@ahksolution/permissions-sdk 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +290 -0
- package/dist/client/index.d.ts +3 -0
- package/dist/client/index.d.ts.map +1 -0
- package/dist/client/index.js +19 -0
- package/dist/client/index.js.map +1 -0
- package/dist/client/permissions-client.module.d.ts +74 -0
- package/dist/client/permissions-client.module.d.ts.map +1 -0
- package/dist/client/permissions-client.module.js +109 -0
- package/dist/client/permissions-client.module.js.map +1 -0
- package/dist/client/permissions-grpc.client.d.ts +45 -0
- package/dist/client/permissions-grpc.client.d.ts.map +1 -0
- package/dist/client/permissions-grpc.client.js +182 -0
- package/dist/client/permissions-grpc.client.js.map +1 -0
- package/dist/constants.d.ts +44 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +48 -0
- package/dist/constants.js.map +1 -0
- package/dist/decorators/index.d.ts +2 -0
- package/dist/decorators/index.d.ts.map +1 -0
- package/dist/decorators/index.js +18 -0
- package/dist/decorators/index.js.map +1 -0
- package/dist/decorators/require-permissions.decorator.d.ts +51 -0
- package/dist/decorators/require-permissions.decorator.d.ts.map +1 -0
- package/dist/decorators/require-permissions.decorator.js +69 -0
- package/dist/decorators/require-permissions.decorator.js.map +1 -0
- package/dist/guards/index.d.ts +2 -0
- package/dist/guards/index.d.ts.map +1 -0
- package/dist/guards/index.js +18 -0
- package/dist/guards/index.js.map +1 -0
- package/dist/guards/permissions.guard.d.ts +55 -0
- package/dist/guards/permissions.guard.d.ts.map +1 -0
- package/dist/guards/permissions.guard.js +139 -0
- package/dist/guards/permissions.guard.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +27 -0
- package/dist/index.js.map +1 -0
- package/dist/proto/permissions.proto +150 -0
- package/dist/types/evaluation.types.d.ts +80 -0
- package/dist/types/evaluation.types.d.ts.map +1 -0
- package/dist/types/evaluation.types.js +14 -0
- package/dist/types/evaluation.types.js.map +1 -0
- package/dist/types/grpc.types.d.ts +97 -0
- package/dist/types/grpc.types.d.ts.map +1 -0
- package/dist/types/grpc.types.js +15 -0
- package/dist/types/grpc.types.js.map +1 -0
- package/dist/types/index.d.ts +4 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +20 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/permission.types.d.ts +51 -0
- package/dist/types/permission.types.d.ts.map +1 -0
- package/dist/types/permission.types.js +8 -0
- package/dist/types/permission.types.js.map +1 -0
- package/package.json +60 -0
- package/src/proto/permissions.proto +150 -0
|
@@ -0,0 +1,182 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
|
+
};
|
|
14
|
+
var PermissionsGrpcClient_1;
|
|
15
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
+
exports.PermissionsGrpcClient = void 0;
|
|
17
|
+
const common_1 = require("@nestjs/common");
|
|
18
|
+
const rxjs_1 = require("rxjs");
|
|
19
|
+
const constants_1 = require("../constants");
|
|
20
|
+
/**
|
|
21
|
+
* Maps gRPC evaluation source enum to TypeScript type
|
|
22
|
+
*/
|
|
23
|
+
function mapEvaluationSource(source) {
|
|
24
|
+
const sourceMap = {
|
|
25
|
+
0: 'denied',
|
|
26
|
+
1: 'rbac',
|
|
27
|
+
2: 'abac',
|
|
28
|
+
3: 'break-glass',
|
|
29
|
+
4: 'denied',
|
|
30
|
+
};
|
|
31
|
+
return sourceMap[source];
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Converts gRPC response to domain EvaluationResult
|
|
35
|
+
*/
|
|
36
|
+
function toEvaluationResult(response) {
|
|
37
|
+
return {
|
|
38
|
+
allowed: response.allowed,
|
|
39
|
+
source: mapEvaluationSource(response.source),
|
|
40
|
+
matchedRoles: response.matchedRoles,
|
|
41
|
+
matchedPolicies: response.matchedPolicies,
|
|
42
|
+
reason: response.reason,
|
|
43
|
+
evaluationTimeMs: response.evaluationTimeMs,
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
/**
|
|
47
|
+
* Converts resource context to gRPC format
|
|
48
|
+
*/
|
|
49
|
+
function toGrpcResourceContext(context) {
|
|
50
|
+
if (context === undefined) {
|
|
51
