@acmekit/rbac 2.13.1

package/dist/models/rbac-role.js

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@acmekit/framework/utils");
+const rbac_role_parent_1 = __importDefault(require("./rbac-role-parent"));
+const rbac_role_policy_1 = __importDefault(require("./rbac-role-policy"));
+const RbacRole = utils_1.model
+    .define("rbac_role", {
+    id: utils_1.model.id({ prefix: "role" }).primaryKey(),
+    name: utils_1.model.text().searchable(),
+    description: utils_1.model.text().nullable(),
+    metadata: utils_1.model.json().nullable(),
+    policies: utils_1.model.hasMany(() => rbac_role_policy_1.default, {
+        mappedBy: "role",
+    }),
+    parents: utils_1.model.hasMany(() => rbac_role_parent_1.default, {
+        mappedBy: "role",
+    }),
+})
+    .indexes([
+    {
+        on: ["name"],
+        unique: true,
+        where: "deleted_at IS NULL",
+    },
+]);
+exports.default = RbacRole;
+//# sourceMappingURL=rbac-role.js.map

package/dist/models/rbac-role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-role.js","sourceRoot":"","sources":["../../src/models/rbac-role.ts"],"names":[],"mappings":";;;;;AAAA,oDAAgD;AAChD,0EAA+C;AAC/C,0EAA+C;AAE/C,MAAM,QAAQ,GAAG,aAAK;KACnB,MAAM,CAAC,WAAW,EAAE;IACnB,EAAE,EAAE,aAAK,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE;IAC7C,IAAI,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,UAAU,EAAE;IAC/B,WAAW,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,aAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,0BAAc,EAAE;QAC5C,QAAQ,EAAE,MAAM;KACjB,CAAC;IACF,OAAO,EAAE,aAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,0BAAc,EAAE;QAC3C,QAAQ,EAAE,MAAM;KACjB,CAAC;CACH,CAAC;KACD,OAAO,CAAC;IACP;QACE,EAAE,EAAE,CAAC,MAAM,CAAC;QACZ,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,oBAAoB;KAC5B;CACF,CAAC,CAAA;AAEJ,kBAAe,QAAQ,CAAA"}

package/dist/repositories/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./rbac";
+//# sourceMappingURL=index.d.ts.map

package/dist/repositories/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/repositories/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA"}

package/dist/repositories/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./rbac"), exports);
+//# sourceMappingURL=index.js.map

package/dist/repositories/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/repositories/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAsB"}

package/dist/repositories/rbac.d.ts

@@ -0,0 +1,9 @@
+import { Context } from "@acmekit/framework/types";
+import { MikroOrmBase } from "@acmekit/framework/utils";
+export declare class RbacRepository extends MikroOrmBase {
+    constructor();
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listPoliciesForRoles(roleIds: string[], sharedContext?: Context): Promise<Map<string, any[]>>;
+    checkForCycle(roleId: string, parentId: string, sharedContext?: Context): Promise<boolean>;
+}
+//# sourceMappingURL=rbac.d.ts.map

package/dist/repositories/rbac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAA;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAEvD,qBAAa,cAAe,SAAQ,YAAY;;IAOxC,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,EAAE,CAAC;IAQX,oBAAoB,CACxB,OAAO,EAAE,MAAM,EAAE,EACjB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAiExB,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;CA+BpB"}

