@byline/admin 0.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +373 -0
- package/README.md +19 -0
- package/dist/abilities.d.ts +22 -0
- package/dist/abilities.d.ts.map +1 -0
- package/dist/abilities.js +29 -0
- package/dist/abilities.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +30 -0
- package/dist/index.js.map +1 -0
- package/dist/lib/assert-admin-actor.d.ts +58 -0
- package/dist/lib/assert-admin-actor.d.ts.map +1 -0
- package/dist/lib/assert-admin-actor.js +82 -0
- package/dist/lib/assert-admin-actor.js.map +1 -0
- package/dist/modules/admin-account/commands.d.ts +30 -0
- package/dist/modules/admin-account/commands.d.ts.map +1 -0
- package/dist/modules/admin-account/commands.js +36 -0
- package/dist/modules/admin-account/commands.js.map +1 -0
- package/dist/modules/admin-account/errors.d.ts +52 -0
- package/dist/modules/admin-account/errors.d.ts.map +1 -0
- package/dist/modules/admin-account/errors.js +52 -0
- package/dist/modules/admin-account/errors.js.map +1 -0
- package/dist/modules/admin-account/index.d.ts +37 -0
- package/dist/modules/admin-account/index.d.ts.map +1 -0
- package/dist/modules/admin-account/index.js +35 -0
- package/dist/modules/admin-account/index.js.map +1 -0
- package/dist/modules/admin-account/schemas.d.ts +31 -0
- package/dist/modules/admin-account/schemas.d.ts.map +1 -0
- package/dist/modules/admin-account/schemas.js +69 -0
- package/dist/modules/admin-account/schemas.js.map +1 -0
- package/dist/modules/admin-account/service.d.ts +44 -0
- package/dist/modules/admin-account/service.d.ts.map +1 -0
- package/dist/modules/admin-account/service.js +76 -0
- package/dist/modules/admin-account/service.js.map +1 -0
- package/dist/modules/admin-permissions/abilities.d.ts +27 -0
- package/dist/modules/admin-permissions/abilities.d.ts.map +1 -0
- package/dist/modules/admin-permissions/abilities.js +40 -0
- package/dist/modules/admin-permissions/abilities.js.map +1 -0
- package/dist/modules/admin-permissions/commands.d.ts +30 -0
- package/dist/modules/admin-permissions/commands.d.ts.map +1 -0
- package/dist/modules/admin-permissions/commands.js +39 -0
- package/dist/modules/admin-permissions/commands.js.map +1 -0
- package/dist/modules/admin-permissions/dto.d.ts +18 -0
- package/dist/modules/admin-permissions/dto.d.ts.map +1 -0
- package/dist/modules/admin-permissions/dto.js +24 -0
- package/dist/modules/admin-permissions/dto.js.map +1 -0
- package/dist/modules/admin-permissions/errors.d.ts +34 -0
- package/dist/modules/admin-permissions/errors.d.ts.map +1 -0
- package/dist/modules/admin-permissions/errors.js +34 -0
- package/dist/modules/admin-permissions/errors.js.map +1 -0
- package/dist/modules/admin-permissions/index.d.ts +30 -0
- package/dist/modules/admin-permissions/index.d.ts.map +1 -0
- package/dist/modules/admin-permissions/index.js +27 -0
- package/dist/modules/admin-permissions/index.js.map +1 -0
- package/dist/modules/admin-permissions/repository.d.ts +48 -0
- package/dist/modules/admin-permissions/repository.d.ts.map +1 -0
- package/dist/modules/admin-permissions/repository.js +9 -0
- package/dist/modules/admin-permissions/repository.js.map +1 -0
- package/dist/modules/admin-permissions/schemas.d.ts +137 -0
- package/dist/modules/admin-permissions/schemas.d.ts.map +1 -0
- package/dist/modules/admin-permissions/schemas.js +99 -0
- package/dist/modules/admin-permissions/schemas.js.map +1 -0
- package/dist/modules/admin-permissions/service.d.ts +42 -0
- package/dist/modules/admin-permissions/service.d.ts.map +1 -0
- package/dist/modules/admin-permissions/service.js +114 -0
- package/dist/modules/admin-permissions/service.js.map +1 -0
- package/dist/modules/admin-roles/abilities.d.ts +33 -0
- package/dist/modules/admin-roles/abilities.d.ts.map +1 -0
- package/dist/modules/admin-roles/abilities.js +56 -0
- package/dist/modules/admin-roles/abilities.js.map +1 -0
- package/dist/modules/admin-roles/commands.d.ts +37 -0
- package/dist/modules/admin-roles/commands.d.ts.map +1 -0
- package/dist/modules/admin-roles/commands.js +70 -0
- package/dist/modules/admin-roles/commands.js.map +1 -0
- package/dist/modules/admin-roles/dto.d.ts +18 -0
- package/dist/modules/admin-roles/dto.d.ts.map +1 -0
- package/dist/modules/admin-roles/dto.js +27 -0
- package/dist/modules/admin-roles/dto.js.map +1 -0
- package/dist/modules/admin-roles/errors.d.ts +49 -0
- package/dist/modules/admin-roles/errors.d.ts.map +1 -0
- package/dist/modules/admin-roles/errors.js +49 -0
- package/dist/modules/admin-roles/errors.js.map +1 -0
- package/dist/modules/admin-roles/index.d.ts +30 -0
- package/dist/modules/admin-roles/index.d.ts.map +1 -0
- package/dist/modules/admin-roles/index.js +27 -0
- package/dist/modules/admin-roles/index.js.map +1 -0
- package/dist/modules/admin-roles/repository.d.ts +91 -0
- package/dist/modules/admin-roles/repository.d.ts.map +1 -0
- package/dist/modules/admin-roles/repository.js +9 -0
- package/dist/modules/admin-roles/repository.js.map +1 -0
- package/dist/modules/admin-roles/schemas.d.ts +99 -0
- package/dist/modules/admin-roles/schemas.d.ts.map +1 -0
- package/dist/modules/admin-roles/schemas.js +105 -0
- package/dist/modules/admin-roles/schemas.js.map +1 -0
- package/dist/modules/admin-roles/service.d.ts +49 -0
- package/dist/modules/admin-roles/service.d.ts.map +1 -0
