@carlonicora/nextjs-jsonapi 1.52.0 → 1.53.0

package/src/features/rbac/hooks/useRbacState.ts

@@ -0,0 +1,319 @@
+"use client";
+
+import { FeatureInterface } from "../../feature";
+import { ModuleInterface } from "../../module";
+import { RoleInterface } from "../../role";
+import { useCallback, useMemo, useReducer } from "react";
+import { ModulePathsInterface } from "../data/ModulePathsInterface";
+import { PermissionMappingInterface } from "../data/PermissionMappingInterface";
+import { ActionType, ACTION_TYPES, PermissionsMap, PermissionValue } from "../data/RbacTypes";
+
+// --- State shape ---
+
+interface OriginalData {
+  features: FeatureInterface[];
+  roles: RoleInterface[];
+  permissionMappings: PermissionMappingInterface[];
+  moduleRelationshipPaths: Map<string, string[]>;
+}
+
+interface RbacState {
+  original: OriginalData | null;
+  // Edited values: only store overrides from original
+  featureIsCore: Map<string, boolean>;
+  modulePermissions: Map<string, PermissionsMap>; // moduleId -> permissions overrides
+  rolePermissions: Map<string, PermissionsMap | null>; // "roleId:moduleId" -> permissions (null = cleared/inherit)
+}
+
+// --- Actions ---
+
+type RbacAction =
+  | { type: "INIT"; payload: OriginalData }
+  | { type: "SET_FEATURE_IS_CORE"; featureId: string; isCore: boolean }
+  | { type: "SET_MODULE_DEFAULT_PERMISSION"; moduleId: string; actionType: ActionType; value: PermissionValue }
+  | { type: "SET_ROLE_PERMISSION"; roleId: string; moduleId: string; actionType: ActionType; value: PermissionValue }
+  | { type: "CLEAR_ROLE_PERMISSION"; roleId: string; moduleId: string; actionType: ActionType }
+  | { type: "CLEAR_ALL_ROLE_PERMISSIONS"; roleId: string; moduleId: string }
+  | { type: "RESET" };
+
+function createInitialState(): RbacState {
+  return {
+    original: null,
+    featureIsCore: new Map(),
+    modulePermissions: new Map(),
+    rolePermissions: new Map(),
+  };
+}
+
+function findModule(features: FeatureInterface[], moduleId: string): ModuleInterface | undefined {
+  for (const feature of features) {
+    for (const mod of feature.modules) {
+      if (mod.id === moduleId) return mod;
+    }
+  }
+  return undefined;
+}
+
+function findPermissionMapping(
+  mappings: PermissionMappingInterface[],
+  roleId: string,
+  moduleId: string,
+): PermissionMappingInterface | undefined {
+  return mappings.find((pm) => pm.roleId === roleId && pm.moduleId === moduleId);
+}
+
+function rbacReducer(state: RbacState, action: RbacAction): RbacState {
+  switch (action.type) {
+    case "INIT": {
+      return {
+        ...createInitialState(),
+        original: action.payload,
+      };
+    }
+
+    case "SET_FEATURE_IS_CORE": {
+      const newMap = new Map(state.featureIsCore);
+      const originalFeature = state.original?.features.find((f) => f.id === action.featureId);
+      if (originalFeature && originalFeature.isCore === action.isCore) {
+        newMap.delete(action.featureId);
+      } else {
+        newMap.set(action.featureId, action.isCore);
+      }
+      return { ...state, featureIsCore: newMap };
+    }
+
+    case "SET_MODULE_DEFAULT_PERMISSION": {
+      const newMap = new Map(state.modulePermissions);
+      const originalModule = state.original ? findModule(state.original.features, action.moduleId) : undefined;
+      const current = newMap.get(action.moduleId) ?? { ...originalModule?.permissions };
+      const updated = { ...current, [action.actionType]: action.value };
+      newMap.set(action.moduleId, updated);
+      return { ...state, modulePermissions: newMap };
+    }
+
+    case "SET_ROLE_PERMISSION": {
+      const key = `${action.roleId}:${action.moduleId}`;
+      const newMap = new Map(state.rolePermissions);
+      const existing = newMap.get(key);
+
+      if (existing === null) {
+        // Was cleared, start fresh
+        newMap.set(key, { [action.actionType]: action.value });