|
+
return undefined;
|
|
52
|
+
}
|
|
53
|
+
const { id, type, ownerId, department, ...rest } = context;
|
|
54
|
+
const attributes = {};
|
|
55
|
+
for (const [key, value] of Object.entries(rest)) {
|
|
56
|
+
if (value !== undefined && value !== null) {
|
|
57
|
+
attributes[key] = typeof value === 'string' ? value : JSON.stringify(value);
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return {
|
|
61
|
+
id,
|
|
62
|
+
type,
|
|
63
|
+
ownerId,
|
|
64
|
+
department,
|
|
65
|
+
attributes: Object.keys(attributes).length > 0 ? attributes : undefined,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Converts request context to gRPC format
|
|
70
|
+
*/
|
|
71
|
+
function toGrpcRequestContext(context) {
|
|
72
|
+
if (context === undefined) {
|
|
73
|
+
return undefined;
|
|
74
|
+
}
|
|
75
|
+
const { ip, userAgent, method, path, ...rest } = context;
|
|
76
|
+
const attributes = {};
|
|
77
|
+
for (const [key, value] of Object.entries(rest)) {
|
|
78
|
+
if (value !== undefined && value !== null) {
|
|
79
|
+
attributes[key] = typeof value === 'string' ? value : JSON.stringify(value);
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
return {
|
|
83
|
+
ip,
|
|
84
|
+
userAgent,
|
|
85
|
+
method,
|
|
86
|
+
path,
|
|
87
|
+
attributes: Object.keys(attributes).length > 0 ? attributes : undefined,
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* gRPC client for the Permissions Service
|
|
92
|
+
* Provides methods to check permissions via gRPC calls to the permissions microservice
|
|
93
|
+
*/
|
|
94
|
+
let PermissionsGrpcClient = PermissionsGrpcClient_1 = class PermissionsGrpcClient {
|
|
95
|
+
client;
|
|
96
|
+
logger = new common_1.Logger(PermissionsGrpcClient_1.name);
|
|
97
|
+
permissionsService;
|
|
98
|
+
constructor(client) {
|
|
99
|
+
this.client = client;
|
|
100
|
+
}
|
|
101
|
+
onModuleInit() {
|
|
102
|
+
this.permissionsService =
|
|
103
|
+
this.client.getService(constants_1.PERMISSIONS_SERVICE_NAME);
|
|
104
|
+
this.logger.log('Permissions gRPC client initialized');
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Check if a user has a specific permission
|
|
108
|
+
*/
|
|
109
|
+
async checkPermission(userId, permissionCode, options) {
|
|
110
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.checkPermission({
|
|
111
|
+
userId,
|
|
112
|
+
permissionCode,
|
|
113
|
+
resourceContext: toGrpcResourceContext(options?.resource),
|
|
114
|
+
requestContext: toGrpcRequestContext(options?.request),
|
|
115
|
+
}));
|
|
116
|
+
return toEvaluationResult(response);
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Check multiple permissions at once
|
|
120
|
+
*/
|
|
121
|
+
async checkBulkPermissions(userId, permissionCodes, options) {
|
|
122
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.checkBulkPermissions({
|
|
123
|
+
userId,
|
|
124
|
+
permissionCodes,
|
|
125
|
+
resourceContext: toGrpcResourceContext(options?.resource),
|
|
126
|
+
requestContext: toGrpcRequestContext(options?.request),
|
|
127
|
+
}));
|
|
128
|
+
const results = {};
|
|
129
|
+
for (const [key, value] of Object.entries(response.results)) {
|
|
130
|
+
results[key] = toEvaluationResult(value);
|
|
131
|
+
}
|
|
132
|
+
return {
|
|
133
|
+
results,
|
|
134
|
+
totalTimeMs: response.totalTimeMs,
|
|
135
|
+
};
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Get all effective permissions for a user
|
|
139
|
+
*/
|
|
140
|
+
async getEffectivePermissions(userId) {
|
|
141
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.getEffectivePermissions({ userId }));
|
|
142
|
+
return {
|
|
143
|
+
permissions: response.permissions,
|
|
144
|
+
roles: response.roles.map((r) => ({
|
|
145
|
+
id: r.id,
|
|
146
|
+
code: r.code,
|
|
147
|
+
name: r.name,
|
|
148
|
+
isSystem: r.isSystem,
|
|
149
|
+
})),
|
|
150
|
+
version: response.version,
|
|
151
|
+
computedAt: new Date(response.computedAt),
|
|
152
|
+
};
|
|
153
|
+
}
|
|
154
|
+
/**
|
|
155
|
+
* Simple boolean check - does user have this permission?