- package/dist/modules/admin-roles/service.js +110 -0
- package/dist/modules/admin-roles/service.js.map +1 -0
- package/dist/modules/admin-users/abilities.d.ts +41 -0
- package/dist/modules/admin-users/abilities.d.ts.map +1 -0
- package/dist/modules/admin-users/abilities.js +70 -0
- package/dist/modules/admin-users/abilities.js.map +1 -0
- package/dist/modules/admin-users/commands.d.ts +45 -0
- package/dist/modules/admin-users/commands.d.ts.map +1 -0
- package/dist/modules/admin-users/commands.js +63 -0
- package/dist/modules/admin-users/commands.js.map +1 -0
- package/dist/modules/admin-users/dto.d.ts +20 -0
- package/dist/modules/admin-users/dto.d.ts.map +1 -0
- package/dist/modules/admin-users/dto.js +36 -0
- package/dist/modules/admin-users/dto.js.map +1 -0
- package/dist/modules/admin-users/errors.d.ts +53 -0
- package/dist/modules/admin-users/errors.d.ts.map +1 -0
- package/dist/modules/admin-users/errors.js +53 -0
- package/dist/modules/admin-users/errors.js.map +1 -0
- package/dist/modules/admin-users/index.d.ts +31 -0
- package/dist/modules/admin-users/index.d.ts.map +1 -0
- package/dist/modules/admin-users/index.js +28 -0
- package/dist/modules/admin-users/index.js.map +1 -0
- package/dist/modules/admin-users/repository.d.ts +147 -0
- package/dist/modules/admin-users/repository.d.ts.map +1 -0
- package/dist/modules/admin-users/repository.js +9 -0
- package/dist/modules/admin-users/repository.js.map +1 -0
- package/dist/modules/admin-users/schemas.d.ts +136 -0
- package/dist/modules/admin-users/schemas.d.ts.map +1 -0
- package/dist/modules/admin-users/schemas.js +137 -0
- package/dist/modules/admin-users/schemas.js.map +1 -0
- package/dist/modules/admin-users/seed-super-admin.d.ts +44 -0
- package/dist/modules/admin-users/seed-super-admin.d.ts.map +1 -0
- package/dist/modules/admin-users/seed-super-admin.js +70 -0
- package/dist/modules/admin-users/seed-super-admin.js.map +1 -0
- package/dist/modules/admin-users/service.d.ts +53 -0
- package/dist/modules/admin-users/service.d.ts.map +1 -0
- package/dist/modules/admin-users/service.js +143 -0
- package/dist/modules/admin-users/service.js.map +1 -0
- package/dist/modules/auth/index.d.ts +26 -0
- package/dist/modules/auth/index.d.ts.map +1 -0
- package/dist/modules/auth/index.js +25 -0
- package/dist/modules/auth/index.js.map +1 -0
- package/dist/modules/auth/jwt-session-provider.d.ts +47 -0
- package/dist/modules/auth/jwt-session-provider.d.ts.map +1 -0
- package/dist/modules/auth/jwt-session-provider.js +215 -0
- package/dist/modules/auth/jwt-session-provider.js.map +1 -0
- package/dist/modules/auth/password.d.ts +16 -0
- package/dist/modules/auth/password.d.ts.map +1 -0
- package/dist/modules/auth/password.js +48 -0
- package/dist/modules/auth/password.js.map +1 -0
- package/dist/modules/auth/refresh-tokens-repository.d.ts +71 -0
- package/dist/modules/auth/refresh-tokens-repository.d.ts.map +1 -0
- package/dist/modules/auth/refresh-tokens-repository.js +9 -0
- package/dist/modules/auth/refresh-tokens-repository.js.map +1 -0
- package/dist/modules/auth/resolve-actor.d.ts +25 -0
- package/dist/modules/auth/resolve-actor.d.ts.map +1 -0
- package/dist/modules/auth/resolve-actor.js +36 -0
- package/dist/modules/auth/resolve-actor.js.map +1 -0
- package/dist/store.d.ts +31 -0
- package/dist/store.d.ts.map +1 -0
- package/dist/store.js +9 -0
- package/dist/store.js.map +1 -0
- package/package.json +101 -0
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
import { toAbilityDescriptor } from './dto.js';
|
|
9
|
+
import { ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED, ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND, } from './errors.js';
|
|
10
|
+
/**
|
|
11
|
+
* Read-only inspector service for admin-permissions.
|
|
12
|
+
*
|
|
13
|
+
* Two responsibilities:
|
|
14
|
+
*
|
|
15
|
+
* 1. **Enumerate registered abilities.** Pure registry read — no DB
|
|
16
|
+
* access. The registry is populated at `initBylineCore()` time
|
|
17
|
+
* by collection auto-registration plus subsystem registrars
|
|
18
|
+
* (`registerAdminAbilities`).
|
|
19
|
+
* 2. **Resolve the who-has matrix.** For a given ability key, list
|
|
20
|
+
* the roles that grant it and the distinct admin users
|
|
21
|
+
* transitively holding it. Backed by two single-query joins on
|
|
22
|
+
* the permissions repository, then resolved against the roles
|
|
23
|
+
* and users repositories so the inspector can render names
|
|
24
|
+
* without further round-trips.
|
|
25
|
+
*
|
|
26
|
+
* The editor surface (`getRoleAbilities` / `setRoleAbilities`) is
|
|
27
|
+
* deliberately not on this service yet — it lands with Phase B and
|
|
28
|
+
* will live alongside these methods.
|
|
29
|
+
*/
|
|
30
|
+
export class AdminPermissionsService {
|
|
31
|
+
#store;
|
|
32
|
+
#abilities;
|
|
33
|
+
constructor(deps) {
|
|
34
|
+
this.#store = deps.store;
|
|
35
|
+
this.#abilities = deps.abilities;
|
|
36
|
+
}
|
|
37
|
+
listRegisteredAbilities() {
|
|
38
|
+
const flat = this.#abilities.list().map(toAbilityDescriptor);
|
|
39
|
+
// Re-bucket from the same shaped descriptors so flat and groups
|
|
40
|
+
// stay byte-identical apart from grouping. Iteration order matches
|
|
41
|
+
// registration order — the registry's `byGroup` already preserves
|
|
42
|
+
// insertion order.
