npm - @amaster.ai/admin-sdk - Versions diffs - 0.1.0 - Mend

@amaster.ai/admin-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,730 @@
+'use strict';
+// src/error.ts
+var AdminSDKError = class extends Error {
+  constructor(message, statusCode, response) {
+    super(message);
+    this.statusCode = statusCode;
+    this.response = response;
+    this.name = "AdminSDKError";
+  }
+};
+// src/http.ts
+function createHttpClient(baseURL, commonHeaders) {
+  const normalizedBase = baseURL.replace(/\/$/, "");
+  return async function request(options) {
+    const { method, path, body, query } = options;
+    let url = normalizedBase + path;
+    if (query) {
+      const params = new URLSearchParams();
+      for (const [key, value] of Object.entries(query)) {
+        if (value !== void 0) {
+          params.set(key, String(value));
+        }
+      }
+      const qs = params.toString();
+      if (qs) url += "?" + qs;
+    }
+    const headers = {
+      "Content-Type": "application/json",
+      ...commonHeaders
+    };
+    const res = await fetch(url, {
+      method,
+      headers,
+      body: body !== void 0 ? JSON.stringify(body) : void 0
+    });
+    let json;
+    try {
+      json = await res.json();
+    } catch {
+      throw new AdminSDKError(
+        `Failed to parse response from ${method} ${path}`,
+        res.status
+      );
+    }
+    if (!res.ok) {
+      const err = json;
+      throw new AdminSDKError(
+        err?.message ?? `Request failed with status ${res.status}`,
+        res.status,
+        json
+      );
+    }
+    return json.data;
+  };
+}
+// src/modules/auth.ts
+function createAuthModule(request) {
+  return {
+    /**
+     * Check whether a user has a specific permission.
+     *
+     * Uses the Service Key to query on behalf of any user by UID —
+     * no user token required.
+     *
+     * @example
+     * ```typescript
+     * // Check if user can access the dashboard page
+     * const result = await admin.auth.checkPermission('u-123456', {
+     *   resource: 'page',
+     *   action: 'access',
+     *   resourceId: 'dashboard',
+     * });
+     * if (!result.allow) throw new Error('Forbidden');
+     * ```
+     */
+    async checkPermission(uid, params) {
+      return request({
+        method: "POST",
+        path: "/api/internal/acl/authorize",
+        body: { uid, ...params }
+      });
+    },
+    /**
+     * Get all ACL rules for a user.
+     *
+     * Returns the full set of permissions and roles. Useful when you need
+     * to perform multiple permission checks locally without making repeated
+     * network calls.
+     *
+     * @example
+     * ```typescript
+     * const rules = await admin.auth.getRules('u-123456');
+     *
+     * // Check roles
+     * if (rules.roles.includes('admin')) { ... }
+     *
+     * // Check multiple permissions locally
+     * const canRead = rules.permissions.some(
+     *   p => p.resource === 'order' && p.action === 'read'
+     * );
+     * ```
+     */
+    async getRules(uid) {
+      return request({
+        method: "GET",
+        path: "/api/internal/acl/rules",
+        query: { uid }
+      });
+    }
+  };
+}
+// src/modules/departments.ts
+function createDepartmentsModule(request) {
+  return {
+    /**
+     * List all departments (flat list).
+     *
+     * @example
+     * ```typescript
+     * const depts = await admin.departments.list();
+     * const techDept = depts.find(d => d.name === '技术部');
+     * ```
+     */
+    async list() {
+      return request({
+        method: "GET",
+        path: "/api/internal/org/departments"
+      });
+    },
+    /**
+     * Get a single department by ID.
+     *
+     * @example
+     * ```typescript
+     * const dept = await admin.departments.get(1);
+     * ```
+     */
+    async get(id) {
+      return request({
+        method: "GET",
+        path: `/api/internal/org/departments/${id}`
+      });
+    },
+    /**
+     * Create a new department.
+     *
+     * @example
+     * ```typescript
+     * const dept = await admin.departments.create({
+     *   name: '测试组',
+     *   parentId: 1,
+     * });
+     * ```
+     */
+    async create(params) {
+      return request({
+        method: "POST",
+        path: "/api/internal/org/departments",
+        body: params
+      });
+    },
+    /**
+     * Update a department.