|
|
156
|
+
*/
|
|
157
|
+
async hasPermission(userId, permissionCode) {
|
|
158
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.hasPermission({ userId, permissionCode }));
|
|
159
|
+
return response.hasPermission;
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Check if user has ALL of the specified permissions
|
|
163
|
+
*/
|
|
164
|
+
async hasAllPermissions(userId, permissionCodes) {
|
|
165
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.hasAllPermissions({ userId, permissionCodes }));
|
|
166
|
+
return response.hasPermission;
|
|
167
|
+
}
|
|
168
|
+
/**
|
|
169
|
+
* Check if user has ANY of the specified permissions
|
|
170
|
+
*/
|
|
171
|
+
async hasAnyPermission(userId, permissionCodes) {
|
|
172
|
+
const response = await (0, rxjs_1.firstValueFrom)(this.permissionsService.hasAnyPermission({ userId, permissionCodes }));
|
|
173
|
+
return response.hasPermission;
|
|
174
|
+
}
|
|
175
|
+
};
|
|
176
|
+
exports.PermissionsGrpcClient = PermissionsGrpcClient;
|
|
177
|
+
exports.PermissionsGrpcClient = PermissionsGrpcClient = PermissionsGrpcClient_1 = __decorate([
|
|
178
|
+
(0, common_1.Injectable)(),
|
|
179
|
+
__param(0, (0, common_1.Inject)(constants_1.PERMISSIONS_GRPC_CLIENT)),
|
|
180
|
+
__metadata("design:paramtypes", [Object])
|
|
181
|
+
], PermissionsGrpcClient);
|
|
182
|
+
//# sourceMappingURL=permissions-grpc.client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions-grpc.client.js","sourceRoot":"","sources":["../../src/client/permissions-grpc.client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2CAA0E;AAE1E,+BAAsC;AAEtC,4CAAiF;AAgBjF;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAA4B;IACvD,MAAM,SAAS,GAAmD;QAChE,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,MAAM;QACT,CAAC,EAAE,MAAM;QACT,CAAC,EAAE,aAAa;QAChB,CAAC,EAAE,QAAQ;KACZ,CAAC;IACF,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,QAAiC;IAC3D,OAAO;QACL,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,MAAM,EAAE,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5C,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,eAAe,EAAE,QAAQ,CAAC,eAAe;QACzC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;KAC5C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAyB;IAStD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAC3D,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC1C,UAAU,CAAC,GAAG,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IACD,OAAO;QACL,EAAE;QACF,IAAI;QACJ,OAAO;QACP,UAAU;QACV,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;KACxE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAAwB;IASpD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IACzD,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAChD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAC1C,UAAU,CAAC,GAAG,CAAC,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IACD,OAAO;QACL,EAAE;QACF,SAAS;QACT,MAAM;QACN,IAAI;QACJ,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;KACxE,CAAC;AACJ,CAAC;AAED;;;GAGG;AAEI,IAAM,qBAAqB,6BAA3B,MAAM,qBAAqB;IAMb;IALF,MAAM,GAAG,IAAI,eAAM,CAAC,uBAAqB,CAAC,IAAI,CAAC,CAAC;IACzD,kBAAkB,CAA0B;IAEpD,YAEmB,MAAkB;QAAlB,WAAM,GAAN,MAAM,CAAY;IAClC,CAAC;IAEJ,YAAY;QACV,IAAI,CAAC,kBAAkB;YACrB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAyB,oCAAwB,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,MAAc,EACd,cAAsB,EACtB,OAGC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC;YACtC,