|
|
43
|
+
const grouped = this.#abilities.byGroup();
|
|
44
|
+
const groups = Array.from(grouped.entries(), ([group, abilities]) => ({
|
|
45
|
+
group,
|
|
46
|
+
abilities: abilities.map(toAbilityDescriptor),
|
|
47
|
+
}));
|
|
48
|
+
return {
|
|
49
|
+
abilities: flat,
|
|
50
|
+
groups,
|
|
51
|
+
total: flat.length,
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
async getRoleAbilities(request) {
|
|
55
|
+
const role = await this.#store.adminRoles.getById(request.id);
|
|
56
|
+
if (!role)
|
|
57
|
+
throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
|
|
58
|
+
const abilities = await this.#store.adminPermissions.listAbilities(request.id);
|
|
59
|
+
return { roleId: request.id, abilities };
|
|
60
|
+
}
|
|
61
|
+
async setRoleAbilities(request) {
|
|
62
|
+
const role = await this.#store.adminRoles.getById(request.id);
|
|
63
|
+
if (!role)
|
|
64
|
+
throw ERR_ADMIN_PERMISSIONS_ROLE_NOT_FOUND();
|
|
65
|
+
// Reject any ability that is not in the registry — guards against
|
|
66
|
+
// typos, stale UI state, and a since-removed plugin's keys lingering
|
|
67
|
+
// in someone's draft. The registry was populated at init time so
|
|
68
|
+
// this is an in-memory check.
|
|
69
|
+
const unknown = request.abilities.filter((key) => !this.#abilities.has(key));
|
|
70
|
+
if (unknown.length > 0) {
|
|
71
|
+
throw ERR_ADMIN_PERMISSIONS_ABILITY_UNREGISTERED({
|
|
72
|
+
message: `Unregistered abilities: ${unknown.join(', ')}`,
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
// Wholesale-replace inside a transaction (handled by the repo).
|
|
76
|
+
await this.#store.adminPermissions.setAbilities(request.id, request.abilities);
|
|
77
|
+
// Return the freshly-stored set so the client can reset its dirty
|
|
78
|
+
// state without a second round-trip — also defends against drift if
|
|
79
|
+
// the repo dedupes or reorders.
|
|
80
|
+
const stored = await this.#store.adminPermissions.listAbilities(request.id);
|
|
81
|
+
return { roleId: request.id, abilities: stored };
|
|
82
|
+
}
|
|
83
|
+
async whoHasAbility(request) {
|
|
84
|
+
// Run the two inverse joins in parallel — they read the same table
|
|
85
|
+
// through different join paths but neither blocks the other.
|
|
86
|
+
const [roleIds, userIds] = await Promise.all([
|
|
87
|
+
this.#store.adminPermissions.listRolesForAbility(request.ability),
|
|
88
|
+
this.#store.adminPermissions.listUsersForAbility(request.ability),
|
|
89
|
+
]);
|
|
90
|
+
// Resolve role + user metadata in parallel batches. We accept the
|
|
91
|
+
// N round-trips here because admin role and user counts are small
|
|
92
|
+
// by design; if they grow we add `getByIds(ids[])` repo methods
|
|
93
|
+
// later.
|
|
94
|
+
const [roles, users] = await Promise.all([
|
|
95
|
+
Promise.all(roleIds.map((id) => this.#store.adminRoles.getById(id))),
|
|
96
|
+
Promise.all(userIds.map((id) => this.#store.adminUsers.getById(id))),
|
|
97
|
+
]);
|
|
98
|
+
return {
|
|
99
|
+
ability: request.ability,
|
|
100
|
+
roles: roles
|
|
101
|
+
.filter((r) => r != null)
|
|
102
|
+
.map((r) => ({ id: r.id, name: r.name, machine_name: r.machine_name })),
|
|
103
|
+
users: users
|
|
104
|
+
.filter((u) => u != null)
|
|
105
|
+
.map((u) => ({
|
|
106
|
+
id: u.id,
|
|
107
|
+
email: u.email,
|
|
108
|
+
given_name: u.given_name,
|
|
109
|
+
family_name: u.family_name,
|
|
110
|
+
})),
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
//# sourceMappingURL=service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"service.js","sourceRoot":"","sources":["../../../src/modules/admin-permissions/service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,EACL,0CAA0C,EAC1C,oCAAoC,GACrC,MAAM,aAAa,CAAA;AAYpB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,uBAAuB;IACzB,MAAM,CAAY;IAClB,UAAU,CAAiB;IAEpC,YAAY,IAAuD;QACjE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAA;QACxB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAA;IAClC,CAAC;IAED,uBAAuB;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAA;QAC5D,gEAAgE;QAChE,mEAAmE;QACnE,kEAAkE;QAClE,mBAAmB;QACnB,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAA;QACzC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC;YACpE,KAAK;YACL,SAAS,EAAE,SAAS,CAAC,GAAG,CAAC,mBAAmB,CAAC;SAC9C,CAAC,CAAC,CAAA;QACH,OAAO;YACL,SAAS,EAAE,IAAI;YACf,MAAM;YACN,KAAK,EAAE,IAAI,CAAC,MAAM;SACnB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAgC;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC7D,IAAI,CAAC,IAAI;YAAE,MAAM,oCAAoC,EAAE,CAAA;QACvD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC9E,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,CAAA;IAC1C,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAgC;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC7D,IAAI,CAAC,IAAI;YAAE,MAAM,oCAAoC,EAAE,CAAA;QAEvD,kEAAkE;QAClE,qEAAqE;QACrE,iEAAiE;QACjE,8BAA8B;QAC9B,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;QAC5E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,0CAA0C,CAAC;gBAC/C,OAAO,EAAE,2BAA2B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACzD,CAAC,CAAA;QACJ,CAAC;QAED,gEAAgE;QAChE,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,SAAS,CAAC,CAAA;QAC9E,kEAAkE;QAClE,oEAAoE;QACpE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;QAC3E,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAA6B;QAC/C,mEAAmE;QACnE,6DAA6D;QAC7D,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,OAAO,CAAC,OAAO,CAAC;YACjE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,mBAAmB,CAAC,OAAO,CAAC,OAAO,CAAC;SAClE,CAAC,CAAA;QAEF,kEAAkE;QAClE,kEAAkE;QAClE,gEAAgE;QAChE,SAAS;QACT,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;YACpE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;SACrE,CAAC,CAAA;QAEF,OAAO;YACL,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAA8B,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;iBACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;YACzE,KAAK,EAAE,KAAK;iBACT,MAAM,CAAC,CAAC,CAAC,EAA8B,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;iBACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACX,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,UAAU,EAAE,CAAC,CAAC,UAAU;gBACxB,WAAW,EAAE,CAAC,CAAC,WAAW;aAC3B,CAAC,CAAC;SACN,CAAA;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
import type { AbilityRegistry } from '@byline/auth';
|
|
9
|
+
/**
|
|
10
|
+
* Ability keys for the admin-roles module.