+     *
+     * @example
+     * ```typescript
+     * await admin.departments.update(3, { name: '质量保证组' });
+     * ```
+     */
+    async update(id, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/org/departments/${id}`,
+        body: params
+      });
+    },
+    /**
+     * Delete a department.
+     * Note: departments with sub-departments or assigned users cannot be deleted directly.
+     *
+     * @example
+     * ```typescript
+     * await admin.departments.delete(3);
+     * ```
+     */
+    async delete(id) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/org/departments/${id}`
+      });
+    },
+    /**
+     * List members of a department.
+     *
+     * @param includeChildren - Whether to include members from sub-departments. Defaults to false.
+     *
+     * @example
+     * ```typescript
+     * const members = await admin.departments.listUsers(1);
+     * const allMembers = await admin.departments.listUsers(1, true);
+     * ```
+     */
+    async listUsers(id, includeChildren = false) {
+      return request({
+        method: "GET",
+        path: `/api/internal/org/departments/${id}/users`,
+        query: { include_children: includeChildren }
+      });
+    },
+    /**
+     * Add a user to a department.
+     *
+     * @example
+     * ```typescript
+     * await admin.departments.addUser(1, {
+     *   userId: 123,
+     *   isPrimary: true,
+     *   position: '高级工程师',
+     * });
+     * ```
+     */
+    async addUser(deptId, params) {
+      return request({
+        method: "POST",
+        path: `/api/internal/org/departments/${deptId}/users`,
+        body: params
+      });
+    },
+    /**
+     * Remove a user from a department.
+     *
+     * @example
+     * ```typescript
+     * await admin.departments.removeUser(1, 123);
+     * ```
+     */
+    async removeUser(deptId, userUid) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/org/departments/${deptId}/users/${userUid}`
+      });
+    }
+  };
+}
+// src/modules/permissions.ts
+function createPermissionsModule(request) {
+  return {
+    /**
+     * List all defined permissions.
+     *
+     * @example
+     * ```typescript
+     * const perms = await admin.permissions.list();
+     * const orderRead = perms.find(p => p.resource === 'order' && p.action === 'read');
+     * ```
+     */
+    async list() {
+      return request({
+        method: "GET",
+        path: "/api/internal/rbac/permissions"
+      });
+    },
+    /**
+     * Create a new permission definition.
+     *
+     * @example
+     * ```typescript
+     * const perm = await admin.permissions.create({
+     *   resource: 'order',
+     *   action: 'export',
+     *   name: '导出订单',
+     * });
+     * ```
+     */
+    async create(params) {
+      return request({
+        method: "POST",
+        path: "/api/internal/rbac/permissions",
+        body: params
+      });
+    },
+    /**
+     * Update a permission definition.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.update(10, { name: '导出报表' });
+     * ```
+     */
+    async update(id, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/rbac/permissions/${id}`,
+        body: params
+      });
+    },
+    /**
+     * Delete a permission definition.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.delete(10);
+     * ```
+     */
+    async delete(id) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/rbac/permissions/${id}`
+      });
+    },
+    /**
+     * List all permissions assigned to a role.
+     *
+     * @example
+     * ```typescript
+     * const perms = await admin.permissions.listForRole(roleId);
+     * ```
+     */
+    async listForRole(roleId) {
+      return request({
+        method: "GET",
+        path: `/api/internal/rbac/roles/${roleId}/permissions`
+      });
+    },
+    /**
+     * Assign a permission to a role with a data scope.
+     *
+     * @example
+     * ```typescript
+     * // Department-scoped permission
+     * await admin.permissions.assignToRole(roleId, {
+     *   permissionId: 10,
+     *   scopeType: 'department',
+     * });
+     *
+     * // Custom whitelist scope
+     * await admin.permissions.assignToRole(roleId, {
+     *   permissionId: 20,
+     *   scopeType: 'custom',
+     *   scopeFilter: JSON.stringify({ id: [1, 2, 3] }),
+     * });
+     * ```
+     */
+    async assignToRole(roleId, params) {
+      return request({
+        method: "POST",
+        path: `/api/internal/rbac/roles/${roleId}/permissions`,
+        body: params
+      });
+    },
+    /**
+     * Remove a permission from a role.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.removeFromRole(roleId, permId);
+     * ```
+     */
+    async removeFromRole(roleId, permId) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/rbac/roles/${roleId}/permissions/${permId}`
+      });
+    },
+    /**
+     * Update the data scope of a role–permission assignment.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.updateRolePermissionScope(roleId, permId, {
+     *   scopeType: 'all',
+     * });
+     * ```
+     */
+    async updateRolePermissionScope(roleId, permId, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/rbac/roles/${roleId}/permissions/${permId}`,
+        body: params
+      });
+    },
+    /**
+     * Assign a direct (user-level) permission exception to a user.