MAAM;YACN,cAAc;YACd,eAAe,EAAE,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC;YACzD,cAAc,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;SACvD,CAAC,CACH,CAAC;QACF,OAAO,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,MAAc,EACd,eAAyB,EACzB,OAGC;QAED,MAAM,QAAQ,GAAiC,MAAM,IAAA,qBAAc,EACjE,IAAI,CAAC,kBAAkB,CAAC,oBAAoB,CAAC;YAC3C,MAAM;YACN,eAAe;YACf,eAAe,EAAE,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC;YACzD,cAAc,EAAE,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC;SACvD,CAAC,CACH,CAAC;QACF,MAAM,OAAO,GAAqC,EAAE,CAAC;QACrD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;YACL,OAAO;YACP,WAAW,EAAE,QAAQ,CAAC,WAAW;SAClC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,uBAAuB,CAAC,MAAc;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,kBAAkB,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC,CAC5D,CAAC;QACF,OAAO;YACL,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChC,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;aACrB,CAAC,CAAC;YACH,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,UAAU,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;SAC1C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,MAAc,EAAE,cAAsB;QACxD,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAClE,CAAC;QACF,OAAO,QAAQ,CAAC,aAAa,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,MAAc,EAAE,eAAyB;QAC/D,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CACvE,CAAC;QACF,OAAO,QAAQ,CAAC,aAAa,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAc,EAAE,eAAyB;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAc,EACnC,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CACtE,CAAC;QACF,OAAO,QAAQ,CAAC,aAAa,CAAC;IAChC,CAAC;CACF,CAAA;AAnHY,sDAAqB;gCAArB,qBAAqB;IADjC,IAAA,mBAAU,GAAE;IAMR,WAAA,IAAA,eAAM,EAAC,mCAAuB,CAAC,CAAA;;GALvB,qBAAqB,CAmHjC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* gRPC package name as defined in the proto file
|
|
3
|
+
*/
|
|
4
|
+
export declare const PERMISSIONS_PACKAGE_NAME = "permissions";
|
|
5
|
+
/**
|
|
6
|
+
* gRPC service name as defined in the proto file
|
|
7
|
+
*/
|
|
8
|
+
export declare const PERMISSIONS_SERVICE_NAME = "PermissionsService";
|
|
9
|
+
/**
|
|
10
|
+
* Injection token for the gRPC client
|
|
11
|
+
*/
|
|
12
|
+
export declare const PERMISSIONS_GRPC_CLIENT = "PERMISSIONS_GRPC_CLIENT";
|
|
13
|
+
/**
|
|
14
|
+
* Injection token for the permissions service instance
|
|
15
|
+
*/
|
|
16
|
+
export declare const PERMISSIONS_SERVICE = "PERMISSIONS_SERVICE";
|
|
17
|
+
/**
|
|
18
|
+
* Path to the proto file (relative to package root)
|
|
19
|
+
*/
|
|
20
|
+
export declare const PROTO_PATH: string;
|
|
21
|
+
/**
|
|
22
|
+
* Default gRPC server options
|
|
23
|
+
*/
|
|
24
|
+
export declare const DEFAULT_GRPC_OPTIONS: {
|
|
25
|
+
readonly url: "localhost:50051";
|
|
26
|
+
readonly package: "permissions";
|
|
27
|
+
readonly protoPath: string;
|
|
28
|
+
};
|
|
29
|
+
/**
|
|
30
|
+
* Redis channel for permission change events
|
|
31
|
+
*/
|
|
32
|
+
export declare const PERMISSION_EVENTS_CHANNEL = "permissions:events";
|
|
33
|
+
/**
|
|
34
|
+
* Event types for permission changes
|
|
35
|
+
*/
|
|
36
|
+
export declare const PERMISSION_EVENT_TYPES: {
|
|
37
|
+
readonly ROLE_UPDATED: "role:updated";
|
|
38
|
+
readonly ROLE_DELETED: "role:deleted";
|
|
39
|
+
readonly PERMISSION_ASSIGNED: "permission:assigned";
|
|
40
|
+