|
|
11
|
+
*
|
|
12
|
+
* Reorder is intentionally **rolled into `update`** — same trust level
|
|
13
|
+
* (mutating role identity), and splitting it would force a redundant
|
|
14
|
+
* `reorder` permission alongside `update` for every role-managing role.
|
|
15
|
+
*
|
|
16
|
+
* Per-role ability grants are managed by the sibling
|
|
17
|
+
* `@byline/admin/admin-permissions` module and have their own ability
|
|
18
|
+
* keys there.
|
|
19
|
+
*/
|
|
20
|
+
export declare const ADMIN_ROLES_ABILITIES: {
|
|
21
|
+
readonly read: "admin.roles.read";
|
|
22
|
+
readonly create: "admin.roles.create";
|
|
23
|
+
readonly update: "admin.roles.update";
|
|
24
|
+
readonly delete: "admin.roles.delete";
|
|
25
|
+
};
|
|
26
|
+
export type AdminRolesAbilityKey = (typeof ADMIN_ROLES_ABILITIES)[keyof typeof ADMIN_ROLES_ABILITIES];
|
|
27
|
+
/**
|
|
28
|
+
* Register every admin-roles ability with the framework's `AbilityRegistry`.
|
|
29
|
+
* Called from `registerAdminAbilities(registry)` at package level, which
|
|
30
|
+
* the webapp wires into `initBylineCore()`.
|
|
31
|
+
*/
|
|
32
|
+
export declare function registerAdminRolesAbilities(registry: AbilityRegistry): void;
|
|
33
|
+
//# sourceMappingURL=abilities.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"abilities.d.ts","sourceRoot":"","sources":["../../../src/modules/admin-roles/abilities.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAEnD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB;;;;;CAKxB,CAAA;AAEV,MAAM,MAAM,oBAAoB,GAC9B,CAAC,OAAO,qBAAqB,CAAC,CAAC,MAAM,OAAO,qBAAqB,CAAC,CAAA;AAEpE;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,eAAe,GAAG,IAAI,CAyB3E"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Ability keys for the admin-roles module.
|
|
10
|
+
*
|
|
11
|
+
* Reorder is intentionally **rolled into `update`** — same trust level
|
|
12
|
+
* (mutating role identity), and splitting it would force a redundant
|
|
13
|
+
* `reorder` permission alongside `update` for every role-managing role.
|
|
14
|
+
*
|
|
15
|
+
* Per-role ability grants are managed by the sibling
|
|
16
|
+
* `@byline/admin/admin-permissions` module and have their own ability
|
|
17
|
+
* keys there.
|
|
18
|
+
*/
|
|
19
|
+
export const ADMIN_ROLES_ABILITIES = {
|
|
20
|
+
read: 'admin.roles.read',
|
|
21
|
+
create: 'admin.roles.create',
|
|
22
|
+
update: 'admin.roles.update',
|
|
23
|
+
delete: 'admin.roles.delete',
|
|
24
|
+
};
|
|
25
|
+
/**
|
|
26
|
+
* Register every admin-roles ability with the framework's `AbilityRegistry`.
|
|
27
|
+
* Called from `registerAdminAbilities(registry)` at package level, which
|
|
28
|
+
* the webapp wires into `initBylineCore()`.
|
|
29
|
+
*/
|
|
30
|
+
export function registerAdminRolesAbilities(registry) {
|
|
31
|
+
registry.register({
|
|
32
|
+
key: ADMIN_ROLES_ABILITIES.read,
|
|
33
|
+
label: 'Read admin roles',
|
|
34
|
+
group: 'admin.roles',
|
|
35
|
+
source: 'admin',
|
|
36
|
+
});
|
|
37
|
+
registry.register({
|
|
38
|
+
key: ADMIN_ROLES_ABILITIES.create,
|
|
39
|
+
label: 'Create admin roles',
|
|
40
|
+
group: 'admin.roles',
|
|
41
|
+
source: 'admin',
|
|
42
|
+
});
|
|
43
|
+
registry.register({
|
|
44
|
+
key: ADMIN_ROLES_ABILITIES.update,
|
|
45
|
+
label: 'Update or reorder admin roles',
|
|
46
|
+
group: 'admin.roles',
|
|
47
|
+
source: 'admin',
|
|
48
|
+
});
|
|
49
|
+
registry.register({
|
|
50
|
+
key: ADMIN_ROLES_ABILITIES.delete,
|
|
51
|
+
label: 'Delete admin roles',
|
|
52
|
+
group: 'admin.roles',
|
|
53
|
+
source: 'admin',
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=abilities.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"abilities.js","sourceRoot":"","sources":["../../../src/modules/admin-roles/abilities.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,oBAAoB;CACpB,CAAA;AAKV;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAyB;IACnE,QAAQ,CAAC,QAAQ,CAAC;QAChB,GAAG,EAAE,qBAAqB,CAAC,IAAI;QAC/B,KAAK,EAAE,kBAAkB;QACzB,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;IACF,QAAQ,CAAC,QAAQ,CAAC;QAChB,GAAG,EAAE,qBAAqB,CAAC,MAAM;QACjC,KAAK,EAAE,oBAAoB;QAC3B,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;IACF,QAAQ,CAAC,QAAQ,CAAC;QAChB,GAAG,EAAE,qBAAqB,CAAC,MAAM;QACjC,KAAK,EAAE,+BAA+B;QACtC,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;IACF,QAAQ,CAAC,QAAQ,CAAC;QAChB,GAAG,EAAE,qBAAqB,CAAC,MAAM;QACjC,KAAK,EAAE,oBAAoB;QAC3B,KAAK,EAAE,aAAa;QACpB,MAAM,EAAE,OAAO;KAChB,CAAC,CAAA;AACJ,CAAC"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
import type { RequestContext } from '@byline/auth';
|
|
9
|
+
import type { AdminStore } from '../../store.js';
|
|
10
|
+
import type { AdminRoleListResponse, AdminRoleResponse, OkResponse, UserRolesResponse } from './schemas.js';
|
|
11
|
+
/**
|
|
12
|
+
* Transport-agnostic commands for the admin-roles module.
|
|
13
|
+
*
|
|
14
|
+
* Every command follows the same four steps as `admin-users`:
|
|
15
|
+
* 1. `schema.parse(input)` — Zod-validate.