package/dist/repositories/rbac.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacRepository = void 0;
+const utils_1 = require("@acmekit/framework/utils");
+class RbacRepository extends utils_1.MikroOrmBase {
+    constructor() {
+        // @ts-ignore
+        // eslint-disable-next-line prefer-rest-params
+        super(...arguments);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        const policiesByRole = await this.listPoliciesForRoles([roleId], sharedContext);
+        return policiesByRole.get(roleId) || [];
+    }
+    async listPoliciesForRoles(roleIds, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        if (!roleIds?.length) {
+            return new Map();
+        }
+        const placeholders = roleIds.map(() => "?").join(",");
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, name, id as original_role_id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id IN (${placeholders}) AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, r.name, rh.original_role_id, rh.path || r.id
+        FROM rbac_role r
+        INNER JOIN rbac_role_parent ri ON ri.parent_id = r.id
+        INNER JOIN role_hierarchy rh ON rh.id = ri.role_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT DISTINCT
+        rh.original_role_id,
+        p.id,
+        p.key,
+        p.resource,
+        p.operation,
+        p.name,
+        p.description,
+        p.metadata,
+        p.created_at,
+        p.updated_at,
+        CASE WHEN rp.role_id = rh.original_role_id THEN NULL ELSE rp.role_id END as inherited_from_role_id
+      FROM rbac_policy p
+      INNER JOIN rbac_role_policy rp ON rp.policy_id = p.id
+      INNER JOIN role_hierarchy rh ON rh.id = rp.role_id
+      WHERE p.deleted_at IS NULL AND rp.deleted_at IS NULL
+      ORDER BY rh.original_role_id, p.resource, p.operation, p.key
+    `;
+        const result = await knex.raw(query, roleIds);
+        const rows = result.rows || [];
+        // Group policies by role_id
+        const policiesByRole = new Map();
+        for (const row of rows) {
+            const roleId = row.original_role_id;
+            delete row.original_role_id;
+            if (!policiesByRole.has(roleId)) {
+                policiesByRole.set(roleId, []);
+            }
+            policiesByRole.get(roleId).push(row);
+        }
+        return policiesByRole;
+    }
+    async checkForCycle(roleId, parentId, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        // Check if adding this parent would create a circular dependency
+        // A cycle exists if role_id is already an ancestor of parent_id
+        // (i.e., if we traverse up from parent_id, we reach role_id)
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id = ? AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, rh.path || r.id
+        FROM role_hierarchy rh
+        INNER JOIN rbac_role_parent ri ON ri.role_id = rh.id
+        INNER JOIN rbac_role r ON r.id = ri.parent_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT EXISTS(
+        SELECT 1 FROM role_hierarchy WHERE id = ?
+      ) as has_cycle
+    `;
+        const result = await knex.raw(query, [parentId, roleId]);
+        return result.rows[0]?.has_cycle || false;
+    }
+}
+exports.RbacRepository = RbacRepository;
+//# sourceMappingURL=rbac.js.map

package/dist/repositories/rbac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":";;;AAEA,oDAAuD;AAEvD,MAAa,cAAe,SAAQ,oBAAY;IAC9C;QACE,aAAa;QACb,8CAA8C;QAC9C,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACd,gBAAyB,EAAE;QAE3B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACpD,CAAC,MAAM,CAAC,EACR,aAAa,CACd,CAAA;QACD,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAiB,EACjB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACrB,OAAO,IAAI,GAAG,EAAE,CAAA;QAClB,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAErD,MAAM,KAAK,GAAG;;;;uBAIK,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA6B9B,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAA;QAE9B,4BAA4B;QAC5B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAA;QAE/C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAA;YACnC,OAAO,GAAG,CAAC,gBAAgB,CAAA;YAE3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;YAChC,CAAC;YAED,cAAc,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACvC,CAAC;QAED,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,QAAgB,EAChB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,iEAAiE;QACjE,gEAAgE;QAChE,6DAA6D;QAC7D,MAAM,KAAK,GAAG;;;;;;;;;;;;;;;;;;;KAmBb,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAA;QACxD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,KAAK,CAAA;IAC3C,CAAC;CACF;AAzHD,wCAyHC"}

package/dist/services/index.d.ts

@@ -0,0 +1,2 @@
+export { default as RbacModuleService } from "./rbac-module-service";
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/services/index.js