+     *
+     * This bypasses role-based assignment and gives the user a direct
+     * data-scope override for the specified permission.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.assignToUser('u-123456', {
+     *   permissionId: 10,
+     *   scopeType: 'department',
+     * });
+     * ```
+     */
+    async assignToUser(uid, params) {
+      return request({
+        method: "POST",
+        path: `/api/internal/rbac/users/${uid}/permissions`,
+        body: params
+      });
+    },
+    /**
+     * Remove a direct permission exception from a user.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.removeFromUser('u-123456', permId);
+     * ```
+     */
+    async removeFromUser(uid, permId) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/rbac/users/${uid}/permissions/${permId}`
+      });
+    },
+    /**
+     * List permission exceptions for a specific user.
+     *
+     * @example
+     * ```typescript
+     * const exceptions = await admin.permissions.listForUser('u-123456');
+     * ```
+     */
+    async listForUser(uid) {
+      return request({
+        method: "GET",
+        path: `/api/internal/rbac/users/${uid}/permissions`
+      });
+    },
+    /**
+     * Update the data scope of a user-level permission exception.
+     *
+     * @example
+     * ```typescript
+     * await admin.permissions.updateUserPermissionScope('u-123456', permId, {
+     *   scopeType: 'custom',
+     *   scopeFilter: JSON.stringify({ id: [10, 20] }),
+     * });
+     * ```
+     */
+    async updateUserPermissionScope(uid, permId, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/rbac/users/${uid}/permissions/${permId}`,
+        body: params
+      });
+    }
+  };
+}
+// src/modules/roles.ts
+function createRolesModule(request) {
+  return {
+    /**
+     * List all roles.
+     *
+     * @example
+     * ```typescript
+     * const roles = await admin.roles.list();
+     * const managerRole = roles.find(r => r.code === 'manager');
+     * ```
+     */
+    async list() {
+      return request({
+        method: "GET",
+        path: "/api/internal/rbac/roles"
+      });
+    },
+    /**
+     * Get a role by its numeric ID.
+     *
+     * @example
+     * ```typescript
+     * const role = await admin.roles.get(1);
+     * ```
+     */
+    async get(id) {
+      return request({
+        method: "GET",
+        path: `/api/internal/rbac/roles/${id}`
+      });
+    },
+    /**
+     * Create a new role.
+     *
+     * @example
+     * ```typescript
+     * const role = await admin.roles.create({
+     *   code: 'editor',
+     *   displayName: '编辑',
+     *   description: '负责内容编辑',
+     * });
+     * ```
+     */
+    async create(params) {
+      return request({
+        method: "POST",
+        path: "/api/internal/rbac/roles",
+        body: params
+      });
+    },
+    /**
+     * Update a role.
+     * Note: system roles (isSystem=true) cannot be modified.
+     *
+     * @example
+     * ```typescript
+     * await admin.roles.update(3, { displayName: '高级编辑' });
+     * ```
+     */
+    async update(id, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/rbac/roles/${id}`,
+        body: params
+      });
+    },
+    /**
+     * Delete a role.
+     * Note: system roles cannot be deleted.
+     *
+     * @example
+     * ```typescript
+     * await admin.roles.delete(3);
+     * ```
+     */
+    async delete(id) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/rbac/roles/${id}`
+      });
+    },
+    /**
+     * Assign a role to a user, department, team, or another role.
+     *
+     * @example
+     * ```typescript
+     * // Assign to a user
+     * await admin.roles.assign(roleId, { assigneeType: 'user', assigneeId: 123 });
+     *
+     * // Assign to an entire department
+     * await admin.roles.assign(roleId, { assigneeType: 'department', assigneeId: 5 });
+     * ```
+     */
+    async assign(roleId, params) {
+      return request({
+        method: "POST",
+        path: `/api/internal/rbac/roles/${roleId}/assign`,
+        body: params
+      });
+    },
+    /**
+     * Remove a role assignment.
