weave-typescript 0.38.0 → 0.40.0

package/dist/weavesql/weavedb/document_security_sql.js

@@ -1,21 +1,30 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.listUserSensitivityClearancesQuery = exports.revokeUserSensitivityClearanceQuery = exports.grantUserSensitivityClearanceQuery = exports.deactivateOrganizationSensitivityTagQuery = exports.listActiveOrganizationSensitivityTagsQuery = exports.listOrganizationSensitivityTagsQuery = exports.upsertOrganizationSensitivityTagQuery = exports.setDocumentSecurityQuery = void 0;
+exports.listDocumentIDsByRestrictedGroupQuery = exports.addDocumentRestrictedGroupsForDocumentsQuery = exports.addDocumentRestrictedGroupQuery = exports.deleteDocumentRestrictedGroupsByGroupQuery = exports.deleteDocumentRestrictedGroupsQuery = exports.listDocumentRestrictedGroupsByDocumentIDsQuery = exports.listDocumentRestrictedGroupsQuery = exports.addRestrictedGroupTeamMembershipQuery = exports.deleteRestrictedGroupTeamMembershipsQuery = exports.listRestrictedGroupTeamMembershipsQuery = exports.addRestrictedGroupUserMembershipQuery = exports.deleteRestrictedGroupUserMembershipsQuery = exports.listRestrictedGroupUserMembershipsQuery = exports.countRestrictedGroupTeamsQuery = exports.countRestrictedGroupUsersQuery = exports.countRestrictedGroupDocumentsQuery = exports.deleteRestrictedGroupQuery = exports.updateRestrictedGroupQuery = exports.upsertRestrictedGroupQuery = exports.getRestrictedGroupBySlugQuery = exports.getRestrictedGroupQuery = exports.listRestrictedGroupsQuery = exports.setDocumentSecurityQuery = void 0;
 exports.setDocumentSecurity = setDocumentSecurity;
-exports.upsertOrganizationSensitivityTag = upsertOrganizationSensitivityTag;
-exports.listOrganizationSensitivityTags = listOrganizationSensitivityTags;
-exports.listActiveOrganizationSensitivityTags = listActiveOrganizationSensitivityTags;
-exports.deactivateOrganizationSensitivityTag = deactivateOrganizationSensitivityTag;
-exports.grantUserSensitivityClearance = grantUserSensitivityClearance;
-exports.listUserSensitivityClearances = listUserSensitivityClearances;
+exports.listRestrictedGroups = listRestrictedGroups;
+exports.getRestrictedGroup = getRestrictedGroup;
+exports.getRestrictedGroupBySlug = getRestrictedGroupBySlug;
+exports.upsertRestrictedGroup = upsertRestrictedGroup;
+exports.updateRestrictedGroup = updateRestrictedGroup;
+exports.countRestrictedGroupDocuments = countRestrictedGroupDocuments;
+exports.countRestrictedGroupUsers = countRestrictedGroupUsers;
+exports.countRestrictedGroupTeams = countRestrictedGroupTeams;
+exports.listRestrictedGroupUserMemberships = listRestrictedGroupUserMemberships;
+exports.addRestrictedGroupUserMembership = addRestrictedGroupUserMembership;
+exports.listRestrictedGroupTeamMemberships = listRestrictedGroupTeamMemberships;
+exports.addRestrictedGroupTeamMembership = addRestrictedGroupTeamMembership;
+exports.listDocumentRestrictedGroups = listDocumentRestrictedGroups;
+exports.listDocumentRestrictedGroupsByDocumentIDs = listDocumentRestrictedGroupsByDocumentIDs;
+exports.addDocumentRestrictedGroup = addDocumentRestrictedGroup;
+exports.listDocumentIDsByRestrictedGroup = listDocumentIDsByRestrictedGroup;
 exports.setDocumentSecurityQuery = `-- name: SetDocumentSecurity :one
 UPDATE weave.documents
 SET
     scope = $1,
-    sensitivity_tags = $2,
     updated_at = now()
-WHERE organization_id = $3
-  AND id = $4
+WHERE organization_id = $2
+  AND id = $3
 RETURNING
     id,
     organization_id,
@@ -26,7 +35,6 @@ RETURNING
     storage_ref,
     status,
     scope,
-    sensitivity_tags,
     uploaded_by_user_id,
     uploaded_at,
     updated_at,
@@ -36,7 +44,7 @@ RETURNING
 async function setDocumentSecurity(client, args) {
     const result = await client.query({
         text: exports.setDocumentSecurityQuery,
-        values: [args.scope, args.sensitivityTags, args.organizationId, args.documentId],