@@ -0,0 +1,9 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacModuleService = void 0;
+var rbac_module_service_1 = require("./rbac-module-service");
+Object.defineProperty(exports, "RbacModuleService", { enumerable: true, get: function () { return __importDefault(rbac_module_service_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;AAAA,6DAAoE;AAA3D,yIAAA,OAAO,OAAqB"}

package/dist/services/rbac-module-service.d.ts

@@ -0,0 +1,138 @@
+import { Context, FilterableRbacRoleProps, FindConfig, RbacRoleDTO } from "@acmekit/framework/types";
+import { CreateRbacRoleParentDTO, InferEntityType, IRbacModuleService, ModulesSdkTypes, RbacRoleParentDTO, UpdateRbacRoleParentDTO } from "@acmekit/types";
+import { RbacPolicy, RbacRole, RbacRolePolicy } from "../models";
+import { RbacRepository } from "../repositories";
+type InjectedDependencies = {
+    rbacRepository: RbacRepository;
+    rbacRolePolicyService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacRolePolicy>>;
+    rbacRoleService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacRole>>;
+    rbacPolicyService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacPolicy>>;
+};
+declare const RbacModuleService_base: import("@acmekit/framework/utils").AcmeKitServiceReturnType<import("@acmekit/framework/utils").ModelConfigurationsToConfigTemplate<{
+    readonly RbacRole: import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+        name: import("@acmekit/framework/utils").TextProperty;
+        description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+        metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+        policies: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            policy: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                key: import("@acmekit/framework/utils").TextProperty;
+                resource: import("@acmekit/framework/utils").TextProperty;
+                operation: import("@acmekit/framework/utils").TextProperty;
+                name: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            }>, "rbac_policy">, undefined>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+        }>, "rbac_role_policy">>;
+        parents: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            parent: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+        }>, "rbac_role_parent">>;
+    }>, "rbac_role">;
+    readonly RbacPolicy: import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+        key: import("@acmekit/framework/utils").TextProperty;
+        resource: import("@acmekit/framework/utils").TextProperty;
+        operation: import("@acmekit/framework/utils").TextProperty;
+        name: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+        description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+        metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+    }>, "rbac_policy">;
+    readonly RbacRoleParent: import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+        role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            name: import("@acmekit/framework/utils").TextProperty;
+            description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            policies: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                    key: import("@acmekit/framework/utils").TextProperty;
+                    resource: import("@acmekit/framework/utils").TextProperty;
+                    operation: import("@acmekit/framework/utils").TextProperty;
+                    name: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                    description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                    metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        parent: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            name: import("@acmekit/framework/utils").TextProperty;
+            description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            policies: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                    key: import("@acmekit/framework/utils").TextProperty;
+                    resource: import("@acmekit/framework/utils").TextProperty;
+                    operation: import("@acmekit/framework/utils").TextProperty;
+                    name: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                    description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+                    metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+    }>, "rbac_role_parent">;
+    readonly RbacRolePolicy: import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+        role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            name: import("@acmekit/framework/utils").TextProperty;
+            description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            policies: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_policy">>;
+            parents: import("@acmekit/framework/utils").HasMany<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+                role: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                parent: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+            }>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        policy: import("@acmekit/framework/utils").BelongsTo<() => import("@acmekit/framework/utils").DmlEntity<import("@acmekit/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@acmekit/framework/utils").PrimaryKeyModifier<string, import("@acmekit/framework/utils").IdProperty>;
+            key: import("@acmekit/framework/utils").TextProperty;
+            resource: import("@acmekit/framework/utils").TextProperty;
+            operation: import("@acmekit/framework/utils").TextProperty;
+            name: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+            description: import("@acmekit/framework/utils").NullableModifier<string, import("@acmekit/framework/utils").TextProperty>;
+            metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+        }>, "rbac_policy">, undefined>;
+        metadata: import("@acmekit/framework/utils").NullableModifier<Record<string, unknown>, import("@acmekit/framework/utils").JSONProperty>;
+    }>, "rbac_role_policy">;
+}>>;
+export default class RbacModuleService extends RbacModuleService_base implements IRbacModuleService {
+    protected readonly rbacRepository_: RbacRepository;
+    protected readonly rbacRolePolicyService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacRolePolicy>>;
+    protected readonly rbacRoleService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacRole>>;
+    protected readonly rbacPolicyService: ModulesSdkTypes.IAcmeKitInternalService<InferEntityType<typeof RbacPolicy>>;
+    constructor({ rbacRepository, rbacRoleService, rbacPolicyService, rbacRolePolicyService, }: InjectedDependencies);
+    __hooks: {
+        onApplicationStart: () => Promise<void>;
+    };
+    onApplicationStart(): Promise<void>;
+    private syncRegisteredPolicies;
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listRbacRoles(filters?: FilterableRbacRoleProps, config?: FindConfig<RbacRoleDTO>, sharedContext?: Context): Promise<RbacRoleDTO[]>;
+    listAndCountRbacRoles(filters?: FilterableRbacRoleProps, config?: FindConfig<RbacRoleDTO>, sharedContext?: Context): Promise<[RbacRoleDTO[], number]>;
+    createRbacRoleParents(data: CreateRbacRoleParentDTO[], sharedContext?: Context): Promise<RbacRoleParentDTO[]>;
+    updateRbacRoleParents(data: UpdateRbacRoleParentDTO[], sharedContext?: Context): Promise<RbacRoleParentDTO[]>;
+}
+export {};
+//# sourceMappingURL=rbac-module-service.d.ts.map