+      } else {
+        const originalMapping = state.original
+          ? findPermissionMapping(state.original.permissionMappings, action.roleId, action.moduleId)
+          : undefined;
+        const current = existing ?? (originalMapping ? { ...originalMapping.permissions } : {});
+        newMap.set(key, { ...current, [action.actionType]: action.value });
+      }
+      return { ...state, rolePermissions: newMap };
+    }
+
+    case "CLEAR_ROLE_PERMISSION": {
+      const key = `${action.roleId}:${action.moduleId}`;
+      const newMap = new Map(state.rolePermissions);
+      const existing = newMap.get(key);
+      if (existing === null) return state;
+
+      const originalMapping = state.original
+        ? findPermissionMapping(state.original.permissionMappings, action.roleId, action.moduleId)
+        : undefined;
+      const current = existing ?? (originalMapping ? { ...originalMapping.permissions } : {});
+      const updated = { ...current };
+      delete updated[action.actionType];
+
+      // If all actions cleared, set to null (inherit all)
+      const hasAnyPermission = ACTION_TYPES.some((at) => updated[at] !== undefined);
+      newMap.set(key, hasAnyPermission ? updated : null);
+      return { ...state, rolePermissions: newMap };
+    }
+
+    case "CLEAR_ALL_ROLE_PERMISSIONS": {
+      const key = `${action.roleId}:${action.moduleId}`;
+      const newMap = new Map(state.rolePermissions);
+      newMap.set(key, null);
+      return { ...state, rolePermissions: newMap };
+    }
+
+    case "RESET":
+      return {
+        ...createInitialState(),
+        original: state.original,
+      };
+
+    default:
+      return state;
+  }
+}
+
+// --- Hook ---
+
+export function useRbacState() {
+  const [state, dispatch] = useReducer(rbacReducer, undefined, createInitialState);
+
+  const init = useCallback(
+    (
+      features: FeatureInterface[],
+      roles: RoleInterface[],
+      permissionMappings: PermissionMappingInterface[],
+      modulePaths: ModulePathsInterface[],
+    ) => {
+      const moduleRelationshipPaths = new Map<string, string[]>();
+      for (const mp of modulePaths) {
+        moduleRelationshipPaths.set(mp.moduleId, mp.paths);
+      }
+      dispatch({ type: "INIT", payload: { features, roles, permissionMappings, moduleRelationshipPaths } });
+    },
+    [],
+  );
+
+  const setFeatureIsCore = useCallback((featureId: string, isCore: boolean) => {
+    dispatch({ type: "SET_FEATURE_IS_CORE", featureId, isCore });
+  }, []);
+
+  const setModuleDefaultPermission = useCallback((moduleId: string, actionType: ActionType, value: PermissionValue) => {
+    dispatch({ type: "SET_MODULE_DEFAULT_PERMISSION", moduleId, actionType, value });
+  }, []);
+
+  const setRolePermission = useCallback(
+    (roleId: string, moduleId: string, actionType: ActionType, value: PermissionValue) => {
+      dispatch({ type: "SET_ROLE_PERMISSION", roleId, moduleId, actionType, value });
+    },
+    [],
+  );
+
+  const clearRolePermission = useCallback((roleId: string, moduleId: string, actionType: ActionType) => {
+    dispatch({ type: "CLEAR_ROLE_PERMISSION", roleId, moduleId, actionType });
+  }, []);
+
+  const clearAllRolePermissions = useCallback((roleId: string, moduleId: string) => {
+    dispatch({ type: "CLEAR_ALL_ROLE_PERMISSIONS", roleId, moduleId });
+  }, []);
+
+  const resetModulePermissions = useCallback((moduleId: string, roles: { id: string }[]) => {
+    // Set all default permissions to true
+    for (const actionType of ACTION_TYPES) {
+      dispatch({ type: "SET_MODULE_DEFAULT_PERMISSION", moduleId, actionType, value: true });
+    }
+    // Clear all role permissions for this module (set to inherit / "-")
+    for (const role of roles) {
+      dispatch({ type: "CLEAR_ALL_ROLE_PERMISSIONS", roleId: role.id, moduleId });
+    }
+  }, []);
+
+  const reset = useCallback(() => {