+        values: [args.scope, args.organizationId, args.documentId],
         rowMode: "array"
     });
     if (result.rows.length !== 1) {
@@ -53,22 +61,121 @@ async function setDocumentSecurity(client, args) {
         storageRef: row[6],
         status: row[7],
         scope: row[8],
-        sensitivityTags: row[9],
-        uploadedByUserId: row[10],
-        uploadedAt: row[11],
-        updatedAt: row[12],
-        pageCount: row[13],
-        charCount: row[14],
-        metadata: row[15]
+        uploadedByUserId: row[9],
+        uploadedAt: row[10],
+        updatedAt: row[11],
+        pageCount: row[12],
+        charCount: row[13],
+        metadata: row[14]
     };
 }
-exports.upsertOrganizationSensitivityTagQuery = `-- name: UpsertOrganizationSensitivityTag :one
-INSERT INTO weave.org_sensitivity_tags (
+exports.listRestrictedGroupsQuery = `-- name: ListRestrictedGroups :many
+SELECT
+    id,
     organization_id,
     slug,
-    label,
+    name,
+    description,
+    active,
+    created_at,
+    updated_at
+FROM weave.restricted_groups
+WHERE organization_id = $1
+ORDER BY name ASC, slug ASC`;
+async function listRestrictedGroups(client, args) {
+    const result = await client.query({
+        text: exports.listRestrictedGroupsQuery,
+        values: [args.organizationId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            organizationId: row[1],
+            slug: row[2],
+            name: row[3],
+            description: row[4],
+            active: row[5],
+            createdAt: row[6],
+            updatedAt: row[7]
+        };
+    });
+}
+exports.getRestrictedGroupQuery = `-- name: GetRestrictedGroup :one
+SELECT
+    id,
+    organization_id,
+    slug,
+    name,
+    description,
+    active,
+    created_at,
+    updated_at
+FROM weave.restricted_groups
+WHERE organization_id = $1
+  AND id = $2`;
+async function getRestrictedGroup(client, args) {
+    const result = await client.query({
+        text: exports.getRestrictedGroupQuery,
+        values: [args.organizationId, args.restrictedGroupId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        organizationId: row[1],
+        slug: row[2],
+        name: row[3],
+        description: row[4],
+        active: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.getRestrictedGroupBySlugQuery = `-- name: GetRestrictedGroupBySlug :one
+SELECT
+    id,
+    organization_id,
+    slug,
+    name,
+    description,
+    active,
+    created_at,
+    updated_at
+FROM weave.restricted_groups
+WHERE organization_id = $1
+  AND slug = $2`;
+async function getRestrictedGroupBySlug(client, args) {
+    const result = await client.query({
+        text: exports.getRestrictedGroupBySlugQuery,
+        values: [args.organizationId, args.slug],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        organizationId: row[1],
+        slug: row[2],
+        name: row[3],
+        description: row[4],
+        active: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.upsertRestrictedGroupQuery = `-- name: UpsertRestrictedGroup :one
+INSERT INTO weave.restricted_groups (
+    id,
+    organization_id,
+    slug,
+    name,
     description,
-    extraction_hint,
     active
 ) VALUES (
     $1,
@@ -80,24 +187,23 @@ INSERT INTO weave.org_sensitivity_tags (
 )
 ON CONFLICT (organization_id, slug) DO UPDATE
 SET
-    label = EXCLUDED.label,
+    name = EXCLUDED.name,
     description = EXCLUDED.description,
-    extraction_hint = EXCLUDED.extraction_hint,
     active = EXCLUDED.active,
     updated_at = now()
 RETURNING
+    id,
     organization_id,
     slug,
-    label,
+    name,
     description,
-    extraction_hint,
     active,
     created_at,
     updated_at`;
-async function upsertOrganizationSensitivityTag(client, args) {
+async function upsertRestrictedGroup(client, args) {
     const result = await client.query({