|
|
16
|
+
* 2. `assertAdminActor(context, ability)` — require an `AdminAuth`
|
|
17
|
+
* actor holding the specific ability.
|
|
18
|
+
* 3. Call the `AdminRolesService` method with the validated input.
|
|
19
|
+
* 4. Parse the response through its output schema (catches
|
|
20
|
+
* schema/DTO drift in tests).
|
|
21
|
+
*
|
|
22
|
+
* Reorder uses the `update` ability — see `abilities.ts` for the
|
|
23
|
+
* rationale (same trust level as content updates; splitting it would
|
|
24
|
+
* force a redundant key on every role-managing role).
|
|
25
|
+
*/
|
|
26
|
+
export interface AdminRolesCommandDeps {
|
|
27
|
+
store: AdminStore;
|
|
28
|
+
}
|
|
29
|
+
export declare function listAdminRolesCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<AdminRoleListResponse>;
|
|
30
|
+
export declare function getAdminRoleCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<AdminRoleResponse>;
|
|
31
|
+
export declare function createAdminRoleCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<AdminRoleResponse>;
|
|
32
|
+
export declare function updateAdminRoleCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<AdminRoleResponse>;
|
|
33
|
+
export declare function deleteAdminRoleCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<OkResponse>;
|
|
34
|
+
export declare function reorderAdminRolesCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<OkResponse>;
|
|
35
|
+
export declare function getRolesForUserCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<UserRolesResponse>;
|
|
36
|
+
export declare function setRolesForUserCommand(context: RequestContext | undefined, input: unknown, deps: AdminRolesCommandDeps): Promise<UserRolesResponse>;
|
|
37
|
+
//# sourceMappingURL=commands.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"commands.d.ts","sourceRoot":"","sources":["../../../src/modules/admin-roles/commands.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAoBlD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAChD,OAAO,KAAK,EACV,qBAAqB,EACrB,iBAAiB,EACjB,UAAU,EACV,iBAAiB,EAClB,MAAM,cAAc,CAAA;AAErB;;;;;;;;;;;;;;GAcG;AAEH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,UAAU,CAAA;CAClB;AAMD,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,qBAAqB,CAAC,CAKhC;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAK5B;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAK5B;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAK5B;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,UAAU,CAAC,CAKrB;AAED,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,UAAU,CAAC,CAKrB;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAO5B;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,cAAc,GAAG,SAAS,EACnC,KAAK,EAAE,OAAO,EACd,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,iBAAiB,CAAC,CAS5B"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
import { assertAdminActor } from '../../lib/assert-admin-actor.js';
|
|
9
|
+
import { ADMIN_USERS_ABILITIES } from '../admin-users/abilities.js';
|
|
10
|
+
import { ADMIN_ROLES_ABILITIES } from './abilities.js';
|
|
11
|
+
import { adminRoleListResponseSchema, adminRoleResponseSchema, createAdminRoleRequestSchema, deleteAdminRoleRequestSchema, getAdminRoleRequestSchema, getRolesForUserRequestSchema, listAdminRolesRequestSchema, okResponseSchema, reorderAdminRolesRequestSchema, setRolesForUserRequestSchema, updateAdminRoleRequestSchema, userRolesResponseSchema, } from './schemas.js';
|
|
12
|
+
import { AdminRolesService } from './service.js';
|
|
13
|
+
function serviceOf(deps) {
|
|
14
|
+
return new AdminRolesService({ store: deps.store });
|
|
15
|
+
}
|
|
16
|
+
export async function listAdminRolesCommand(context, input, deps) {
|
|
17
|
+
listAdminRolesRequestSchema.parse(input ?? {});
|
|
18
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.read);
|
|
19
|
+
const result = await serviceOf(deps).listRoles();
|
|
20
|
+
return adminRoleListResponseSchema.parse(result);
|
|
21
|
+
}
|
|
22
|
+
export async function getAdminRoleCommand(context, input, deps) {
|
|
23
|
+
const parsed = getAdminRoleRequestSchema.parse(input);
|
|
24
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.read);
|
|
25
|
+
const result = await serviceOf(deps).getRole(parsed);
|
|
26
|
+
return adminRoleResponseSchema.parse(result);
|
|
27
|
+
}
|
|
28
|
+
export async function createAdminRoleCommand(context, input, deps) {
|
|
29
|
+
const parsed = createAdminRoleRequestSchema.parse(input);
|
|
30
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.create);
|
|
31
|
+
const result = await serviceOf(deps).createRole(parsed);
|
|
32
|
+
return adminRoleResponseSchema.parse(result);
|
|
33
|
+
}
|
|
34
|
+
export async function updateAdminRoleCommand(context, input, deps) {
|
|
35
|
+
const parsed = updateAdminRoleRequestSchema.parse(input);
|
|
36
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.update);
|
|
37
|
+
const result = await serviceOf(deps).updateRole(parsed);
|
|
38
|
+
return adminRoleResponseSchema.parse(result);
|
|
39
|
+
}
|
|
40
|
+
export async function deleteAdminRoleCommand(context, input, deps) {
|
|
41
|
+
const parsed = deleteAdminRoleRequestSchema.parse(input);
|
|
42
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.delete);
|
|
43
|
+
await serviceOf(deps).deleteRole(parsed);
|
|
44
|
+
return okResponseSchema.parse({ ok: true });
|
|
45
|
+
}
|
|
46
|
+
export async function reorderAdminRolesCommand(context, input, deps) {
|
|
47
|
+
const parsed = reorderAdminRolesRequestSchema.parse(input);
|
|
48
|
+
assertAdminActor(context, ADMIN_ROLES_ABILITIES.update);
|
|
49
|
+
await serviceOf(deps).reorderRoles(parsed);
|
|
50
|
+
return okResponseSchema.parse({ ok: true });
|
|
51
|
+
}
|
|
52
|
+
export async function getRolesForUserCommand(context, input, deps) {
|
|
53
|
+
const parsed = getRolesForUserRequestSchema.parse(input);
|
|
54
|
+
// Reading a user's role assignments requires read access to admin
|
|
55
|
+
// users — the data is fundamentally about that user.
