mappings": "AACA,SAAS,4BAA4B;AACrC,SAAS,mBAAmB;AAC5B,OAAO,cAAc;AACrB,SAAS,SAAS,wBAAwB;AAE1C,SAAwB,sBAAsB;AAC9C,SAAS,cAAc;AACvB,SAAS,2BAA2B;AAEpC,SAAS,oBAAoB;AAEtB,SAAS,aAAa,EAAE,QAAQ,GAAqB;AAC1D,QAAM,WAAW,aAAa,QAAQ,IAAI,gBAAgB,GAEpD,qBAAqB,IAAI;AAAA,IAC7B,IAAI,qBAAqB,SAAS,QAAQ,CAAC;AAAA,IAC3C;AAAA,EACF,GAEM,eAAe,OACnB,KACA,aACG;AACH,UAAM,aAAyC,CAAC,GAE1C,WAAW,eAAe;AAAA,MAC9B,aAAa;AAAA,MACb;AAAA,MACA,UAAU;AAAA,QACR,IAAI;AAAA,QACJ,OAAO;AAAA,QACP,MAAM;AAAA,QACN,GAAG;AAAA,MACL;AAAA,MACA;AAAA,IACF,CAAC;AAED,UAAM,kBAAkB,OAAO,OAAO;AACpC,YAAM,IAAI,IAAI,QAAQ;AAAA,IACxB,CAAC,GAED,MAAM,QAAQ,IAAI,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAAA,EAC9C,GAIM,cAAc,mBAGd,wBAAkD;AAAA,IACtD,eAAe;AAAA,IACf,UAAU;AAAA,IACV,YAAY;AAAA,IACZ,gBAAgB;AAAA,EAClB;AAEA,iBAAe,kBAGb,OAA6B;AAC7B,QAAI;AACF,UAAI,iBAAiB,GAAG;AACtB,cAAM,EAAE,GAAG,IAAI,QAAQ;AACvB,eAAO,MAAM,MAAM,EAAE;AAAA,MACvB;AACA,aAAQ,MAAM,mBAAmB,YAAY,OAAO,qBAAqB;AAAA,IAC3E,SAAS,KAAK;AACZ,oBAAQ,MAAM,sCAAsC,GAAG,EAAE,GACnD;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;",
+  "names": []
+}