+    dispatch({ type: "RESET" });
+  }, []);
+
+  // --- Getters ---
+
+  const getFeatureIsCore = useCallback(
+    (featureId: string): boolean => {
+      if (state.featureIsCore.has(featureId)) return state.featureIsCore.get(featureId)!;
+      const feature = state.original?.features.find((f) => f.id === featureId);
+      return feature?.isCore ?? false;
+    },
+    [state.featureIsCore, state.original],
+  );
+
+  const getModuleDefaultPermission = useCallback(
+    (moduleId: string, actionType: ActionType): PermissionValue | undefined => {
+      const edited = state.modulePermissions.get(moduleId);
+      if (edited && edited[actionType] !== undefined) return edited[actionType];
+      if (!state.original) return undefined;
+      const mod = findModule(state.original.features, moduleId);
+      return mod?.permissions[actionType];
+    },
+    [state.modulePermissions, state.original],
+  );
+
+  const getRolePermission = useCallback(
+    (roleId: string, moduleId: string, actionType: ActionType): PermissionValue | undefined | null => {
+      const key = `${roleId}:${moduleId}`;
+      if (state.rolePermissions.has(key)) {
+        const perms = state.rolePermissions.get(key);
+        if (perms === null || perms === undefined) return null; // explicitly cleared = inherit
+        return perms[actionType] ?? null; // has role mapping but no entry for this action = inherit
+      }
+      // Fall back to original
+      if (!state.original) return undefined;
+      const mapping = findPermissionMapping(state.original.permissionMappings, roleId, moduleId);
+      if (!mapping) return undefined; // no mapping exists
+      return mapping.permissions[actionType] ?? null;
+    },
+    [state.rolePermissions, state.original],
+  );
+
+  const isDirty = useMemo(() => {
+    return state.featureIsCore.size > 0 || state.modulePermissions.size > 0 || state.rolePermissions.size > 0;
+  }, [state.featureIsCore, state.modulePermissions, state.rolePermissions]);
+
+  // Build the full effective configuration for migration generation
+  const getEffectiveConfiguration = useCallback(() => {
+    if (!state.original) return null;
+
+    const features = state.original.features.map((f) => ({
+      id: f.id,
+      name: f.name,
+      isCore: state.featureIsCore.has(f.id) ? state.featureIsCore.get(f.id)! : f.isCore,
+      modules: f.modules.map((m) => {
+        const editedPerms = state.modulePermissions.get(m.id);
+        return {
+          id: m.id,
+          name: m.name,
+          permissions: editedPerms ?? m.permissions,
+        };
+      }),
+    }));
+
+    // Build role permissions map
+    const rolePermissionsMap = new Map<string, PermissionsMap>();
+
+    // Start with originals
+    for (const pm of state.original.permissionMappings) {
+      rolePermissionsMap.set(`${pm.roleId}:${pm.moduleId}`, { ...pm.permissions });
+    }
+
+    // Apply edits
+    for (const [key, perms] of state.rolePermissions) {
+      if (perms === null) {
+        rolePermissionsMap.delete(key);
+      } else {
+        rolePermissionsMap.set(key, perms);
+      }
+    }
+
+    return {
+      features,
+      roles: state.original.roles,
+      rolePermissionsMap,
+    };
+  }, [state]);
+
+  const getModuleRelationshipPaths = useCallback(
+    (moduleId: string): string[] => {
+      return state.original?.moduleRelationshipPaths.get(moduleId) ?? [];
+    },
+    [state.original],
+  );
+
+  return {
+    original: state.original,
+    isDirty,
+    init,
+    setFeatureIsCore,
+    setModuleDefaultPermission,
+    setRolePermission,
+    clearRolePermission,
+    clearAllRolePermissions,
+    resetModulePermissions,
+    reset,
+    getFeatureIsCore,
+    getModuleDefaultPermission,
+    getRolePermission,
+    getEffectiveConfiguration,
+    getModuleRelationshipPaths,
+  };
+}
+
+export type RbacStateApi = ReturnType<typeof useRbacState>;