-        text: exports.upsertOrganizationSensitivityTagQuery,
-        values: [args.organizationId, args.slug, args.label, args.description, args.extractionHint, args.active],
+        text: exports.upsertRestrictedGroupQuery,
+        values: [args.id, args.organizationId, args.slug, args.name, args.description, args.active],
         rowMode: "array"
     });
     if (result.rows.length !== 1) {
@@ -105,101 +211,220 @@ async function upsertOrganizationSensitivityTag(client, args) {
     }
     const row = result.rows[0];
     return {
-        organizationId: row[0],
-        slug: row[1],
-        label: row[2],
-        description: row[3],
-        extractionHint: row[4],
+        id: row[0],
+        organizationId: row[1],
+        slug: row[2],
+        name: row[3],
+        description: row[4],
         active: row[5],
         createdAt: row[6],
         updatedAt: row[7]
     };
 }
-exports.listOrganizationSensitivityTagsQuery = `-- name: ListOrganizationSensitivityTags :many
-SELECT
+exports.updateRestrictedGroupQuery = `-- name: UpdateRestrictedGroup :one
+UPDATE weave.restricted_groups
+SET
+    slug = $1,
+    name = $2,
+    description = $3,
+    active = $4,
+    updated_at = now()
+WHERE organization_id = $5
+  AND id = $6
+RETURNING
+    id,
     organization_id,
     slug,
-    label,
+    name,
     description,
-    extraction_hint,
     active,
     created_at,
-    updated_at
-FROM weave.org_sensitivity_tags
+    updated_at`;
+async function updateRestrictedGroup(client, args) {
+    const result = await client.query({
+        text: exports.updateRestrictedGroupQuery,
+        values: [args.slug, args.name, args.description, args.active, args.organizationId, args.restrictedGroupId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        id: row[0],
+        organizationId: row[1],
+        slug: row[2],
+        name: row[3],
+        description: row[4],
+        active: row[5],
+        createdAt: row[6],
+        updatedAt: row[7]
+    };
+}
+exports.deleteRestrictedGroupQuery = `-- name: DeleteRestrictedGroup :execrows
+DELETE FROM weave.restricted_groups
+WHERE organization_id = $1
+  AND id = $2`;
+exports.countRestrictedGroupDocumentsQuery = `-- name: CountRestrictedGroupDocuments :one
+SELECT COUNT(DISTINCT document_id)::int AS document_count
+FROM weave.document_restricted_groups
 WHERE organization_id = $1
-ORDER BY slug ASC`;
-async function listOrganizationSensitivityTags(client, args) {
+  AND restricted_group_id = $2`;
+async function countRestrictedGroupDocuments(client, args) {
     const result = await client.query({
-        text: exports.listOrganizationSensitivityTagsQuery,
-        values: [args.organizationId],
+        text: exports.countRestrictedGroupDocumentsQuery,
+        values: [args.organizationId, args.restrictedGroupId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        documentCount: row[0]
+    };
+}
+exports.countRestrictedGroupUsersQuery = `-- name: CountRestrictedGroupUsers :one
+SELECT COUNT(*)::int AS user_count
+FROM weave.restricted_group_user_memberships
+WHERE organization_id = $1
+  AND restricted_group_id = $2`;
+async function countRestrictedGroupUsers(client, args) {
+    const result = await client.query({
+        text: exports.countRestrictedGroupUsersQuery,
+        values: [args.organizationId, args.restrictedGroupId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        userCount: row[0]
+    };
+}
+exports.countRestrictedGroupTeamsQuery = `-- name: CountRestrictedGroupTeams :one
+SELECT COUNT(*)::int AS team_count
+FROM weave.restricted_group_team_memberships
+WHERE organization_id = $1
+  AND restricted_group_id = $2`;
+async function countRestrictedGroupTeams(client, args) {
+    const result = await client.query({
+        text: exports.countRestrictedGroupTeamsQuery,
