Add permission management system with usergroups and ACL support

[artpar]

Summary

This PR introduces a comprehensive permission management system to the Daptin client library, enabling fine-grained access control through bit-flag permissions, usergroup management, and record/table-level ACLs.

Key Changes

New Permission System (lib/clients/permission.ts)

• PermissionOp enum: Defines 7 permission operations (Peek, Read, Create, Update, Delete, Execute, Refer) as bit flags
• PermissionSubject enum: Defines three permission subjects (Guest, Owner, Group) with bit-shift offsets for composing permission integers
• PermissionBuilder: Fluent API for constructing permission values
• Permission namespace: Static utility functions for:
  • build(): Fluent permission builder
  • combine(): Compose permissions from three subject bitmasks
  • parse(): Convert integer to human-readable ParsedPermission object
  • can(): Check if a permission grants a specific operation
  • describe(): Generate human-readable permission descriptions
  • Presets: Common permission configurations (NONE, OWNER_FULL, PUBLIC_READ, DEFAULT, UNIVERSAL, OWNER_FULL_GROUP_READ)

New Permission Manager (lib/clients/permissionmanager.ts)

• Usergroup CRUD: List, get, create, update, delete usergroups
• Group Membership: Add/remove users from groups, query user groups and group members
• Record Permissions: Get/set permissions on individual records
• Table Permissions: Get/set permissions on tables (world records) by name or reference ID
• High-level API: shareWithGroup() method that handles both table-level and record-level permissions to prevent the "403 even though I set permission" footgun

Interface Updates (lib/clients/interface.ts)

• Added Usergroup interface for usergroup data
• Added GroupMember interface for relationship data
• Added SubjectPermissions interface for parsed single-subject permissions
• Added ParsedPermission interface for complete parsed permission objects

Integration Updates

• WorldManager: Registered the user-usergroup junction table (user_account_user_account_id_has_usergroup_usergroup_id) for JSON API
• DaptinClient: Instantiated PermissionManager and re-exported permission utilities for direct import
• tsconfig.json: Added skipLibCheck: true to improve build performance

Notable Implementation Details

• Bit-flag design: Permissions use a 21-bit integer (3 subjects × 7 bits each) for efficient storage and comparison
• Promise-based API: All async operations return Promises for consistent async handling
• JSON:API compliance: Uses JSON:API format for HTTP requests/responses
• Smart sharing: shareWithGroup() automatically ensures table-level permissions before setting record permissions, preventing common authorization issues
• Flexible permission setting: Supports both preset permissions and custom bit-flag values

https://claude.ai/code/session_01VyBcD34waoxJwBVBtLTHkn