@contractspec/lib.identity-rbac 1.46.2 → 1.47.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/contracts/organization.d.ts +9 -9
- package/dist/contracts/rbac.d.ts +9 -9
- package/dist/contracts/user.d.ts +6 -6
- package/dist/entities/index.d.ts +160 -160
- package/dist/entities/index.d.ts.map +1 -1
- package/dist/entities/index.js.map +1 -1
- package/dist/entities/organization.d.ts +59 -59
- package/dist/entities/rbac.d.ts +63 -63
- package/dist/identity-rbac.capability.d.ts +8 -0
- package/dist/identity-rbac.capability.d.ts.map +1 -0
- package/dist/identity-rbac.capability.js +29 -0
- package/dist/identity-rbac.capability.js.map +1 -0
- package/dist/identity-rbac.feature.d.ts +4 -4
- package/dist/identity-rbac.feature.d.ts.map +1 -1
- package/dist/identity-rbac.feature.js +11 -4
- package/dist/identity-rbac.feature.js.map +1 -1
- package/dist/policies/engine.js.map +1 -1
- package/package.json +7 -8
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _contractspec_lib_schema274 from "@contractspec/lib.schema";
|
|
2
2
|
import { SchemaModel } from "@contractspec/lib.schema";
|
|
3
|
-
import * as
|
|
3
|
+
import * as _contractspec_lib_contracts37 from "@contractspec/lib.contracts";
|
|
4
4
|
|
|
5
5
|
//#region src/contracts/organization.d.ts
|
|
6
6
|
declare const OrganizationModel: SchemaModel<{
|
|
@@ -354,7 +354,7 @@ declare const ListUserOrgsOutputModel: SchemaModel<{
|
|
|
354
354
|
/**
|
|
355
355
|
* Create a new organization.
|
|
356
356
|
*/
|
|
357
|
-
declare const CreateOrgContract:
|
|
357
|
+
declare const CreateOrgContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
358
358
|
name: {
|
|
359
359
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
360
360
|
isOptional: false;
|
|
@@ -446,7 +446,7 @@ declare const CreateOrgContract: _contractspec_lib_contracts34.OperationSpec<Sch
|
|
|
446
446
|
/**
|
|
447
447
|
* Get organization details.
|
|
448
448
|
*/
|
|
449
|
-
declare const GetOrgContract:
|
|
449
|
+
declare const GetOrgContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
450
450
|
orgId: {
|
|
451
451
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
452
452
|
isOptional: false;
|
|
@@ -488,7 +488,7 @@ declare const GetOrgContract: _contractspec_lib_contracts34.OperationSpec<Schema
|
|
|
488
488
|
/**
|
|
489
489
|
* Update organization.
|
|
490
490
|
*/
|
|
491
|
-
declare const UpdateOrgContract:
|
|
491
|
+
declare const UpdateOrgContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
492
492
|
orgId: {
|
|
493
493
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
494
494
|
isOptional: false;
|
|
@@ -584,7 +584,7 @@ declare const UpdateOrgContract: _contractspec_lib_contracts34.OperationSpec<Sch
|
|
|
584
584
|
/**
|
|
585
585
|
* Invite a member to the organization.
|
|
586
586
|
*/
|
|
587
|
-
declare const InviteMemberContract:
|
|
587
|
+
declare const InviteMemberContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
588
588
|
orgId: {
|
|
589
589
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
590
590
|
isOptional: false;
|
|
@@ -660,7 +660,7 @@ declare const InviteMemberContract: _contractspec_lib_contracts34.OperationSpec<
|
|
|
660
660
|
/**
|
|
661
661
|
* Accept an invitation.
|
|
662
662
|
*/
|
|
663
|
-
declare const AcceptInviteContract:
|
|
663
|
+
declare const AcceptInviteContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
664
664
|
invitationId: {
|
|
665
665
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
666
666
|
isOptional: false;
|
|
@@ -750,7 +750,7 @@ declare const AcceptInviteContract: _contractspec_lib_contracts34.OperationSpec<
|
|
|
750
750
|
/**
|
|
751
751
|
* Remove a member from the organization.
|
|
752
752
|
*/
|
|
753
|
-
declare const RemoveMemberContract:
|
|
753
|
+
declare const RemoveMemberContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
754
754
|
orgId: {
|
|
755
755
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
756
756
|
isOptional: false;
|
|
@@ -782,7 +782,7 @@ declare const RemoveMemberContract: _contractspec_lib_contracts34.OperationSpec<
|
|
|
782
782
|
/**
|
|
783
783
|
* List organization members.
|
|
784
784
|
*/
|
|
785
|
-
declare const ListMembersContract:
|
|
785
|
+
declare const ListMembersContract: _contractspec_lib_contracts37.OperationSpec<SchemaModel<{
|
|
786
786
|
orgId: {
|
|
787
787
|
type: _contractspec_lib_schema274.FieldType<string, string>;
|
|
788
788
|
isOptional: false;
|
|
@@ -847,7 +847,7 @@ declare const ListMembersContract: _contractspec_lib_contracts34.OperationSpec<S
|
|
|
847
847
|
/**
|
|
848
848
|
* List user's organizations.
