auth/permit_queries.ts

Permit database queries.
Permits are time-bounded, revocable grants of a role to an actor.
The system is safe by default — no permit, no capability.

Declarations
#

7 declarations

view source

query_grant_permit
#

auth/permit_queries.ts view source

(deps: QueryDeps, input: GrantPermitInput): Promise<Permit>

Grant a permit to an actor.
Idempotent — if an active permit already exists for this actor and role,
returns the existing permit instead of creating a duplicate.

`deps`

query dependencies

type QueryDeps

`input`

the permit fields

type GrantPermitInput

returns

Promise<Permit>

the created or existing active permit

query_permit_find_account_id_for_role
#

auth/permit_queries.ts view source

(deps: QueryDeps, role: string): Promise<string | null>

Find the account ID of an account that holds an active permit for a given role.
Joins permit → actor → account. Returns the first match, or null if none.

`deps`

query dependencies

type QueryDeps

`role`

the role to search for

type string

returns

Promise<string | null>

the account ID, or null

query_permit_find_active_for_actor
#

auth/permit_queries.ts view source

(deps: QueryDeps, actor_id: string): Promise<Permit[]>

Find all active (non-revoked, non-expired) permits for an actor.

`deps`

type QueryDeps

`actor_id`

type string

returns

Promise<Permit[]>

query_permit_has_role
#

auth/permit_queries.ts view source

(deps: QueryDeps, actor_id: string, role: string): Promise<boolean>

Check if an actor has an active permit for a given role.

`deps`

type QueryDeps

`actor_id`

type string

`role`

type string

returns

Promise<boolean>

query_permit_list_for_actor
#

auth/permit_queries.ts view source

(deps: QueryDeps, actor_id: string): Promise<Permit[]>

List all permits for an actor (including revoked/expired).

`deps`

type QueryDeps

`actor_id`

type string

returns

Promise<Permit[]>

query_permit_revoke_role
#

auth/permit_queries.ts view source

(deps: QueryDeps, actor_id: string, role: string, revoked_by: string | null): Promise<boolean>

Revoke the active permit for an actor with a given role.
Due to the unique partial index on (actor_id, role) WHERE revoked_at IS NULL,
at most one active permit exists per actor+role combination.

`deps`

query dependencies

type QueryDeps

`actor_id`

the actor whose permit to revoke

type string

`role`

the role to revoke

type string

`revoked_by`

the actor who revoked it (for audit trail)

type string | null

returns

Promise<boolean>

true if a permit was revoked, false if none was active

query_revoke_permit
#

auth/permit_queries.ts view source

(deps: QueryDeps, permit_id: string, actor_id: string, revoked_by: string | null): Promise<{ id: string; role: string; } | null>

Revoke a permit by id, constrained to a specific actor.
Requires actor_id to prevent cross-account revocation (IDOR guard).
Returns null if the permit is not found, already revoked, or belongs
to a different actor. Returns {id, role} on success for audit logging.

`deps`

query dependencies

type QueryDeps

`permit_id`

the permit to revoke

type string

`actor_id`

the actor that must own the permit

type string

`revoked_by`

the actor who revoked it (for audit trail)

type string | null

returns

Promise<{ id: string; role: string; } | null>

Depends on
#

db/assert_row.ts