package/dist/services/rbac-module-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.d.ts","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EACP,uBAAuB,EACvB,UAAU,EACV,WAAW,EACZ,MAAM,0BAA0B,CAAA;AASjC,OAAO,EACL,uBAAuB,EACvB,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,iBAAiB,EACjB,uBAAuB,EACxB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAkB,cAAc,EAAE,MAAM,SAAS,CAAA;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,KAAK,oBAAoB,GAAG;IAC1B,cAAc,EAAE,cAAc,CAAA;IAC9B,qBAAqB,EAAE,eAAe,CAAC,uBAAuB,CAC5D,eAAe,CAAC,OAAO,cAAc,CAAC,CACvC,CAAA;IACD,eAAe,EAAE,eAAe,CAAC,uBAAuB,CACtD,eAAe,CAAC,OAAO,QAAQ,CAAC,CACjC,CAAA;IACD,iBAAiB,EAAE,eAAe,CAAC,uBAAuB,CACxD,eAAe,CAAC,OAAO,UAAU,CAAC,CACnC,CAAA;CACF,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAID,MAAM,CAAC,OAAO,OAAO,iBACnB,SAAQ,sBAMR,YAAW,kBAAkB;IAE7B,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,cAAc,CAAA;IAClD,SAAS,CAAC,QAAQ,CAAC,qBAAqB,EAAE,eAAe,CAAC,uBAAuB,CAC/E,eAAe,CAAC,OAAO,cAAc,CAAC,CACvC,CAAA;IACD,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,eAAe,CAAC,uBAAuB,CACzE,eAAe,CAAC,OAAO,QAAQ,CAAC,CACjC,CAAA;IACD,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,eAAe,CAAC,uBAAuB,CAC3E,eAAe,CAAC,OAAO,UAAU,CAAC,CACnC,CAAA;gBAEW,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,EAAE,oBAAoB;IASvB,OAAO;;MAIN;IAEK,kBAAkB,IAAI,OAAO,CAAC,IAAI,CAAC;YAK3B,sBAAsB;IAsF9B,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACI,aAAa,GAAE,OAAY,GAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;IAMX,aAAa,CACjB,OAAO,GAAE,uBAA4B,EACrC,MAAM,GAAE,UAAU,CAAC,WAAW,CAAM,EAClB,aAAa,GAAE,OAAY,GAC5C,OAAO,CAAC,WAAW,EAAE,CAAC;IA4BnB,qBAAqB,CACzB,OAAO,GAAE,uBAA4B,EACrC,MAAM,GAAE,UAAU,CAAC,WAAW,CAAM,EAClB,aAAa,GAAE,OAAY,GAC5C,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,CAAC,CAAC;IA4B7B,qBAAqB,CACzB,IAAI,EAAE,uBAAuB,EAAE,EACb,aAAa,GAAE,OAAY,GAC5C,OAAO,CAAC,iBAAiB,EAAE,CAAC;IA4BzB,qBAAqB,CACzB,IAAI,EAAE,uBAAuB,EAAE,EACb,aAAa,GAAE,OAAY,GAC5C,OAAO,CAAC,iBAAiB,EAAE,CAAC;CA2BhC"}

