npm - spine-framework - Versions diffs - 0.3.69 → 0.3.71 - Mend

spine-framework 0.3.69 → 0.3.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.framework/cli/commands/install-app.ts CHANGED Viewed

@@ -248,7 +248,9 @@ async function seedApp(appDir: string, appSlug: string) {
         is_active: true,
         route_prefix: manifest.route_prefix ?? ('/' + appSlug),
         renderer: manifest.renderer ?? 'custom',
-        // min_role: first entry of required_roles array, or explicit min_role field
+        // required_roles: full array from manifest (e.g. ["support", "support_admin"])
+        required_roles: manifest.required_roles ?? (manifest.min_role ? [manifest.min_role] : []),
+        // min_role: kept as legacy fallback — first entry of required_roles
         min_role: manifest.required_roles?.[0] ?? manifest.min_role ?? null,
       },
       { onConflict: 'slug' }

package/.framework/migrations/017_fix_get_account_apps.sql ADDED Viewed

@@ -0,0 +1,75 @@
+-- Migration 017: Fix get_account_apps() to include globally-available apps
+--
+-- Problem: The RPC function excluded apps where owner_account_id IS NULL,
+-- meaning installed apps (source='npm', owner_account_id=NULL) were invisible
+-- to all users in the apps list.
+--
+-- Fix: Include apps where owner_account_id IS NULL (globally available apps).
+CREATE OR REPLACE FUNCTION public.get_account_apps(
+  account_id uuid,
+  include_system boolean DEFAULT true,
+  include_inactive boolean DEFAULT false
+)
+RETURNS TABLE(
+  id uuid,
+  slug text,
+  name text,
+  description text,
+  icon text,
+  color text,
+  version text,
+  app_type text,
+  source text,
+  owner_account_id uuid,
+  is_active boolean,
+  is_system boolean,
+  min_role text,
+  config jsonb,
+  nav_items jsonb,
+  route_prefix text,
+  renderer text,
+  metadata jsonb,
+  integration_deps jsonb,
+  created_at timestamptz
+)
+LANGUAGE plpgsql
+SECURITY DEFINER
+AS $$
+BEGIN
+  RETURN QUERY
+  SELECT
+    a.id,
+    a.slug,
+    a.name,
+    a.description,
+    a.icon,
+    a.color,
+    a.version,
+    a.app_type,
+    a.source,
+    a.owner_account_id,
+    a.is_active,
+    a.is_system,
+    a.min_role,
+    a.config,
+    a.nav_items,
+    a.route_prefix,
+    a.renderer,
+    a.metadata,
+    a.integration_deps,
+    a.created_at
+  FROM public.apps a
+  WHERE
+    (include_inactive OR a.is_active = true)
+    AND (
+      a.is_system = true                                              -- always include system apps
+      OR a.owner_account_id = get_account_apps.account_id            -- owned by this account
+      OR a.owner_account_id IS NULL                                   -- globally available (npm-installed apps)
+    )
+  ORDER BY
+    a.is_system DESC,
+    a.app_type,
+    a.name;
+END;
+$$;

package/.framework/migrations/018_apps_required_roles.sql ADDED Viewed

@@ -0,0 +1,17 @@
+-- Migration 018: Add required_roles array to apps table
+--
+-- min_role (single string) only supports one role gate.
+-- required_roles (jsonb array) supports gating by any of several roles.
+-- e.g. ["support", "support_admin"] — user needs either role to access the app.
+--
+-- Both columns coexist. required_roles takes precedence at runtime;
+-- min_role is kept as a legacy fallback and for display purposes.
+ALTER TABLE public.apps
+  ADD COLUMN IF NOT EXISTS required_roles jsonb DEFAULT '[]'::jsonb;
+-- Backfill: migrate existing min_role values into the array
+UPDATE public.apps
+SET required_roles = jsonb_build_array(min_role)
+WHERE min_role IS NOT NULL
+  AND (required_roles = '[]'::jsonb OR required_roles IS NULL);

package/.framework/src/components/AppWrapper.tsx CHANGED Viewed

@@ -23,9 +23,14 @@ export function AppWrapper({ app, children }: AppWrapperProps) {
     return <Navigate to="/login" replace />
   }
-  // Role gate
-  if (app.min_role) {
-    const hasRole = user.roles?.includes('system_admin') || user.roles?.includes(app.min_role)
+  // Role gate — check required_roles array (preferred) or min_role (fallback)
+  const requiredRoles: string[] = app.required_roles?.length
+    ? app.required_roles
+    : app.min_role ? [app.min_role] : []
+  if (requiredRoles.length > 0) {
+    const hasRole = user.roles?.includes('system_admin') ||
+      requiredRoles.some(r => user.roles?.includes(r))
     if (!hasRole) {
       return (
         <div className="min-h-screen flex items-center justify-center bg-slate-50">
@@ -39,7 +44,7 @@ export function AppWrapper({ app, children }: AppWrapperProps) {
             <p className="text-slate-600 mb-6">You don't have permission to access {app.name}.</p>
             <div className="bg-slate-100 rounded-lg p-4 text-left">
               <p className="text-sm text-slate-600 mb-2"><strong>Your roles:</strong> {user.roles?.join(', ') || 'None'}</p>
-              <p className="text-sm text-slate-600"><strong>Required:</strong> {app.min_role}</p>
+              <p className="text-sm text-slate-600"><strong>Required (any):</strong> {requiredRoles.join(', ')}</p>
             </div>
           </div>
         </div>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "spine-framework",
-  "version": "0.3.69",
+  "version": "0.3.71",
   "description": "Multi-tenant, modular application platform for modern SaaS systems",
   "type": "module",
   "bin": {
@@ -23,6 +23,8 @@
     ".framework/migrations/005_auth_user_trigger.sql",
     ".framework/migrations/006_fix_current_actor_id.sql",
     ".framework/migrations/016_invites.sql",
+    ".framework/migrations/017_fix_get_account_apps.sql",
+    ".framework/migrations/018_apps_required_roles.sql",
     ".framework/public/",
     ".framework/scripts/",
     ".framework/seeds/",