+        values: [args.organizationId, args.restrictedGroupId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        teamCount: row[0]
+    };
+}
+exports.listRestrictedGroupUserMembershipsQuery = `-- name: ListRestrictedGroupUserMemberships :many
+SELECT
+    organization_id,
+    restricted_group_id,
+    user_id,
+    created_at
+FROM weave.restricted_group_user_memberships
+WHERE organization_id = $1
+  AND restricted_group_id = $2
+ORDER BY created_at ASC, user_id ASC`;
+async function listRestrictedGroupUserMemberships(client, args) {
+    const result = await client.query({
+        text: exports.listRestrictedGroupUserMembershipsQuery,
+        values: [args.organizationId, args.restrictedGroupId],
         rowMode: "array"
     });
     return result.rows.map(row => {
         return {
             organizationId: row[0],
-            slug: row[1],
-            label: row[2],
-            description: row[3],
-            extractionHint: row[4],
-            active: row[5],
-            createdAt: row[6],
-            updatedAt: row[7]
+            restrictedGroupId: row[1],
+            userId: row[2],
+            createdAt: row[3]
         };
     });
 }
-exports.listActiveOrganizationSensitivityTagsQuery = `-- name: ListActiveOrganizationSensitivityTags :many
+exports.deleteRestrictedGroupUserMembershipsQuery = `-- name: DeleteRestrictedGroupUserMemberships :execrows
+DELETE FROM weave.restricted_group_user_memberships
+WHERE organization_id = $1
+  AND restricted_group_id = $2`;
+exports.addRestrictedGroupUserMembershipQuery = `-- name: AddRestrictedGroupUserMembership :one
+INSERT INTO weave.restricted_group_user_memberships (
+    organization_id,
+    restricted_group_id,
+    user_id
+) VALUES (
+    $1,
+    $2,
+    $3
+)
+ON CONFLICT DO NOTHING
+RETURNING organization_id, restricted_group_id, user_id, created_at`;
+async function addRestrictedGroupUserMembership(client, args) {
+    const result = await client.query({
+        text: exports.addRestrictedGroupUserMembershipQuery,
+        values: [args.organizationId, args.restrictedGroupId, args.userId],
+        rowMode: "array"
+    });
+    if (result.rows.length !== 1) {
+        return null;
+    }
+    const row = result.rows[0];
+    return {
+        organizationId: row[0],
+        restrictedGroupId: row[1],
+        userId: row[2],
+        createdAt: row[3]
+    };
+}
+exports.listRestrictedGroupTeamMembershipsQuery = `-- name: ListRestrictedGroupTeamMemberships :many
 SELECT
     organization_id,
-    slug,
-    label,
-    description,
-    extraction_hint,
-    active,
-    created_at,
-    updated_at
-FROM weave.org_sensitivity_tags
+    restricted_group_id,
+    org_team_id,
+    created_at
+FROM weave.restricted_group_team_memberships
 WHERE organization_id = $1
-  AND active = TRUE
-ORDER BY slug ASC`;
-async function listActiveOrganizationSensitivityTags(client, args) {
+  AND restricted_group_id = $2
+ORDER BY created_at ASC, org_team_id ASC`;
+async function listRestrictedGroupTeamMemberships(client, args) {
     const result = await client.query({
-        text: exports.listActiveOrganizationSensitivityTagsQuery,
-        values: [args.organizationId],
+        text: exports.listRestrictedGroupTeamMembershipsQuery,
+        values: [args.organizationId, args.restrictedGroupId],
         rowMode: "array"
     });
     return result.rows.map(row => {
         return {
             organizationId: row[0],
-            slug: row[1],
-            label: row[2],
-            description: row[3],
-            extractionHint: row[4],
-            active: row[5],
-            createdAt: row[6],
-            updatedAt: row[7]
+            restrictedGroupId: row[1],
+            orgTeamId: row[2],
+            createdAt: row[3]
         };
     });
 }
-exports.deactivateOrganizationSensitivityTagQuery = `-- name: DeactivateOrganizationSensitivityTag :one
-UPDATE weave.org_sensitivity_tags
-SET
-    active = FALSE,
