Skip to main content

Access

import * as mod from "jsr:@nzip/lofi/access";

Narrow private, direct-share, and fixed-role group access templates over raw Jazz schemas.

Use privateAccess, sharedAccess, or groupAccess to declare common authorization models. Runtime operations require managed sync for collaboration and throw AccessError when that precondition is not met. Raw Jazz policy callbacks remain available through defineAccessPolicies.

AccessError

class

class AccessError extends Error {
constructor(code: AccessErrorCode, message: string, options?: ErrorOptions);
readonly name: string;
}

Actionable failure raised by access templates and collaboration operations.

createGroupOperations

function

function createGroupOperations<Group extends Identified, GroupInit, Member extends GroupMembershipRow, MemberInit>(config: { groups: AccessRuntimeTable<Group, GroupInit>; members: AccessRuntimeTable<Member, MemberInit> }): GroupOperations<Group, GroupInit, Member>

Creates fixed-role group membership operations for a declared table pair.

createSharingOperations

function

function createSharingOperations<Resource extends Identified, ResourceInit, Grant extends SharedGrantRow, GrantInit>(config: { resource: AccessRuntimeTable<Resource, ResourceInit>; grants: AccessRuntimeTable<Grant, GrantInit> }): SharingOperations<Resource, Grant>

Creates direct-share operations that wait for local and global durability.

decodeSharingIdentity

function

function decodeSharingIdentity(identity: string): string

Validates an app-scoped sharing identity and returns its raw Jazz principal. Surrounding whitespace from copy/paste is tolerated; whitespace inside the principal is rejected — a grant for a padded principal would look active to the owner while never matching the recipient's actual account.

defineAccessPolicies

function

function defineAccessPolicies<TApp extends object>(app: TApp, templates: readonly AccessTemplate[], raw?: RawAccessPolicyExtension): CompiledPermissions

Compiles the three narrow templates through Jazz's own policy builder. The optional callback is the raw Jazz-policy escape hatch for app-specific rules.

| Parameter | Description |

| --- | --- |

| app | The raw Jazz app returned by s.defineApp. |

| templates | At least one privateAccess, sharedAccess, or groupAccess template; every table needs a policy. |

| raw | Optional raw-policy callback for app-specific rules beyond the templates. |

Returns: Compiled permissions suitable as the app's default policy export.

Example

import { defineAccessPolicies, groupAccess, sharedAccess } from "@nzip/lofi/access";
import { app } from "./schema.ts";

export default defineAccessPolicies(app, [
sharedAccess({ resource: app.notes, grants: app.noteGrants }),
groupAccess({
groups: app.workspaces,
members: app.workspaceMembers,
resources: app.documents,
groupId: "workspaceId",
}),
]);

encodeSharingIdentity

function

function encodeSharingIdentity(userId: string): SharingIdentity

Encodes a raw Jazz principal as a versioned identity scoped to the current app.

groupAccess

function

function groupAccess(config: { groups: AccessTable; members: AccessTable; resources: AccessTable | readonly AccessTable[]; groupId: string }): GroupAccessTemplate

Declares fixed-role membership policy for one or more group-owned resources.

The membership table must be declared with the groupMembershipTable helper (or match its column shape), and each resource table must carry the groupId column referencing the group table.

| Parameter | Description |

| --- | --- |

| config | The group table, membership table, group-owned resource table(s), and the resource column that references the group. |

Returns: A template for defineAccessPolicies.

Example

import { defineAccessPolicies, groupAccess } from "@nzip/lofi/access";
import { app } from "./schema.ts";

export default defineAccessPolicies(app, [groupAccess({
groups: app.workspaces,
members: app.workspaceMembers,
resources: app.documents,
groupId: "workspaceId",
})]);

groupMembershipTable

function

function groupMembershipTable<Group extends string>(group: Group): DefinedTable<{ groupId: RefColumn<Group>; user_id: StringColumn; role: StringColumn; can_create: BooleanColumn; can_edit_any: BooleanColumn; can_manage: BooleanColumn }>

Creates the conventional relationship table used by groupAccess.

groupRoleCapabilities

function

function groupRoleCapabilities(role: GroupRole): { readonly role: GroupRole; readonly can_create: boolean; readonly can_edit_any: boolean; readonly can_manage: boolean }

Returns the persisted capability flags for a fixed group role.

groupRoles

const

const groupRoles: ("reader" | "contributor" | "writer" | "admin")[];

Fixed Wave 2 group roles. Custom role systems remain a raw Jazz escape hatch.

isAccessError

function

function isAccessError(error: unknown): error is AccessError

True when an error came from the lofi access surface.

privateAccess

function

function privateAccess(config: { resource: AccessTable }): PrivateAccessTemplate

Declares owner-only read and mutation policy for one resource table.

| Parameter | Description |

| --- | --- |

| config | The resource table whose rows are visible and mutable only to their creator. |

Returns: A template for defineAccessPolicies.

Example

import { defineAccessPolicies, privateAccess } from "@nzip/lofi/access";
import { app } from "./schema.ts";

export default defineAccessPolicies(app, [privateAccess({ resource: app.notes })]);

sharedAccess

function

function sharedAccess(config: { resource: AccessTable; grants: AccessTable }): SharedAccessTemplate

Declares owner plus explicit read/edit grants for one resource table.