|
|
849
849
|
*/
|
|
850
|
-
declare const ListUserOrgsContract:
|
|
850
|
+
declare const ListUserOrgsContract: _contractspec_lib_contracts37.OperationSpec<_contractspec_lib_schema274.AnySchemaModel, SchemaModel<{
|
|
851
851
|
organizations: {
|
|
852
852
|
type: SchemaModel<{
|
|
853
853
|
id: {
|
package/dist/contracts/rbac.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _contractspec_lib_schema458 from "@contractspec/lib.schema";
|
|
2
2
|
import { SchemaModel } from "@contractspec/lib.schema";
|
|
3
|
-
import * as
|
|
3
|
+
import * as _contractspec_lib_contracts45 from "@contractspec/lib.contracts";
|
|
4
4
|
|
|
5
5
|
//#region src/contracts/rbac.d.ts
|
|
6
6
|
declare const RoleModel: SchemaModel<{
|
|
@@ -252,7 +252,7 @@ declare const ListUserPermissionsOutputModel: SchemaModel<{
|
|
|
252
252
|
/**
|
|
253
253
|
* Create a new role.
|
|
254
254
|
*/
|
|
255
|
-
declare const CreateRoleContract:
|
|
255
|
+
declare const CreateRoleContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
256
256
|
name: {
|
|
257
257
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
258
258
|
isOptional: false;
|
|
@@ -292,7 +292,7 @@ declare const CreateRoleContract: _contractspec_lib_contracts42.OperationSpec<Sc
|
|
|
292
292
|
/**
|
|
293
293
|
* Update a role.
|
|
294
294
|
*/
|
|
295
|
-
declare const UpdateRoleContract:
|
|
295
|
+
declare const UpdateRoleContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
296
296
|
roleId: {
|
|
297
297
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
298
298
|
isOptional: false;
|
|
@@ -336,7 +336,7 @@ declare const UpdateRoleContract: _contractspec_lib_contracts42.OperationSpec<Sc
|
|
|
336
336
|
/**
|
|
337
337
|
* Delete a role.
|
|
338
338
|
*/
|
|
339
|
-
declare const DeleteRoleContract:
|
|
339
|
+
declare const DeleteRoleContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
340
340
|
roleId: {
|
|
341
341
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
342
342
|
isOptional: false;
|
|
@@ -350,7 +350,7 @@ declare const DeleteRoleContract: _contractspec_lib_contracts42.OperationSpec<Sc
|
|
|
350
350
|
/**
|
|
351
351
|
* List all roles.
|
|
352
352
|
*/
|
|
353
|
-
declare const ListRolesContract:
|
|
353
|
+
declare const ListRolesContract: _contractspec_lib_contracts45.OperationSpec<_contractspec_lib_schema458.AnySchemaModel, SchemaModel<{
|
|
354
354
|
roles: {
|
|
355
355
|
type: SchemaModel<{
|
|
356
356
|
id: {
|
|
@@ -382,7 +382,7 @@ declare const ListRolesContract: _contractspec_lib_contracts42.OperationSpec<_co
|
|
|
382
382
|
/**
|
|
383
383
|
* Assign a role to a user or organization.
|
|
384
384
|
*/
|
|
385
|
-
declare const AssignRoleContract:
|
|
385
|
+
declare const AssignRoleContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
386
386
|
roleId: {
|
|
387
387
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
388
388
|
isOptional: false;
|
|
@@ -510,7 +510,7 @@ declare const AssignRoleContract: _contractspec_lib_contracts42.OperationSpec<Sc
|
|
|
510
510
|
/**
|
|
511
511
|
* Revoke a role from a user or organization.
|
|
512
512
|
*/
|
|
513
|
-
declare const RevokeRoleContract:
|
|
513
|
+
declare const RevokeRoleContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
514
514
|
bindingId: {
|
|
515
515
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
516
516
|
isOptional: false;
|
|
@@ -534,7 +534,7 @@ declare const RevokeRoleContract: _contractspec_lib_contracts42.OperationSpec<Sc
|
|
|
534
534
|
/**
|
|
535
535
|
* Check if a user has a specific permission.
|
|
536
536
|
*/
|
|
537
|
-
declare const CheckPermissionContract:
|
|
537
|
+
declare const CheckPermissionContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
538
538
|
userId: {
|
|
539
539
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
540
540
|
isOptional: false;
|
|
@@ -564,7 +564,7 @@ declare const CheckPermissionContract: _contractspec_lib_contracts42.OperationSp
|
|
|
564
564
|
/**
|
|
565
565
|
* List permissions for a user.