-    updated_at = now()
+exports.deleteRestrictedGroupTeamMembershipsQuery = `-- name: DeleteRestrictedGroupTeamMemberships :execrows
+DELETE FROM weave.restricted_group_team_memberships
 WHERE organization_id = $1
-  AND slug = $2
-RETURNING
+  AND restricted_group_id = $2`;
+exports.addRestrictedGroupTeamMembershipQuery = `-- name: AddRestrictedGroupTeamMembership :one
+INSERT INTO weave.restricted_group_team_memberships (
     organization_id,
-    slug,
-    label,
-    description,
-    extraction_hint,
-    active,
-    created_at,
-    updated_at`;
-async function deactivateOrganizationSensitivityTag(client, args) {
+    restricted_group_id,
+    org_team_id
+) VALUES (
+    $1,
+    $2,
+    $3
+)
+ON CONFLICT DO NOTHING
+RETURNING organization_id, restricted_group_id, org_team_id, created_at`;
+async function addRestrictedGroupTeamMembership(client, args) {
     const result = await client.query({
-        text: exports.deactivateOrganizationSensitivityTagQuery,
-        values: [args.organizationId, args.slug],
+        text: exports.addRestrictedGroupTeamMembershipQuery,
+        values: [args.organizationId, args.restrictedGroupId, args.orgTeamId],
         rowMode: "array"
     });
     if (result.rows.length !== 1) {
@@ -208,37 +433,109 @@ async function deactivateOrganizationSensitivityTag(client, args) {
     const row = result.rows[0];
     return {
         organizationId: row[0],
-        slug: row[1],
-        label: row[2],
-        description: row[3],
-        extractionHint: row[4],
-        active: row[5],
-        createdAt: row[6],
-        updatedAt: row[7]
+        restrictedGroupId: row[1],
+        orgTeamId: row[2],
+        createdAt: row[3]
     };
 }
-exports.grantUserSensitivityClearanceQuery = `-- name: GrantUserSensitivityClearance :one
-INSERT INTO weave.user_sensitivity_clearances (
+exports.listDocumentRestrictedGroupsQuery = `-- name: ListDocumentRestrictedGroups :many
+SELECT
+    rg.id,
+    rg.organization_id,
+    rg.slug,
+    rg.name,
+    rg.description,
+    rg.active,
+    rg.created_at,
+    rg.updated_at
+FROM weave.document_restricted_groups drg
+JOIN weave.restricted_groups rg
+  ON rg.organization_id = drg.organization_id
+ AND rg.id = drg.restricted_group_id
+WHERE drg.organization_id = $1
+  AND drg.document_id = $2
+ORDER BY rg.name ASC, rg.slug ASC`;
+async function listDocumentRestrictedGroups(client, args) {
+    const result = await client.query({
+        text: exports.listDocumentRestrictedGroupsQuery,
+        values: [args.organizationId, args.documentId],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            id: row[0],
+            organizationId: row[1],
+            slug: row[2],
+            name: row[3],
+            description: row[4],
+            active: row[5],
+            createdAt: row[6],
+            updatedAt: row[7]
+        };
+    });
+}
+exports.listDocumentRestrictedGroupsByDocumentIDsQuery = `-- name: ListDocumentRestrictedGroupsByDocumentIDs :many
+SELECT
+    drg.document_id,
+    rg.id,
+    rg.organization_id,
+    rg.slug,
+    rg.name,
+    rg.description,
+    rg.active,
+    rg.created_at,
+    rg.updated_at
+FROM weave.document_restricted_groups drg
+JOIN weave.restricted_groups rg
+  ON rg.organization_id = drg.organization_id
+ AND rg.id = drg.restricted_group_id
+WHERE drg.organization_id = $1
+  AND drg.document_id = ANY($2::uuid[])
+ORDER BY drg.document_id ASC, rg.name ASC, rg.slug ASC`;
+async function listDocumentRestrictedGroupsByDocumentIDs(client, args) {
+    const result = await client.query({
+        text: exports.listDocumentRestrictedGroupsByDocumentIDsQuery,
+        values: [args.organizationId, args.documentIds],
+        rowMode: "array"
+    });
+    return result.rows.map(row => {
+        return {
+            documentId: row[0],
+            id: row[1],
+            organizationId: row[2],