The grant table must be declared with the sharedGrantTable helper (or match its column shape) and reference the resource table.

| Parameter | Description |

| --- | --- |

| config | The shared resource table and its grant table. |

Returns: A template for defineAccessPolicies.

Example

import { defineAccessPolicies, sharedAccess } from "@nzip/lofi/access";
import { app } from "./schema.ts";

export default defineAccessPolicies(app, [
sharedAccess({ resource: app.notes, grants: app.noteGrants }),
]);

sharedGrantTable

function

function sharedGrantTable<Resource extends string>(resource: Resource): DefinedTable<{ resourceId: RefColumn<Resource>; user_id: StringColumn; can_edit: BooleanColumn }>

Creates the conventional relationship table used by sharedAccess.

sharingIdentity

function

async function sharingIdentity(): Promise<SharingIdentity>

Returns the non-secret, app-scoped identity users may copy for shares.

AccessErrorCode

type

type AccessErrorCode =
| "configuration"
| "invalid-identity"
| "sync-required"
| "mutation-rejected"
| "not-found"
| "invalid-role";

Stable categories for access configuration and collaboration failures.

AccessRuntimeTable

type

type AccessRuntimeTable<Row, Init> = TableProxy<Row, Init> & { where(input: unknown): QueryBuilder<Row> };

Jazz table shape required by the access operation helpers.

AccessTable

type

type AccessTable = {
readonly _table: string;
readonly _schema: Record<string, { columns?: unknown[] }>;
};

Minimum declared Jazz table metadata consumed by access templates.

AccessTemplate

type

type AccessTemplate = PrivateAccessTemplate | SharedAccessTemplate | GroupAccessTemplate;

Any built-in access policy template accepted by defineAccessPolicies.

GroupAccessTemplate

type

type GroupAccessTemplate = {
readonly kind: "group";
readonly groups: AccessTable;
readonly members: AccessTable;
readonly resources: readonly AccessTable[];
readonly groupId: string;
};

Fixed-role group, membership, and resource policy template.

GroupMembershipRow

type

type GroupMembershipRow = Identified & { groupId: string; user_id: string; role: GroupRole; can_create: boolean; can_edit_any: boolean; can_manage: boolean };

Conventional fixed-role group membership row.

GroupOperations

type

type GroupOperations<Group, GroupInit, Member> = {
createGroup(values: GroupInit): Promise<{ group: Group; membership: Member }>;
addMember(groupId: string, recipient: SharingIdentity | string, role: GroupRole): Promise<Member>;
changeRole(groupId: string, recipient: SharingIdentity | string, role: GroupRole): Promise<Member>;
removeMember(groupId: string, recipient: SharingIdentity | string): Promise<void>;
leaveGroup(groupId: string): Promise<void>;
listMembers(groupId: string): Promise<Member[]>;
};

Fixed-role group creation and membership operations.

GroupRole

type

type GroupRole = (typeof groupRoles)[number];

Fixed group roles supported by the built-in group policy template.

Identified

type

type Identified = {
id: string;
};

Minimum row shape accepted by collaboration operations.

PrivateAccessTemplate

type

type PrivateAccessTemplate = {
readonly kind: "private";
readonly resource: AccessTable;
};

Owner-only resource policy template.

RawAccessPolicyContext

type

type RawAccessPolicyContext = {
policy: Record<string, TablePolicy>;
session: { user_id: unknown };
allowedTo: { update(fkColumn: string): unknown };
anyOf(conditions: readonly unknown[]): unknown;
allOf(conditions: readonly unknown[]): unknown;
};

Raw Jazz policy-builder context exposed to advanced policy extensions.

RawAccessPolicyExtension

type

type RawAccessPolicyExtension = (context: RawAccessPolicyContext) => void;

Callback for app-specific rules that do not fit the built-in templates.

RuleBuilder

type

type RuleBuilder = {
where(input: unknown): unknown;
always(): unknown;
};

Minimal Jazz rule builder exposed to raw access-policy extensions.

SharedAccessTemplate

type

type SharedAccessTemplate = {
readonly kind: "shared";
readonly resource: AccessTable;
readonly grants: AccessTable;
};

Direct-share resource and grant-table policy template.

SharedGrantRow

type

type SharedGrantRow = Identified & { resourceId: string; user_id: string; can_edit: boolean };

Conventional direct-share grant row.

ShareLevel

type

type ShareLevel = "read" | "edit";

Access level assigned by a direct share.

SharingIdentity

type

type SharingIdentity = string & { readonly __lofiSharingIdentity: true };

App-scoped, non-secret Jazz principal identifier safe to copy between users.

SharingOperations

type

type SharingOperations<Resource, Grant> = {
share(resourceId: string, recipient: SharingIdentity | string, level: ShareLevel): Promise<Grant>;
revoke(resourceId: string, recipient: SharingIdentity | string): Promise<void>;
listShares(resourceId: string): Promise<Grant[]>;
sharedWithMe(): Promise<Resource[]>;
};

Direct-share operations bound to one resource and grant table pair.

TablePolicy

type

type TablePolicy = {
allowRead: RuleBuilder;
allowInsert: RuleBuilder;
allowUpdate: RuleBuilder;
allowDelete: RuleBuilder;
exists: { where(input: unknown): unknown };
};

Read and mutation policy builders for one declared table.