|
|
56
|
+
assertAdminActor(context, ADMIN_USERS_ABILITIES.read);
|
|
57
|
+
const result = await serviceOf(deps).getRolesForUser(parsed);
|
|
58
|
+
return userRolesResponseSchema.parse(result);
|
|
59
|
+
}
|
|
60
|
+
export async function setRolesForUserCommand(context, input, deps) {
|
|
61
|
+
const parsed = setRolesForUserRequestSchema.parse(input);
|
|
62
|
+
// Editing a user's role-set is at the same trust level as updating
|
|
63
|
+
// their other admin fields. Roll into `admin.users.update` rather
|
|
64
|
+
// than minting a separate `admin.users.assignRoles` key — the role
|
|
65
|
+
// editor's checkbox tree would otherwise need both.
|
|
66
|
+
assertAdminActor(context, ADMIN_USERS_ABILITIES.update);
|
|
67
|
+
const result = await serviceOf(deps).setRolesForUser(parsed);
|
|
68
|
+
return userRolesResponseSchema.parse(result);
|
|
69
|
+
}
|
|
70
|
+
//# sourceMappingURL=commands.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"commands.js","sourceRoot":"","sources":["../../../src/modules/admin-roles/commands.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAA;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAA;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,EACL,2BAA2B,EAC3B,uBAAuB,EACvB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,2BAA2B,EAC3B,gBAAgB,EAChB,8BAA8B,EAC9B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AA6BhD,SAAS,SAAS,CAAC,IAA2B;IAC5C,OAAO,IAAI,iBAAiB,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAA;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,2BAA2B,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAA;IAC9C,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAA;IACrD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,CAAA;IAChD,OAAO,2BAA2B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,yBAAyB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACrD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAA;IACrD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;IACpD,OAAO,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACxD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACvD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACvD,OAAO,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACxD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACvD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACvD,OAAO,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACxD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACvD,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACxC,OAAO,gBAAgB,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,8BAA8B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC1D,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACvD,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;IAC1C,OAAO,gBAAgB,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACxD,kEAAkE;IAClE,qDAAqD;IACrD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAA;IACrD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;IAC5D,OAAO,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAmC,EACnC,KAAc,EACd,IAA2B;IAE3B,MAAM,MAAM,GAAG,4BAA4B,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACxD,mEAAmE;IACnE,kEAAkE;IAClE,mEAAmE;IACnE,oDAAoD;IACpD,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,CAAA;IACvD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAA;IAC5D,OAAO,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;AAC9C,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
import type { AdminRoleRow } from './repository.js';
|
|
9
|
+
import type { AdminRoleResponse } from './schemas.js';
|
|
10
|
+
/**
|
|
11
|
+
* Shape an `AdminRoleRow` into its public `AdminRoleResponse` form.
|
|
12
|
+
*
|
|
13
|
+
* Effectively an identity map today — the indirection exists so future
|
|
14
|
+
* row-only fields (tenant id, soft-delete) stay opted out of the public
|
|
15
|
+
* shape by default.
|
|
16
|
+
*/
|
|
17
|
+
export declare function toAdminRole(row: AdminRoleRow): AdminRoleResponse;
|
|
18
|
+
//# sourceMappingURL=dto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dto.d.ts","sourceRoot":"","sources":["../../../src/modules/admin-roles/dto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAErD;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,YAAY,GAAG,iBAAiB,CAWhE"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Shape an `AdminRoleRow` into its public `AdminRoleResponse` form.
|
|
10
|
+
*
|
|
11
|
+
* Effectively an identity map today — the indirection exists so future
|
|
12
|
+
* row-only fields (tenant id, soft-delete) stay opted out of the public
|
|
13
|
+
* shape by default.
|
|
14
|
+
*/
|
|
15
|
+
export function toAdminRole(row) {
|
|
16
|
+
return {
|
|
17
|
+
id: row.id,
|
|
18
|
+
vid: row.vid,
|
|
19
|
+
name: row.name,
|
|
20
|
+
machine_name: row.machine_name,
|
|
21
|
+
description: row.description,
|
|
22
|
+
order: row.order,
|
|
23
|
+
created_at: row.created_at,
|
|
24
|
+
updated_at: row.updated_at,
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
//# sourceMappingURL=dto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dto.js","sourceRoot":"","sources":["../../../src/modules/admin-roles/dto.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,GAAiB;IAC3C,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,YAAY,EAAE,GAAG,CAAC,YAAY;QAC9B,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Module-local error codes for admin-roles.
|
|
10
|
+
*
|
|
11
|
+
* Mirrors the `code + factory` shape used by `AdminUsersError`. Codes
|
|
12
|
+
* are dot-prefixed (`admin.roles.*`) so they sort alongside the matching
|
|
13
|
+
* ability keys in logs and admin UI messages.
|
|
14
|
+
*/
|
|
15
|
+
export declare const AdminRolesErrorCodes: {
|
|
16
|
+
readonly NOT_FOUND: "admin.roles.notFound";
|
|
17
|
+
readonly MACHINE_NAME_IN_USE: "admin.roles.machineNameInUse";
|
|
18
|
+
readonly VERSION_CONFLICT: "admin.roles.versionConflict";
|
|
19
|
+
readonly USER_NOT_FOUND: "admin.roles.userNotFound";
|
|
20
|
+
};
|
|
21
|
+
export type AdminRolesErrorCode = (typeof AdminRolesErrorCodes)[keyof typeof AdminRolesErrorCodes];
|
|
22
|
+
export interface AdminRolesErrorOptions {
|
|
23
|
+
message?: string;
|
|
24
|
+
cause?: unknown;
|
|
25
|
+
}
|
|
26
|
+
export declare class AdminRolesError extends Error {
|
|
27
|
+
readonly code: AdminRolesErrorCode;
|
|
28
|
+
constructor(code: AdminRolesErrorCode, options: {
|
|
29
|
+
message: string;
|
|
30
|
+
cause?: unknown;
|
|
31
|
+
});
|
|
32
|
+
}
|
|
33
|
+
/** The referenced admin role id does not exist. */
|
|
34
|
+
export declare const ERR_ADMIN_ROLE_NOT_FOUND: (options?: AdminRolesErrorOptions) => AdminRolesError;
|
|
35
|
+
/** Creating a role conflicts with an existing `machine_name`. */
|
|
36
|
+
export declare const ERR_ADMIN_ROLE_MACHINE_NAME_IN_USE: (options?: AdminRolesErrorOptions) => AdminRolesError;
|
|
37
|
+
/**
|
|
38
|
+
* The stored `vid` does not match the client-supplied `expectedVid` —
|
|
39
|
+
* the caller is holding a stale version of the row. Typical admin-UI
|
|
40
|
+
* response is to reload the edit form with the current values.