+            slug: row[3],
+            name: row[4],
+            description: row[5],
+            active: row[6],
+            createdAt: row[7],
+            updatedAt: row[8]
+        };
+    });
+}
+exports.deleteDocumentRestrictedGroupsQuery = `-- name: DeleteDocumentRestrictedGroups :execrows
+DELETE FROM weave.document_restricted_groups
+WHERE organization_id = $1
+  AND document_id = $2`;
+exports.deleteDocumentRestrictedGroupsByGroupQuery = `-- name: DeleteDocumentRestrictedGroupsByGroup :execrows
+DELETE FROM weave.document_restricted_groups
+WHERE organization_id = $1
+  AND restricted_group_id = $2`;
+exports.addDocumentRestrictedGroupQuery = `-- name: AddDocumentRestrictedGroup :one
+INSERT INTO weave.document_restricted_groups (
     organization_id,
-    user_id,
-    sensitivity_tag_slug
+    document_id,
+    restricted_group_id
 ) VALUES (
     $1,
     $2,
     $3
 )
-ON CONFLICT (organization_id, user_id, sensitivity_tag_slug) DO UPDATE
-SET
-    sensitivity_tag_slug = EXCLUDED.sensitivity_tag_slug
-RETURNING
-    organization_id,
-    user_id,
-    sensitivity_tag_slug,
-    created_at`;
-async function grantUserSensitivityClearance(client, args) {
+ON CONFLICT DO NOTHING
+RETURNING organization_id, document_id, restricted_group_id, created_at`;
+async function addDocumentRestrictedGroup(client, args) {
     const result = await client.query({
-        text: exports.grantUserSensitivityClearanceQuery,
-        values: [args.organizationId, args.userId, args.sensitivityTagSlug],
+        text: exports.addDocumentRestrictedGroupQuery,
+        values: [args.organizationId, args.documentId, args.restrictedGroupId],
         rowMode: "array"
     });
     if (result.rows.length !== 1) {
@@ -247,38 +544,39 @@ async function grantUserSensitivityClearance(client, args) {
     const row = result.rows[0];
     return {
         organizationId: row[0],
-        userId: row[1],
-        sensitivityTagSlug: row[2],
+        documentId: row[1],
+        restrictedGroupId: row[2],
         createdAt: row[3]
     };
 }
-exports.revokeUserSensitivityClearanceQuery = `-- name: RevokeUserSensitivityClearance :execrows
-DELETE FROM weave.user_sensitivity_clearances
-WHERE organization_id = $1
-  AND user_id = $2
-  AND sensitivity_tag_slug = $3`;
-exports.listUserSensitivityClearancesQuery = `-- name: ListUserSensitivityClearances :many
-SELECT
+exports.addDocumentRestrictedGroupsForDocumentsQuery = `-- name: AddDocumentRestrictedGroupsForDocuments :execrows
+INSERT INTO weave.document_restricted_groups (
     organization_id,
-    user_id,
-    sensitivity_tag_slug,
-    created_at
-FROM weave.user_sensitivity_clearances
+    document_id,
+    restricted_group_id
+)
+SELECT
+    $1,
+    document_id,
+    restricted_group_id
+FROM unnest($2::uuid[]) AS document_id
+CROSS JOIN unnest($3::uuid[]) AS restricted_group_id
+ON CONFLICT DO NOTHING`;
+exports.listDocumentIDsByRestrictedGroupQuery = `-- name: ListDocumentIDsByRestrictedGroup :many
+SELECT DISTINCT document_id
+FROM weave.document_restricted_groups
 WHERE organization_id = $1
-  AND user_id = $2
-ORDER BY sensitivity_tag_slug ASC`;
-async function listUserSensitivityClearances(client, args) {
+  AND restricted_group_id = $2
+ORDER BY document_id ASC`;
+async function listDocumentIDsByRestrictedGroup(client, args) {
     const result = await client.query({
-        text: exports.listUserSensitivityClearancesQuery,
-        values: [args.organizationId, args.userId],
+        text: exports.listDocumentIDsByRestrictedGroupQuery,
+        values: [args.organizationId, args.restrictedGroupId],
         rowMode: "array"
     });
     return result.rows.map(row => {
         return {
-            organizationId: row[0],
-            userId: row[1],
-            sensitivityTagSlug: row[2],
-            createdAt: row[3]
+            documentId: row[0]
         };
     });
 }