Skip to content

feat(node-type-registry): strip membership_type from AuthzAppMembership #1061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pyramation merged 1 commit into from
May 6, 2026
+2 −16
Merged

feat(node-type-registry): strip membership_type from AuthzAppMembership #1061

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 1 addition & 11 deletions packages/node-type-registry/src/authz/authz-app-membership.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,10 @@ export const AuthzAppMembership: NodeTypeDefinition = {
category: 'authz',
display_name: 'App Membership Check',
description:
'App-level membership check (membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. Replaces AuthzMembership for clarity.',
'App-level membership check (hardcoded membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. For entity-scoped checks (org, channel, etc.), use AuthzEntityMembership instead.',
parameter_schema: {
type: 'object',
properties: {
membership_type: {
type: ['integer', 'string'],
description:
'Scope: 1=app, 2=org, 3+=dynamic entity types (or string name resolved via membership_types_module)',
},
entity_type: {
type: 'string',
description:
"Entity type prefix (e.g. 'channel', 'department'). Resolved to membership_type integer via memberships_module lookup. Use instead of membership_type for readability.",
},
permission: {
type: 'string',
description:
Expand Down
6 changes: 1 addition & 5 deletions packages/node-type-registry/src/blueprint-types.generated.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -452,12 +452,8 @@ export interface SearchVectorParams {
;
/** Allows all access. Generates TRUE expression. */
export type AuthzAllowAllParams = {};
/** App-level membership check (membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. Replaces AuthzMembership for clarity. */
/** App-level membership check (hardcoded membership_type=1). Verifies the user has app membership (optionally with specific permission) without binding to any entity from the row. Uses EXISTS subquery against SPRT table. For entity-scoped checks (org, channel, etc.), use AuthzEntityMembership instead. */
export interface AuthzAppMembershipParams {
/* Scope: 1=app, 2=org, 3+=dynamic entity types (or string name resolved via membership_types_module) */
membership_type?: number | string;
/* Entity type prefix (e.g. 'channel', 'department'). Resolved to membership_type integer via memberships_module lookup. Use instead of membership_type for readability. */
entity_type?: string;
/* Single permission name to check (resolved to bitstring mask) */
permission?: string;
/* Multiple permission names to check (ORed together into mask) */
Expand Down
Loading