|
|
41
|
+
*/
|
|
42
|
+
export declare const ERR_ADMIN_ROLE_VERSION_CONFLICT: (options?: AdminRolesErrorOptions) => AdminRolesError;
|
|
43
|
+
/**
|
|
44
|
+
* The admin user targeted by a role-assignment operation does not exist.
|
|
45
|
+
* Module-local rather than reaching into `@byline/admin/admin-users`'
|
|
46
|
+
* error codes — keeps the modules decoupled.
|
|
47
|
+
*/
|
|
48
|
+
export declare const ERR_ADMIN_ROLE_USER_NOT_FOUND: (options?: AdminRolesErrorOptions) => AdminRolesError;
|
|
49
|
+
//# sourceMappingURL=errors.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/modules/admin-roles/errors.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AAEH,eAAO,MAAM,oBAAoB;;;;;CAKvB,CAAA;AAEV,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,OAAO,oBAAoB,CAAC,CAAA;AAElG,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,qBAAa,eAAgB,SAAQ,KAAK;IACxC,SAAgB,IAAI,EAAE,mBAAmB,CAAA;gBAE7B,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;CAKrF;AAUD,mDAAmD;AACnD,eAAO,MAAM,wBAAwB,aAPxB,sBAAsB,KAAG,eAO8D,CAAA;AAEpG,iEAAiE;AACjE,eAAO,MAAM,kCAAkC,aAVlC,sBAAsB,KAAG,eAarC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,aApB/B,sBAAsB,KAAG,eAuBrC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,aA9B7B,sBAAsB,KAAG,eAiCrC,CAAA"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* Module-local error codes for admin-roles.
|
|
10
|
+
*
|
|
11
|
+
* Mirrors the `code + factory` shape used by `AdminUsersError`. Codes
|
|
12
|
+
* are dot-prefixed (`admin.roles.*`) so they sort alongside the matching
|
|
13
|
+
* ability keys in logs and admin UI messages.
|
|
14
|
+
*/
|
|
15
|
+
export const AdminRolesErrorCodes = {
|
|
16
|
+
NOT_FOUND: 'admin.roles.notFound',
|
|
17
|
+
MACHINE_NAME_IN_USE: 'admin.roles.machineNameInUse',
|
|
18
|
+
VERSION_CONFLICT: 'admin.roles.versionConflict',
|
|
19
|
+
USER_NOT_FOUND: 'admin.roles.userNotFound',
|
|
20
|
+
};
|
|
21
|
+
export class AdminRolesError extends Error {
|
|
22
|
+
code;
|
|
23
|
+
constructor(code, options) {
|
|
24
|
+
super(options.message, options.cause != null ? { cause: options.cause } : undefined);
|
|
25
|
+
this.name = 'AdminRolesError';
|
|
26
|
+
this.code = code;
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
const make = (code, defaultMessage) => (options) => new AdminRolesError(code, {
|
|
30
|
+
message: options?.message ?? defaultMessage,
|
|
31
|
+
cause: options?.cause,
|
|
32
|
+
});
|
|
33
|
+
/** The referenced admin role id does not exist. */
|
|
34
|
+
export const ERR_ADMIN_ROLE_NOT_FOUND = make(AdminRolesErrorCodes.NOT_FOUND, 'admin role not found');
|
|
35
|
+
/** Creating a role conflicts with an existing `machine_name`. */
|
|
36
|
+
export const ERR_ADMIN_ROLE_MACHINE_NAME_IN_USE = make(AdminRolesErrorCodes.MACHINE_NAME_IN_USE, 'machine name already in use');
|
|
37
|
+
/**
|
|
38
|
+
* The stored `vid` does not match the client-supplied `expectedVid` —
|
|
39
|
+
* the caller is holding a stale version of the row. Typical admin-UI
|
|
40
|
+
* response is to reload the edit form with the current values.
|
|
41
|
+
*/
|
|
42
|
+
export const ERR_ADMIN_ROLE_VERSION_CONFLICT = make(AdminRolesErrorCodes.VERSION_CONFLICT, 'admin role has been modified elsewhere — please reload and try again');
|
|
43
|
+
/**
|
|
44
|
+
* The admin user targeted by a role-assignment operation does not exist.
|
|
45
|
+
* Module-local rather than reaching into `@byline/admin/admin-users`'
|
|
46
|
+
* error codes — keeps the modules decoupled.
|
|
47
|
+
*/
|
|
48
|
+
export const ERR_ADMIN_ROLE_USER_NOT_FOUND = make(AdminRolesErrorCodes.USER_NOT_FOUND, 'admin user not found');
|
|
49
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/modules/admin-roles/errors.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,SAAS,EAAE,sBAAsB;IACjC,mBAAmB,EAAE,8BAA8B;IACnD,gBAAgB,EAAE,6BAA6B;IAC/C,cAAc,EAAE,0BAA0B;CAClC,CAAA;AASV,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxB,IAAI,CAAqB;IAEzC,YAAY,IAAyB,EAAE,OAA6C;QAClF,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;QACpF,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAA;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;IAClB,CAAC;CACF;AAED,MAAM,IAAI,GACR,CAAC,IAAyB,EAAE,cAAsB,EAAE,EAAE,CACtD,CAAC,OAAgC,EAAmB,EAAE,CACpD,IAAI,eAAe,CAAC,IAAI,EAAE;IACxB,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,cAAc;IAC3C,KAAK,EAAE,OAAO,EAAE,KAAK;CACtB,CAAC,CAAA;AAEN,mDAAmD;AACnD,MAAM,CAAC,MAAM,wBAAwB,GAAG,IAAI,CAAC,oBAAoB,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAA;AAEpG,iEAAiE;AACjE,MAAM,CAAC,MAAM,kCAAkC,GAAG,IAAI,CACpD,oBAAoB,CAAC,mBAAmB,EACxC,6BAA6B,CAC9B,CAAA;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,IAAI,CACjD,oBAAoB,CAAC,gBAAgB,EACrC,sEAAsE,CACvE,CAAA;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,IAAI,CAC/C,oBAAoB,CAAC,cAAc,EACnC,sBAAsB,CACvB,CAAA"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* `@byline/admin/admin-roles` — role CRUD, reorder, and role ↔ user
|
|
10
|
+
* assignment.