readonly PERMISSION_REVOKED: "permission:revoked";
|
|
41
|
+
readonly USER_ROLES_CHANGED: "user:roles:changed";
|
|
42
|
+
readonly CACHE_INVALIDATED: "cache:invalidated";
|
|
43
|
+
};
|
|
44
|
+
//# sourceMappingURL=constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,wBAAwB,uBAAuB,CAAC;AAE7D;;GAEG;AACH,eAAO,MAAM,uBAAuB,4BAA4B,CAAC;AAEjE;;GAEG;AACH,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AAEzD;;GAEG;AACH,eAAO,MAAM,UAAU,QAAgD,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,yBAAyB,uBAAuB,CAAC;AAE9D;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;CAOzB,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PERMISSION_EVENT_TYPES = exports.PERMISSION_EVENTS_CHANNEL = exports.DEFAULT_GRPC_OPTIONS = exports.PROTO_PATH = exports.PERMISSIONS_SERVICE = exports.PERMISSIONS_GRPC_CLIENT = exports.PERMISSIONS_SERVICE_NAME = exports.PERMISSIONS_PACKAGE_NAME = void 0;
|
|
4
|
+
const path_1 = require("path");
|
|
5
|
+
/**
|
|
6
|
+
* gRPC package name as defined in the proto file
|
|
7
|
+
*/
|
|
8
|
+
exports.PERMISSIONS_PACKAGE_NAME = 'permissions';
|
|
9
|
+
/**
|
|
10
|
+
* gRPC service name as defined in the proto file
|
|
11
|
+
*/
|
|
12
|
+
exports.PERMISSIONS_SERVICE_NAME = 'PermissionsService';
|
|
13
|
+
/**
|
|
14
|
+
* Injection token for the gRPC client
|
|
15
|
+
*/
|
|
16
|
+
exports.PERMISSIONS_GRPC_CLIENT = 'PERMISSIONS_GRPC_CLIENT';
|
|
17
|
+
/**
|
|
18
|
+
* Injection token for the permissions service instance
|
|
19
|
+
*/
|
|
20
|
+
exports.PERMISSIONS_SERVICE = 'PERMISSIONS_SERVICE';
|
|
21
|
+
/**
|
|
22
|
+
* Path to the proto file (relative to package root)
|
|
23
|
+
*/
|
|
24
|
+
exports.PROTO_PATH = (0, path_1.join)(__dirname, 'proto', 'permissions.proto');
|
|
25
|
+
/**
|
|
26
|
+
* Default gRPC server options
|
|
27
|
+
*/
|
|
28
|
+
exports.DEFAULT_GRPC_OPTIONS = {
|
|
29
|
+
url: 'localhost:50051',
|
|
30
|
+
package: exports.PERMISSIONS_PACKAGE_NAME,
|
|
31
|
+
protoPath: exports.PROTO_PATH,
|
|
32
|
+
};
|
|
33
|
+
/**
|
|
34
|
+
* Redis channel for permission change events
|
|
35
|
+
*/
|
|
36
|
+
exports.PERMISSION_EVENTS_CHANNEL = 'permissions:events';
|
|
37
|
+
/**
|
|
38
|
+
* Event types for permission changes
|
|
39
|
+
*/
|
|
40
|
+
exports.PERMISSION_EVENT_TYPES = {
|
|
41
|
+
ROLE_UPDATED: 'role:updated',
|
|
42
|
+
ROLE_DELETED: 'role:deleted',
|
|
43
|
+
PERMISSION_ASSIGNED: 'permission:assigned',
|
|
44
|
+
PERMISSION_REVOKED: 'permission:revoked',
|
|
45
|
+
USER_ROLES_CHANGED: 'user:roles:changed',
|
|
46
|
+
CACHE_INVALIDATED: 'cache:invalidated',
|
|
47
|
+
};
|
|
48
|
+
//# sourceMappingURL=constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";;;AAAA,+BAA4B;AAE5B;;GAEG;AACU,QAAA,wBAAwB,GAAG,aAAa,CAAC;AAEtD;;GAEG;AACU,QAAA,wBAAwB,GAAG,oBAAoB,CAAC;AAE7D;;GAEG;AACU,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;GAEG;AACU,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAEzD;;GAEG;AACU,QAAA,UAAU,GAAG,IAAA,WAAI,EAAC,SAAS,EAAE,OAAO,EAAE,mBAAmB,CAAC,CAAC;AAExE;;GAEG;AACU,QAAA,oBAAoB,GAAG;IAClC,GAAG,EAAE,iBAAiB;IACtB,OAAO,EAAE,gCAAwB;IACjC,SAAS,EAAE,kBAAU;CACb,CAAC;AAEX;;GAEG;AACU,QAAA,yBAAyB,GAAG,oBAAoB,CAAC;AAE9D;;GAEG;AACU,QAAA,sBAAsB,GAAG;IACpC,YAAY,EAAE,cAAc;IAC5B,YAAY,EAAE,cAAc;IAC5B,mBAAmB,EAAE,qBAAqB;IAC1C,kBAAkB,EAAE,oBAAoB;IACxC,kBAAkB,EAAE,oBAAoB;IACxC,iBAAiB,EAAE,mBAAmB;CAC9B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,iCAAiC,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./require-permissions.decorator"), exports);