package/src/features/rbac/index.ts

@@ -0,0 +1,19 @@
+// Data layer
+export * from "./data";
+
+// Hooks
+export { useRbacState } from "./hooks/useRbacState";
+
+// Utils
+export { generateMigrationFile, downloadMigrationFile } from "./utils/RbacMigrationGenerator";
+
+// Components
+export { RbacContainer } from "./components/RbacContainer";
+export { RbacToolbar } from "./components/RbacToolbar";
+export { RbacFeatureSection } from "./components/RbacFeatureSection";
+export { RbacModuleTable } from "./components/RbacModuleTable";
+export { RbacPermissionCell } from "./components/RbacPermissionCell";
+export { RbacPermissionPicker } from "./components/RbacPermissionPicker";
+
+// Module registrations
+export { PermissionMappingModule, ModulePathsModule } from "./rbac.module";

package/src/features/rbac/rbac.module.ts

@@ -0,0 +1,19 @@
+import { ModuleFactory } from "../../permissions";
+import { PermissionMapping } from "./data/PermissionMapping";
+import { ModulePaths } from "./data/ModulePaths";
+
+export const PermissionMappingModule = (factory: ModuleFactory) =>
+  factory({
+    pageUrl: "/rbac/permission-mappings",
+    name: "rbac/permission-mappings",
+    model: PermissionMapping,
+    moduleId: "f3aef019-c75f-4ca8-a9b5-a7495d901fc8",
+  });
+
+export const ModulePathsModule = (factory: ModuleFactory) =>
+  factory({
+    pageUrl: "/rbac/module-paths",
+    name: "rbac/module-paths",
+    model: ModulePaths,
+    moduleId: "f4fb3f01-a947-4c2e-89c8-354a518cdb13",
+  });

package/src/features/rbac/utils/RbacMigrationGenerator.test.ts

@@ -0,0 +1,124 @@
+import { describe, it, expect, vi } from "vitest";
+import { generateMigrationFile, downloadMigrationFile } from "./RbacMigrationGenerator";
+import { RoleInterface } from "../../role";
+import { PermissionsMap } from "../data/RbacTypes";
+
+const mockFeatures = [
+  {
+    id: "feat-1",
+    name: "CRM",
+    isCore: false,
+    modules: [
+      {
+        id: "mod-1",
+        name: "pipelines",
+        permissions: { create: true, read: true, update: true, delete: false } as PermissionsMap,
+      },
+    ],
+  },
+];
+
+const mockRoles: RoleInterface[] = [
+  {
+    id: "role-1",
+    type: "roles",
+    included: [],
+    createdAt: new Date(),
+    updatedAt: new Date(),
+    name: "Manager",
+    description: "",
+    isSelectable: true,
+    requiredFeature: undefined,
+  } as unknown as RoleInterface,
+];
+
+const mockRolePermissionsMap = new Map<string, PermissionsMap>();
+mockRolePermissionsMap.set("role-1:mod-1", { create: true, read: true, update: true, delete: true });
+
+describe("RbacMigrationGenerator", () => {
+  describe("Scenario: Generate valid migration file content", () => {
+    it("should produce a valid TypeScript file with MigrationInterface structure", () => {
+      const content = generateMigrationFile({
+        features: mockFeatures,
+        roles: mockRoles,
+        rolePermissionsMap: mockRolePermissionsMap,
+      });
+
+      expect(content).toContain("MigrationInterface");
+      expect(content).toContain("moduleQuery");
+      expect(content).toContain("pipelines");
+      expect(content).toContain("permissionQuery");
+    });
+
+    it("should include default permissions for each module", () => {
+      const content = generateMigrationFile({
+        features: mockFeatures,
+        roles: mockRoles,
+        rolePermissionsMap: mockRolePermissionsMap,
+      });
+
+      expect(content).toContain("Action.Create");
+      expect(content).toContain("Action.Read");
+      expect(content).toContain("Action.Update");
+      expect(content).toContain("Action.Delete");
+    });
+  });
+
+  describe("Scenario: CompanyAdministrator always gets all-true permissions", () => {
+    it("should include CompanyAdministrator role with all true permissions", () => {
+      const content = generateMigrationFile({
+        features: mockFeatures,
+        roles: mockRoles,
+        rolePermissionsMap: mockRolePermissionsMap,
+      });
+
+      expect(content).toContain("2e1eee00-6cba-4506-9059-ccd24e4ea5b0");
+    });
+  });
+
+  describe("Scenario: Migration file contains role-specific overrides", () => {
+    it("should include role permission overrides in generated queries", () => {
+      const content = generateMigrationFile({
+        features: mockFeatures,
+        roles: mockRoles,
+        rolePermissionsMap: mockRolePermissionsMap,
+      });
+
+      expect(content).toContain("Manager");
+      expect(content).toContain("permissionQuery");
+    });
+  });
+
+  describe("Scenario: Download triggers browser download", () => {
+    it("should create a blob and trigger download", () => {
+      const mockAnchor = {
+        href: "",
+        download: "",
+        click: vi.fn(),
+        style: {},
+      };
+      const mockCreateElement = vi.fn().mockReturnValue(mockAnchor);
+      const mockCreateObjectURL = vi.fn().mockReturnValue("blob:url");
+      const mockRevokeObjectURL = vi.fn();
+      const mockAppendChild = vi.fn();
+      const mockRemoveChild = vi.fn();
+
+      vi.stubGlobal("document", {
+        createElement: mockCreateElement,
+        body: { appendChild: mockAppendChild, removeChild: mockRemoveChild },
+      });
+      vi.stubGlobal("URL", {
+        createObjectURL: mockCreateObjectURL,
+        revokeObjectURL: mockRevokeObjectURL,
+      });
+      vi.stubGlobal("Blob", vi.fn());
+
+      downloadMigrationFile("test content");
+
+      expect(mockCreateElement).toHaveBeenCalledWith("a");
+      expect(mockAnchor.click).toHaveBeenCalled();
+
+      vi.unstubAllGlobals();
+    });
+  });
+});