|
|
11
|
+
*
|
|
12
|
+
* Exports the adapter-facing `AdminRolesRepository` contract, ability
|
|
13
|
+
* keys, transport-agnostic commands, the `AdminRolesService`, and the
|
|
14
|
+
* module's error types. Commands are the recommended entry point for
|
|
15
|
+
* any caller; the service is exposed for internal uses (other services,
|
|
16
|
+
* future seeds) that want to skip Zod/ability overhead.
|
|
17
|
+
*
|
|
18
|
+
* Per-role ability grants live on the sibling
|
|
19
|
+
* `@byline/admin/admin-permissions` module, not here.
|
|
20
|
+
*/
|
|
21
|
+
export { ADMIN_ROLES_ABILITIES, type AdminRolesAbilityKey, registerAdminRolesAbilities, } from './abilities.js';
|
|
22
|
+
export { createAdminRoleCommand, deleteAdminRoleCommand, getAdminRoleCommand, getRolesForUserCommand, listAdminRolesCommand, reorderAdminRolesCommand, setRolesForUserCommand, updateAdminRoleCommand, } from './commands.js';
|
|
23
|
+
export { toAdminRole } from './dto.js';
|
|
24
|
+
export { AdminRolesError, type AdminRolesErrorCode, AdminRolesErrorCodes, ERR_ADMIN_ROLE_MACHINE_NAME_IN_USE, ERR_ADMIN_ROLE_NOT_FOUND, ERR_ADMIN_ROLE_USER_NOT_FOUND, ERR_ADMIN_ROLE_VERSION_CONFLICT, } from './errors.js';
|
|
25
|
+
export { adminRoleListResponseSchema, adminRoleResponseSchema, createAdminRoleRequestSchema, deleteAdminRoleRequestSchema, getAdminRoleRequestSchema, getRolesForUserRequestSchema, listAdminRolesRequestSchema, reorderAdminRolesRequestSchema, setRolesForUserRequestSchema, updateAdminRoleRequestSchema, userRolesResponseSchema, } from './schemas.js';
|
|
26
|
+
export { AdminRolesService } from './service.js';
|
|
27
|
+
export type { AdminRolesCommandDeps } from './commands.js';
|
|
28
|
+
export type { AdminRoleRow, AdminRolesRepository, CreateAdminRoleInput, UpdateAdminRoleInput, } from './repository.js';
|
|
29
|
+
export type { AdminRoleListResponse, AdminRoleResponse, CreateAdminRoleRequest, DeleteAdminRoleRequest, GetAdminRoleRequest, GetRolesForUserRequest, ListAdminRolesRequest, ReorderAdminRolesRequest, SetRolesForUserRequest, UpdateAdminRoleRequest, UserRolesResponse, } from './schemas.js';
|
|
30
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/admin-roles/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,qBAAqB,EACrB,KAAK,oBAAoB,EACzB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAA;AACvB,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACtC,OAAO,EACL,eAAe,EACf,KAAK,mBAAmB,EACxB,oBAAoB,EACpB,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,GAChC,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,2BAA2B,EAC3B,uBAAuB,EACvB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,2BAA2B,EAC3B,8BAA8B,EAC9B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,YAAY,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAA;AAC1D,YAAY,EACV,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,iBAAiB,CAAA;AACxB,YAAY,EACV,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,cAAc,CAAA"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This Source Code is subject to the terms of the Mozilla Public
|
|
3
|
+
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
4
|
+
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
5
|
+
*
|
|
6
|
+
* Copyright (c) Infonomic Company Limited
|
|
7
|
+
*/
|
|
8
|
+
/**
|
|
9
|
+
* `@byline/admin/admin-roles` — role CRUD, reorder, and role ↔ user
|
|
10
|
+
* assignment.
|
|
11
|
+
*
|
|
12
|
+
* Exports the adapter-facing `AdminRolesRepository` contract, ability
|
|
13
|
+
* keys, transport-agnostic commands, the `AdminRolesService`, and the
|
|
14
|
+
* module's error types. Commands are the recommended entry point for
|
|
15
|
+
* any caller; the service is exposed for internal uses (other services,
|
|
16
|
+
* future seeds) that want to skip Zod/ability overhead.
|
|
17
|
+
*
|
|
18
|
+
* Per-role ability grants live on the sibling
|
|
19
|
+
* `@byline/admin/admin-permissions` module, not here.
|
|
20
|
+
*/
|
|
21
|
+
export { ADMIN_ROLES_ABILITIES, registerAdminRolesAbilities, } from './abilities.js';
|
|
22
|
+
export { createAdminRoleCommand, deleteAdminRoleCommand, getAdminRoleCommand, getRolesForUserCommand, listAdminRolesCommand, reorderAdminRolesCommand, setRolesForUserCommand, updateAdminRoleCommand, } from './commands.js';
|
|
23
|
+
export { toAdminRole } from './dto.js';
|
|
24
|
+
export { AdminRolesError, AdminRolesErrorCodes, ERR_ADMIN_ROLE_MACHINE_NAME_IN_USE, ERR_ADMIN_ROLE_NOT_FOUND, ERR_ADMIN_ROLE_USER_NOT_FOUND, ERR_ADMIN_ROLE_VERSION_CONFLICT, } from './errors.js';
|
|
25
|
+
export { adminRoleListResponseSchema, adminRoleResponseSchema, createAdminRoleRequestSchema, deleteAdminRoleRequestSchema, getAdminRoleRequestSchema, getRolesForUserRequestSchema, listAdminRolesRequestSchema, reorderAdminRolesRequestSchema, setRolesForUserRequestSchema, updateAdminRoleRequestSchema, userRolesResponseSchema, } from './schemas.js';
|
|
26
|
+
export { AdminRolesService } from './service.js';
|
|
27
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/admin-roles/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,qBAAqB,EAErB,2BAA2B,GAC5B,MAAM,gBAAgB,CAAA;AACvB,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,eAAe,CAAA;AACtB,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACtC,OAAO,EACL,eAAe,EAEf,oBAAoB,EACpB,kCAAkC,EAClC,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,GAChC,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,2BAA2B,EAC3B,uBAAuB,EACvB,4BAA4B,EAC5B,4BAA4B,EAC5B,yBAAyB,EACzB,4BAA4B,EAC5B,2BAA2B,EAC3B,8BAA8B,EAC9B,4BAA4B,EAC5B,4BAA4B,EAC5B,uBAAuB,GACxB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA"}
|