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,kEAAgD"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import type { RequirePermissionsOptions } from '../types';
|
|
2
|
+
/**
|
|
3
|
+
* Decorator to require specific permissions on a controller or method
|
|
4
|
+
*
|
|
5
|
+
* @param permissions - Single permission code or array of permission codes
|
|
6
|
+
* @param options - Options for permission evaluation
|
|
7
|
+
*
|
|
8
|
+
* @example
|
|
9
|
+
* ```typescript
|
|
10
|
+
* // Require a single permission
|
|
11
|
+
* @RequirePermissions('users:read')
|
|
12
|
+
* async getUsers() { ... }
|
|
13
|
+
*
|
|
14
|
+
* // Require ALL permissions (AND logic - default)
|
|
15
|
+
* @RequirePermissions(['users:read', 'users:list'])
|
|
16
|
+
* async getUsers() { ... }
|
|
17
|
+
*
|
|
18
|
+
* // Require ANY of the permissions (OR logic)
|
|
19
|
+
* @RequirePermissions(['users:delete', 'admin:full'], { mode: 'any' })
|
|
20
|
+
* async deleteUser() { ... }
|
|
21
|
+
*
|
|
22
|
+
* // With custom error message
|
|
23
|
+
* @RequirePermissions('admin:full', { errorMessage: 'Admin access required' })
|
|
24
|
+
* async adminAction() { ... }
|
|
25
|
+
* ```
|
|
26
|
+
*/
|
|
27
|
+
export declare function RequirePermissions(permissions: string | readonly string[], options?: RequirePermissionsOptions): MethodDecorator & ClassDecorator;
|
|
28
|
+
/**
|
|
29
|
+
* Alias for RequirePermissions with mode: 'any'
|
|
30
|
+
*
|
|
31
|
+
* @example
|
|
32
|
+
* ```typescript
|
|
33
|
+
* // User needs at least one of these permissions
|
|
34
|
+
* @RequireAnyPermission(['orders:create', 'orders:manage'])
|
|
35
|
+
* async createOrder() { ... }
|
|
36
|
+
* ```
|
|
37
|
+
*/
|
|
38
|
+
export declare function RequireAnyPermission(permissions: string[], options?: Omit<RequirePermissionsOptions, 'mode'>): MethodDecorator & ClassDecorator;
|
|
39
|
+
/**
|
|
40
|
+
* Alias for RequirePermissions with mode: 'all'
|
|
41
|
+
* This is the default behavior, but can be used for clarity
|
|
42
|
+
*
|
|
43
|
+
* @example
|
|
44
|
+
* ```typescript
|
|
45
|
+
* // User needs ALL of these permissions
|
|
46
|
+
* @RequireAllPermissions(['orders:read', 'orders:export'])
|
|
47
|
+
* async exportOrders() { ... }
|
|
48
|
+
* ```
|
|
49
|
+
*/
|
|
50
|
+
export declare function RequireAllPermissions(permissions: string[], options?: Omit<RequirePermissionsOptions, 'mode'>): MethodDecorator & ClassDecorator;
|
|
51
|
+
//# sourceMappingURL=require-permissions.decorator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"require-permissions.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/require-permissions.decorator.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAuB,yBAAyB,EAAE,MAAM,UAAU,CAAC;AAG/E;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,EACvC,OAAO,CAAC,EAAE,yBAAyB,GAClC,eAAe,GAAG,cAAc,CAOlC;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,MAAM,EAAE,EACrB,OAAO,CAAC,EAAE,IAAI,CAAC,yBAAyB,EAAE,MAAM,CAAC,GAChD,eAAe,GAAG,cAAc,CAElC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,EAAE,EACrB,OAAO,CAAC,EAAE,IAAI,CAAC,yBAAyB,EAAE,MAAM,CAAC,GAChD,eAAe,GAAG,cAAc,CAElC"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RequirePermissions = RequirePermissions;
|
|
4
|
+
exports.RequireAnyPermission = RequireAnyPermission;
|
|
5
|
+
exports.RequireAllPermissions = RequireAllPermissions;