package/dist/services/rbac-module-service.js

@@ -0,0 +1,216 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@acmekit/framework/utils");
+const _models_1 = require("../models");
+const SUPER_ADMIN_KEY = "*:*";
+class RbacModuleService extends (0, utils_1.AcmeKitService)({
+    RbacRole: _models_1.RbacRole,
+    RbacPolicy: _models_1.RbacPolicy,
+    RbacRoleParent: _models_1.RbacRoleParent,
+    RbacRolePolicy: _models_1.RbacRolePolicy,
+}) {
+    constructor({ rbacRepository, rbacRoleService, rbacPolicyService, rbacRolePolicyService, }) {
+        // @ts-ignore
+        super(...arguments);
+        this.__hooks = {
+            onApplicationStart: async () => {
+                this.onApplicationStart();
+            },
+        };
+        this.rbacRepository_ = rbacRepository;
+        this.rbacRolePolicyService = rbacRolePolicyService;
+        this.rbacRoleService = rbacRoleService;
+        this.rbacPolicyService = rbacPolicyService;
+    }
+    async onApplicationStart() {
+        await this.syncRegisteredPolicies();
+    }
+    async syncRegisteredPolicies(sharedContext = {}) {
+        const registeredPolicies = Object.entries(utils_1.Policy).map(([name, { resource, operation, description }]) => ({
+            key: `${resource}:${operation}`,
+            name,
+            resource,
+            operation,
+            description,
+        }));
+        const registeredKeys = registeredPolicies.map((p) => p.key);
+        // Fetch all existing policies (including soft-deleted ones)
+        const existingPolicies = await this.listRbacPolicies({}, { withDeleted: true }, sharedContext);
+        const existingPoliciesMap = new Map(existingPolicies.map((p) => [p.key, p]));
+        const policiesToCreate = [];
+        const policiesToUpdate = [];
+        const policiesToRestore = [];
+        // Process registered policies
+        for (const registeredPolicy of registeredPolicies) {
+            if (registeredPolicy.key === "*" && registeredPolicy.operation === "*") {
+                continue;
+            }
+            const existing = existingPoliciesMap.get(registeredPolicy.key);
+            const hasChanges = existing &&
+                (existing.name !== registeredPolicy.name ||
+                    existing.description !== registeredPolicy.description);
+            if (!existing) {
+                policiesToCreate.push(registeredPolicy);
+            }
+            else if (existing.deleted_at) {
+                policiesToRestore.push(existing.id);
+                if (hasChanges) {
+                    policiesToUpdate.push({
+                        id: existing.id,
+                        name: registeredPolicy.name,
+                        description: registeredPolicy.description,
+                    });
+                }
+            }
+            else if (hasChanges) {
+                policiesToUpdate.push({
+                    id: existing.id,
+                    name: registeredPolicy.name,
+                    description: registeredPolicy.description,
+                });
+            }
+        }
+        const policiesToSoftDelete = existingPolicies
+            .filter((p) => !p.deleted_at &&
+            !registeredKeys.includes(p.key) &&
+            p.key !== SUPER_ADMIN_KEY)
+            .map((p) => p.id);
+        // First restore any soft-deleted policies
+        if (policiesToRestore.length > 0) {
+            await this.restoreRbacPolicies(policiesToRestore, {}, sharedContext);
+        }
+        await (0, utils_1.promiseAll)([
+            policiesToCreate.length > 0 &&
+                this.rbacPolicyService.create(policiesToCreate, sharedContext),
+            policiesToUpdate.length > 0 &&
+                this.rbacPolicyService.upsert(policiesToUpdate, sharedContext),
+            policiesToSoftDelete.length > 0 &&
+                this.rbacPolicyService.softDelete(policiesToSoftDelete, sharedContext),
+        ]);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        return await this.rbacRepository_.listPoliciesForRole(roleId, sharedContext);
+    }
+    // @ts-expect-error
+    async listRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const roles = await super.listRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return roles;
+    }
+    // @ts-expect-error
+    async listAndCountRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const [roles, count] = await super.listAndCountRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return [roles, count];
+    }
+    // @ts-expect-error
+    async createRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (role_id === parent_id) {
+                throw new Error(`Cannot create role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+            }
+            const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+            if (wouldCreateCycle) {
+                throw new Error(`Cannot create role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+            }
+        }
+        return await super.createRbacRoleParents(data, sharedContext);
+    }
+    // @ts-expect-error
+    async updateRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (parent_id) {
+                if (role_id === parent_id) {
+                    throw new Error(`Cannot update role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+                }
+                const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+                if (wouldCreateCycle) {
+                    throw new Error(`Cannot update role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+                }
+            }
+        }
+        return await super.updateRbacRoleParents(data, sharedContext);
+    }
+}
+exports.default = RbacModuleService;
+__decorate([
+    (0, utils_1.InjectTransactionManager)(),
+    __param(0, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "syncRegisteredPolicies", null);
+__decorate([
+    (0, utils_1.InjectManager)(),
+    __param(1, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listPoliciesForRole", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(2, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(2, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listAndCountRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(1, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "createRbacRoleParents", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error
+    ,
+    __param(1, (0, utils_1.AcmeKitContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "updateRbacRoleParents", null);
+//# sourceMappingURL=rbac-module-service.js.map