package/src/features/rbac/utils/RbacMigrationGenerator.ts

@@ -0,0 +1,184 @@
+import { RoleInterface } from "../../role";
+import { ActionType, ACTION_TYPES, COMPANY_ADMINISTRATOR_ROLE_ID, PermissionsMap } from "../data/RbacTypes";
+
+const ACTION_ENUM_MAP: Record<ActionType, string> = {
+  read: "Action.Read",
+  create: "Action.Create",
+  update: "Action.Update",
+  delete: "Action.Delete",
+};
+
+function formatPermissionValue(value: boolean | string): string {
+  if (value === true) return "true";
+  if (value === false) return "false";
+  return `"${value}"`;
+}
+
+function formatPermissionsFromMap(perms: PermissionsMap): string {
+  const entries: string[] = [];
+  for (const actionType of ACTION_TYPES) {
+    const value = perms[actionType];
+    if (value !== undefined) {
+      entries.push(`{ type: ${ACTION_ENUM_MAP[actionType]}, value: ${formatPermissionValue(value)} }`);
+    }
+  }
+
+  if (entries.length === 0) return "[]";
+  if (entries.length === 1) return `[${entries[0]}]`;
+  return `[\n        ${entries.join(",\n        ")},\n      ]`;
+}
+
+interface EffectiveFeature {
+  id: string;
+  name: string;
+  isCore: boolean;
+  modules: Array<{
+    id: string;
+    name: string;
+    permissions: PermissionsMap;
+  }>;
+}
+
+export function generateMigrationFile(params: {
+  features: EffectiveFeature[];
+  roles: RoleInterface[];
+  rolePermissionsMap: Map<string, PermissionsMap>;
+}): string {
+  const { features, roles, rolePermissionsMap } = params;
+  const lines: string[] = [];
+
+  // Header
+  lines.push(`/**`);
+  lines.push(` * RBAC Migration - Generated on ${new Date().toISOString().split("T")[0]}`);
+  lines.push(` * Contains features, modules, roles, and permission mappings.`);
+  lines.push(` */`);
+  lines.push(``);
+  lines.push(`import { Action } from "src/common/enums/action";`);
+  lines.push(`import { MigrationInterface } from "src/core/migrator/interfaces/migration.interface";`);
+  lines.push(
+    `import { featureQuery, moduleQuery, roleQuery, permissionQuery } from "src/neo4j.migrations/queries/migration.queries";`,
+  );
+  lines.push(``);
+  lines.push(`export const migration: MigrationInterface[] = [`);
+
+  // Features
+  lines.push(`  /* ************************************ */`);
+  lines.push(`  /* FEATURES                             */`);
+  lines.push(`  /* ************************************ */`);
+  for (const feature of features) {
+    lines.push(`  {`);
+    lines.push(`    query: featureQuery,`);
+    lines.push(`    queryParams: {`);
+    lines.push(`      featureId: "${feature.id}",`);
+    lines.push(`      featureName: "${feature.name}",`);
+    lines.push(`      isCore: ${feature.isCore},`);
+    lines.push(`    },`);
+    lines.push(`  },`);
+  }
+
+  // Modules grouped by feature
+  for (const feature of features) {
+    if (feature.modules.length === 0) continue;
+
+    lines.push(`  /* ************************************ */`);
+    lines.push(`  /* ${feature.name.toUpperCase().padEnd(37)} */`);
+    lines.push(`  /* ************************************ */`);
+
+    for (const mod of feature.modules) {
+      lines.push(`  {`);
+      lines.push(`    query: moduleQuery,`);
+      lines.push(`    queryParams: {`);
+      lines.push(`      moduleName: "${mod.name}",`);
+      lines.push(`      moduleId: "${mod.id}",`);
+      lines.push(`      featureId: "${feature.id}",`);
+      lines.push(`      permissions: JSON.stringify(${formatPermissionsFromMap(mod.permissions)}),`);