|
|
6
|
+
/* eslint-disable @typescript-eslint/naming-convention */
|
|
7
|
+
const common_1 = require("@nestjs/common");
|
|
8
|
+
const types_1 = require("../types");
|
|
9
|
+
/**
|
|
10
|
+
* Decorator to require specific permissions on a controller or method
|
|
11
|
+
*
|
|
12
|
+
* @param permissions - Single permission code or array of permission codes
|
|
13
|
+
* @param options - Options for permission evaluation
|
|
14
|
+
*
|
|
15
|
+
* @example
|
|
16
|
+
* ```typescript
|
|
17
|
+
* // Require a single permission
|
|
18
|
+
* @RequirePermissions('users:read')
|
|
19
|
+
* async getUsers() { ... }
|
|
20
|
+
*
|
|
21
|
+
* // Require ALL permissions (AND logic - default)
|
|
22
|
+
* @RequirePermissions(['users:read', 'users:list'])
|
|
23
|
+
* async getUsers() { ... }
|
|
24
|
+
*
|
|
25
|
+
* // Require ANY of the permissions (OR logic)
|
|
26
|
+
* @RequirePermissions(['users:delete', 'admin:full'], { mode: 'any' })
|
|
27
|
+
* async deleteUser() { ... }
|
|
28
|
+
*
|
|
29
|
+
* // With custom error message
|
|
30
|
+
* @RequirePermissions('admin:full', { errorMessage: 'Admin access required' })
|
|
31
|
+
* async adminAction() { ... }
|
|
32
|
+
* ```
|
|
33
|
+
*/
|
|
34
|
+
function RequirePermissions(permissions, options) {
|
|
35
|
+
const permissionArray = Array.isArray(permissions) ? permissions : [permissions];
|
|
36
|
+
const metadata = {
|
|
37
|
+
permissions: permissionArray,
|
|
38
|
+
options: options ?? {},
|
|
39
|
+
};
|
|
40
|
+
return (0, common_1.SetMetadata)(types_1.PERMISSIONS_METADATA_KEY, metadata);
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Alias for RequirePermissions with mode: 'any'
|
|
44
|
+
*
|
|
45
|
+
* @example
|
|
46
|
+
* ```typescript
|
|
47
|
+
* // User needs at least one of these permissions
|
|
48
|
+
* @RequireAnyPermission(['orders:create', 'orders:manage'])
|
|
49
|
+
* async createOrder() { ... }
|
|
50
|
+
* ```
|
|
51
|
+
*/
|
|
52
|
+
function RequireAnyPermission(permissions, options) {
|
|
53
|
+
return RequirePermissions(permissions, { ...options, mode: 'any' });
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Alias for RequirePermissions with mode: 'all'
|
|
57
|
+
* This is the default behavior, but can be used for clarity
|
|
58
|
+
*
|
|
59
|
+
* @example
|
|
60
|
+
* ```typescript
|
|
61
|
+
* // User needs ALL of these permissions
|
|
62
|
+
* @RequireAllPermissions(['orders:read', 'orders:export'])
|
|
63
|
+
* async exportOrders() { ... }
|
|
64
|
+
* ```
|
|
65
|
+
*/
|
|
66
|
+
function RequireAllPermissions(permissions, options) {
|
|
67
|
+
return RequirePermissions(permissions, { ...options, mode: 'all' });
|
|
68
|
+
}
|
|
69
|
+
//# sourceMappingURL=require-permissions.decorator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"require-permissions.decorator.js","sourceRoot":"","sources":["../../src/decorators/require-permissions.decorator.ts"],"names":[],"mappings":";;AA+BA,gDAUC;AAYD,oDAKC;AAaD,sDAKC;AA5ED,yDAAyD;AACzD,2CAA6C;AAG7C,oCAAoD;AAEpD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,kBAAkB,CAChC,WAAuC,EACvC,OAAmC;IAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACjF,MAAM,QAAQ,GAAwB;QACpC,WAAW,EAAE,eAAe;QAC5B,OAAO,EAAE,OAAO,IAAI,EAAE;KACvB,CAAC;IACF,OAAO,IAAA,oBAAW,EAAC,gCAAwB,EAAE,QAAQ,CAAC,CAAC;AACzD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAClC,WAAqB,EACrB,OAAiD;IAEjD,OAAO,kBAAkB,CAAC,WAAW,EAAE,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtE,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,qBAAqB,CACnC,WAAqB,EACrB,OAAiD;IAEjD,OAAO,kBAAkB,CAAC,WAAW,EAAE,EAAE,GAAG,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACtE,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./permissions.guard"), exports);