package/dist/services/rbac-module-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.js","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AAMA,oDAOiC;AASjC,qCAA8E;AAgB9E,MAAM,eAAe,GAAG,KAAK,CAAA;AAE7B,MAAqB,iBACnB,SAAQ,IAAA,sBAAc,EAAC;IACrB,QAAQ,EAAR,kBAAQ;IACR,UAAU,EAAV,oBAAU;IACV,cAAc,EAAd,wBAAc;IACd,cAAc,EAAd,wBAAc;CACf,CAAC;IAcF,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACA;QACrB,aAAa;QACb,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;QAOrB,YAAO,GAAG;YACR,kBAAkB,EAAE,KAAK,IAAI,EAAE;gBAC7B,IAAI,CAAC,kBAAkB,EAAE,CAAA;YAC3B,CAAC;SACF,CAAA;QAVC,IAAI,CAAC,eAAe,GAAG,cAAc,CAAA;QACrC,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAA;QAClD,IAAI,CAAC,eAAe,GAAG,eAAe,CAAA;QACtC,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;IAC5C,CAAC;IAQD,KAAK,CAAC,kBAAkB;QACtB,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;IACrC,CAAC;IAGa,AAAN,KAAK,CAAC,sBAAsB,CAChB,gBAAyB,EAAE;QAE7C,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,cAAM,CAAC,CAAC,GAAG,CACnD,CAAC,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,GAAG,EAAE,GAAG,QAAQ,IAAI,SAAS,EAAE;YAC/B,IAAI;YACJ,QAAQ;YACR,SAAS;YACT,WAAW;SACZ,CAAC,CACH,CAAA;QAED,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAE3D,4DAA4D;QAC5D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAClD,EAAE,EACF,EAAE,WAAW,EAAE,IAAI,EAAE,EACrB,aAAa,CACd,CAAA;QAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAE5E,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,iBAAiB,GAAa,EAAE,CAAA;QAEtC,8BAA8B;QAC9B,KAAK,MAAM,gBAAgB,IAAI,kBAAkB,EAAE,CAAC;YAClD,IAAI,gBAAgB,CAAC,GAAG,KAAK,GAAG,IAAI,gBAAgB,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBACvE,SAAQ;YACV,CAAC;YAED,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YAE9D,MAAM,UAAU,GACd,QAAQ;gBACR,CAAC,QAAQ,CAAC,IAAI,KAAK,gBAAgB,CAAC,IAAI;oBACtC,QAAQ,CAAC,WAAW,KAAK,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAE1D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACzC,CAAC;iBAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBACnC,IAAI,UAAU,EAAE,CAAC;oBACf,gBAAgB,CAAC,IAAI,CAAC;wBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;wBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;wBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;qBAC1C,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACtB,gBAAgB,CAAC,IAAI,CAAC;oBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;oBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;iBAC1C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,GAAG,gBAAgB;aAC1C,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,UAAU;YACb,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/B,CAAC,CAAC,GAAG,KAAK,eAAe,CAC5B;aACA,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAEnB,0CAA0C;QAC1C,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,EAAE,EAAE,aAAa,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAA,kBAAU,EAAC;YACf,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC;YAChE,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC;YAChE,oBAAoB,CAAC,MAAM,GAAG,CAAC;gBAC7B,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,oBAAoB,EAAE,aAAa,CAAC;SACzE,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACI,gBAAyB,EAAE;QAE7C,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC9E,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,aAAa,CACjB,UAAmC,EAAE,EACrC,SAAkC,EAAE,EAClB,gBAAyB,EAAE;QAE7C,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,aAAa,CACrC,OAAO,EACP,MAAa,EACb,aAAa,CACd,CAAA;QAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC5C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,KAAiC,CAAA;IAC1C,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,UAAmC,EAAE,EACrC,SAAkC,EAAE,EAClB,gBAAyB,EAAE;QAE7C,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,qBAAqB,CACtD,OAAO,EACP,MAAa,EACb,aAAa,CACd,CAAA;QAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAC5C,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAiC,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,IAA+B,EACb,gBAAyB,EAAE;QAE7C,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;YACH,CAAC;YAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAO,EACP,SAAS,EACT,aAAa,CACd,CAAA;YAED,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC/D,CAAC;IAIK,AADN,mBAAmB;IACnB,KAAK,CAAC,qBAAqB,CACzB,IAA+B,EACb,gBAAyB,EAAE;QAE7C,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;gBACH,CAAC;gBAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAQ,EACR,SAAS,EACT,aAAa,CACd,CAAA;gBAED,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAC/D,CAAC;CACF;AAzQD,oCAyQC;AA5Ne;IADb,IAAA,gCAAwB,GAAE;IAExB,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;+DAkFlB;AAGK;IADL,IAAA,qBAAa,GAAE;IAGb,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;4DAGlB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAIhB,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;sDAyBlB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAIhB,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;8DAyBlB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAGhB,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;8DAyBlB;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,mBAAmB;;IAGhB,WAAA,IAAA,sBAAc,GAAE,CAAA;;;;8DA2BlB"}

package/dist/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/loaders/initial-data.ts","../src/migrations/migration20251219163509.ts","../src/models/index.ts","../src/models/rbac-policy.ts","../src/models/rbac-role-inheritance.ts","../src/models/rbac-role-parent.ts","../src/models/rbac-role-policy.ts","../src/models/rbac-role.ts","../src/repositories/index.ts","../src/repositories/rbac.ts","../src/services/index.ts","../src/services/rbac-module-service.ts","../src/types/index.ts"],"version":"5.9.3"}

package/dist/types/index.d.ts

@@ -0,0 +1,2 @@
+export type RbacModuleOptions = Record<string, unknown>;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA"}

package/dist/types/index.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}