+      lines.push(`    },`);
+      lines.push(`  },`);
+    }
+  }
+
+  // Roles
+  lines.push(`  /* ************************************ */`);
+  lines.push(`  /* ROLES                                */`);
+  lines.push(`  /* ************************************ */`);
+  for (const role of roles) {
+    lines.push(`  {`);
+    lines.push(`    query: roleQuery,`);
+    lines.push(`    queryParams: {`);
+    lines.push(`      roleId: "${role.id}",`);
+    lines.push(`      roleName: "${role.name}",`);
+    lines.push(`      isSelectable: ${role.isSelectable},`);
+    lines.push(`    },`);
+    lines.push(`  },`);
+  }
+
+  // Permission mappings
+  lines.push(`  /* ************************************ */`);
+  lines.push(`  /* PERMISSIONS                          */`);
+  lines.push(`  /* ************************************ */`);
+
+  // Collect all module IDs for CompanyAdministrator (always all-true)
+  const allModuleIds: string[] = [];
+  for (const feature of features) {
+    for (const mod of feature.modules) {
+      allModuleIds.push(mod.id);
+    }
+  }
+
+  const allTruePermissions: PermissionsMap = { read: true, create: true, update: true, delete: true };
+
+  // Group by role for readability
+  const permsByRole = new Map<string, Array<{ moduleId: string; permissions: PermissionsMap }>>();
+
+  // CompanyAdministrator always gets all-true for every module
+  permsByRole.set(
+    COMPANY_ADMINISTRATOR_ROLE_ID,
+    allModuleIds.map((moduleId) => ({ moduleId, permissions: allTruePermissions })),
+  );
+
+  for (const [key, perms] of rolePermissionsMap) {
+    const [roleId, moduleId] = key.split(":");
+    if (roleId === COMPANY_ADMINISTRATOR_ROLE_ID) continue; // already handled
+    if (!permsByRole.has(roleId)) permsByRole.set(roleId, []);
+    permsByRole.get(roleId)!.push({ moduleId, permissions: perms });
+  }
+
+  for (const [roleId, moduleMappings] of permsByRole) {
+    const role = roles.find((r) => r.id === roleId);
+    if (role) {
+      lines.push(`  // ${role.name}`);
+    }
+
+    for (const mapping of moduleMappings) {
+      lines.push(`  {`);
+      lines.push(`    query: permissionQuery,`);
+      lines.push(`    queryParams: {`);
+      lines.push(`      roleId: "${roleId}",`);
+      lines.push(`      moduleId: "${mapping.moduleId}",`);
+      lines.push(`      permissions: JSON.stringify(${formatPermissionsFromMap(mapping.permissions)}),`);
+      lines.push(`    },`);
+      lines.push(`  },`);
+    }
+  }
+
+  lines.push(`];`);
+  lines.push(``);
+
+  return lines.join("\n");
+}
+
+export function downloadMigrationFile(content: string): void {
+  const now = new Date();
+  const dateStr = `${now.getFullYear()}${String(now.getMonth() + 1).padStart(2, "0")}${String(now.getDate()).padStart(2, "0")}`;
+  const filename = `${dateStr}_001.ts`;
+
+  const blob = new Blob([content], { type: "text/plain" });
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = filename;
+  document.body.appendChild(a);
+  a.click();
+  document.body.removeChild(a);
+  URL.revokeObjectURL(url);
+}

package/src/index.ts

@@ -42,3 +42,7 @@ export type { ReferralConfig } from "./features/referral/config";
 
 // Toast utilities
 export { showToast, showError, dismissToast, showCustomToast, type ToastOptions } from "./utils/toast";
+
+// RBAC feature (data + modules only; components via /components, hooks via /client)
+export * from "./features/rbac/data";
+export * from "./features/rbac/rbac.module";