|
|
18
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/guards/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAoC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import { CanActivate, ExecutionContext } from '@nestjs/common';
|
|
2
|
+
import { Reflector } from '@nestjs/core';
|
|
3
|
+
import { PermissionsGrpcClient } from '../client/permissions-grpc.client';
|
|
4
|
+
/**
|
|
5
|
+
* NestJS Guard that checks permissions via the Permissions gRPC Service
|
|
6
|
+
*
|
|
7
|
+
* This guard:
|
|
8
|
+
* 1. Extracts permission requirements from the @RequirePermissions decorator
|
|
9
|
+
* 2. Gets the user ID from the request (expects JWT auth to have run first)
|
|
10
|
+
* 3. Calls the permissions microservice via gRPC to verify access
|
|
11
|
+
* 4. Throws ForbiddenException if permission is denied
|
|
12
|
+
*
|
|
13
|
+
* @example
|
|
14
|
+
* ```typescript
|
|
15
|
+
* // Use globally
|
|
16
|
+
* @Module({
|
|
17
|
+
* providers: [
|
|
18
|
+
* {
|
|
19
|
+
* provide: APP_GUARD,
|
|
20
|
+
* useClass: PermissionsGuard,
|
|
21
|
+
* },
|
|
22
|
+
* ],
|
|
23
|
+
* })
|
|
24
|
+
* export class AppModule {}
|
|
25
|
+
*
|
|
26
|
+
* // Or use on specific controllers/routes
|
|
27
|
+
* @Controller('orders')
|
|
28
|
+
* @UseGuards(JwtAuthGuard, PermissionsGuard)
|
|
29
|
+
* export class OrdersController { ... }
|
|
30
|
+
* ```
|
|
31
|
+
*/
|
|
32
|
+
export declare class PermissionsGuard implements CanActivate {
|
|
33
|
+
private readonly reflector;
|
|
34
|
+
private readonly permissionsClient;
|
|
35
|
+
private readonly logger;
|
|
36
|
+
constructor(reflector: Reflector, permissionsClient: PermissionsGrpcClient);
|
|
37
|
+
canActivate(context: ExecutionContext): Promise<boolean>;
|
|
38
|
+
/**
|
|
39
|
+
* Get permission metadata from the handler or class
|
|
40
|
+
*/
|
|
41
|
+
private getPermissionsMetadata;
|
|
42
|
+
/**
|
|
43
|
+
* Evaluate permissions based on mode
|
|
44
|
+
*/
|
|
45
|
+
private evaluatePermissions;
|
|
46
|
+
/**
|
|
47
|
+
* Build request context from the HTTP request
|
|
48
|
+
*/
|
|
49
|
+
private buildRequestContext;
|
|
50
|
+
/**
|
|
51
|
+
* Build resource context from request params/query
|
|
52
|
+
*/
|
|
53
|
+
private buildResourceContext;
|
|
54
|
+
}
|
|
55
|
+
//# sourceMappingURL=permissions.guard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions.guard.d.ts","sourceRoot":"","sources":["../../src/guards/permissions.guard.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,gBAAgB,EAIjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AA0B1E;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBACa,gBAAiB,YAAW,WAAW;IAIhD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAJpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqC;gBAGzC,SAAS,EAAE,SAAS,EACpB,iBAAiB,EAAE,qBAAqB;IAGrD,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;IA2C9D;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;YACW,mBAAmB;IAuBjC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAU3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;CAO7B"}
|