+     *
+     * @example
+     * ```typescript
+     * await admin.roles.unassign(roleId, { assigneeType: 'user', assigneeId: 123 });
+     * ```
+     */
+    async unassign(roleId, params) {
+      return request({
+        method: "POST",
+        path: `/api/internal/rbac/roles/${roleId}/unassign`,
+        body: params
+      });
+    },
+    /**
+     * List all assignees (users, departments, etc.) for a role.
+     *
+     * @example
+     * ```typescript
+     * const assignees = await admin.roles.listAssignees(roleId);
+     * const users = assignees.filter(a => a.assigneeType === 'user');
+     * ```
+     */
+    async listAssignees(roleId) {
+      return request({
+        method: "GET",
+        path: `/api/internal/rbac/roles/${roleId}/assignees`
+      });
+    },
+    /**
+     * Get all roles assigned to a user (by UID).
+     *
+     * Useful in Edge Functions to check what roles a user currently holds
+     * without making a full ACL check.
+     *
+     * @example
+     * ```typescript
+     * const roles = await admin.roles.getUserRoles('u-123456');
+     * if (roles.some(r => r.code === 'admin')) { ... }
+     * ```
+     */
+    async getUserRoles(uid) {
+      return request({
+        method: "GET",
+        path: `/api/internal/rbac/users/${uid}/roles`
+      });
+    }
+  };
+}
+// src/modules/users.ts
+function createUsersModule(request) {
+  return {
+    /**
+     * List users with optional search and pagination.
+     *
+     * @example
+     * ```typescript
+     * const result = await admin.users.list({ query: 'zhang', pageSize: 50 });
+     * console.log(`Total: ${result.total}`);
+     * for (const user of result.list) {
+     *   console.log(user.email);
+     * }
+     * ```
+     */
+    async list(params = {}) {
+      return request({
+        method: "GET",
+        path: "/api/internal/users",
+        query: {
+          page: params.page,
+          pageSize: params.pageSize,
+          query: params.query
+        }
+      });
+    },
+    /**
+     * Get a single user by UID.
+     *
+     * @example
+     * ```typescript
+     * const user = await admin.users.get('u-123456');
+     * console.log(user.email);
+     * ```
+     */
+    async get(uid) {
+      return request({
+        method: "GET",
+        path: `/api/internal/users/${uid}`
+      });
+    },
+    /**
+     * Create a new user.
+     * At least one of username / email / phone must be provided.
+     *
+     * @example
+     * ```typescript
+     * const user = await admin.users.create({
+     *   email: 'user@example.com',
+     *   password: 'Secure@123',
+     *   displayName: '张三',
+     * });
+     * ```
+     */
+    async create(params) {
+      return request({
+        method: "POST",
+        path: "/api/internal/users",
+        body: params
+      });
+    },
+    /**
+     * Update an existing user.
+     *
+     * @example
+     * ```typescript
+     * // Reset password
+     * await admin.users.update('u-123456', { password: 'NewSecure@456' });
+     *
+     * // Grant super admin
+     * await admin.users.update('u-123456', { isSuperAdmin: true });
+     * ```
+     */
+    async update(uid, params) {
+      return request({
+        method: "PUT",
+        path: `/api/internal/users/${uid}`,
+        body: params
+      });
+    },
+    /**
+     * Delete a user.
+     *
+     * @example
+     * ```typescript
+     * await admin.users.delete('u-123456');
+     * ```
+     */
+    async delete(uid) {
+      return request({
+        method: "DELETE",
+        path: `/api/internal/users/${uid}`
+      });
+    }
+  };
+}
+// src/admin-sdk.ts
+var AdminSDK = class {
+  constructor(options) {
+    const { baseURL, appId, env = "dev", serviceKey } = options;
+    const headers = {
+      "x-tenant-id": appId,
+      "x-env": env
+    };
+    if (serviceKey) {
+      headers["X-Service-Key"] = serviceKey;
+      headers["X-Bypass-Auth"] = "true";
+    }
+    const request = createHttpClient(baseURL, headers);
+    this.auth = createAuthModule(request);
+    this.users = createUsersModule(request);
+    this.roles = createRolesModule(request);
+    this.permissions = createPermissionsModule(request);
+    this.departments = createDepartmentsModule(request);
+  }
+};
+exports.AdminSDK = AdminSDK;
+exports.AdminSDKError = AdminSDKError;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map