|
|
566
566
|
*/
|
|
567
|
-
declare const ListUserPermissionsContract:
|
|
567
|
+
declare const ListUserPermissionsContract: _contractspec_lib_contracts45.OperationSpec<SchemaModel<{
|
|
568
568
|
userId: {
|
|
569
569
|
type: _contractspec_lib_schema458.FieldType<string, string>;
|
|
570
570
|
isOptional: false;
|
package/dist/contracts/user.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _contractspec_lib_schema141 from "@contractspec/lib.schema";
|
|
2
2
|
import { SchemaModel } from "@contractspec/lib.schema";
|
|
3
|
-
import * as
|
|
3
|
+
import * as _contractspec_lib_contracts32 from "@contractspec/lib.contracts";
|
|
4
4
|
|
|
5
5
|
//#region src/contracts/user.d.ts
|
|
6
6
|
declare const UserProfileModel: SchemaModel<{
|
|
@@ -196,7 +196,7 @@ declare const ListUsersOutputModel: SchemaModel<{
|
|
|
196
196
|
/**
|
|
197
197
|
* Create a new user account.
|
|
198
198
|
*/
|
|
199
|
-
declare const CreateUserContract:
|
|
199
|
+
declare const CreateUserContract: _contractspec_lib_contracts32.OperationSpec<SchemaModel<{
|
|
200
200
|
email: {
|
|
201
201
|
type: _contractspec_lib_schema141.FieldType<string, string>;
|
|
202
202
|
isOptional: false;
|
|
@@ -324,7 +324,7 @@ declare const CreateUserContract: _contractspec_lib_contracts29.OperationSpec<Sc
|
|
|
324
324
|
/**
|
|
325
325
|
* Get the current user's profile.
|
|
326
326
|
*/
|
|
327
|
-
declare const GetCurrentUserContract:
|
|
327
|
+
declare const GetCurrentUserContract: _contractspec_lib_contracts32.OperationSpec<_contractspec_lib_schema141.AnySchemaModel, SchemaModel<{
|
|
328
328
|
id: {
|
|
329
329
|
type: _contractspec_lib_schema141.FieldType<string, string>;
|
|
330
330
|
isOptional: false;
|
|
@@ -377,7 +377,7 @@ declare const GetCurrentUserContract: _contractspec_lib_contracts29.OperationSpe
|
|
|
377
377
|
/**
|
|
378
378
|
* Update user profile.
|
|
379
379
|
*/
|
|
380
|
-
declare const UpdateUserContract:
|
|
380
|
+
declare const UpdateUserContract: _contractspec_lib_contracts32.OperationSpec<SchemaModel<{
|
|
381
381
|
name: {
|
|
382
382
|
type: _contractspec_lib_schema141.FieldType<string, string>;
|
|
383
383
|
isOptional: true;
|
|
@@ -509,7 +509,7 @@ declare const UpdateUserContract: _contractspec_lib_contracts29.OperationSpec<Sc
|
|
|
509
509
|
/**
|
|
510
510
|
* Delete user account.
|
|
511
511
|
*/
|
|
512
|
-
declare const DeleteUserContract:
|
|
512
|
+
declare const DeleteUserContract: _contractspec_lib_contracts32.OperationSpec<SchemaModel<{
|
|
513
513
|
confirmEmail: {
|
|
514
514
|
type: _contractspec_lib_schema141.FieldType<string, string>;
|
|
515
515
|
isOptional: false;
|
|
@@ -533,7 +533,7 @@ declare const DeleteUserContract: _contractspec_lib_contracts29.OperationSpec<Sc
|
|
|
533
533
|
/**
|
|
534
534
|
* List users (admin only).
|
|
535
535
|
*/
|
|
536
|
-
declare const ListUsersContract:
|
|
536
|
+
declare const ListUsersContract: _contractspec_lib_contracts32.OperationSpec<SchemaModel<{
|
|
537
537
|
limit: {
|
|
538
538
|
type: _contractspec_lib_schema141.FieldType<number, number>;
|
|
539
539
|
isOptional: true;
|
package/dist/entities/index.d.ts
CHANGED
|
@@ -1,172 +1,172 @@
|
|
|
1
1
|
import { AccountEntity, SessionEntity, UserEntity, VerificationEntity } from "./user.js";
|
|
2
2
|
import { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity } from "./organization.js";
|
|
3
3
|
import { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity } from "./rbac.js";
|
|
4
|
-
import * as
|
|
4
|
+
import * as _contractspec_lib_schema637 from "@contractspec/lib.schema";
|
|
5
5
|
import { ModuleSchemaContribution } from "@contractspec/lib.schema";
|
|
6
6
|
|
|
7
7
|
//#region src/entities/index.d.ts
|
|
8
8
|
/**
|
|
9
9
|
* All identity-rbac entities for schema composition.
|
|
10
10
|
*/
|
|
11
|
-
declare const identityRbacEntities: (
|
|
12
|
-
id:
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
role:
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
}> |
|
|
110
|
-
id:
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
user:
|
|
11
|
+
declare const identityRbacEntities: (_contractspec_lib_schema637.EntitySpec<{
|
|
12
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
13
|
+
name: _contractspec_lib_schema637.EntityScalarField;
|
|
14
|
+
description: _contractspec_lib_schema637.EntityScalarField;
|
|
15
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
16
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
17
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
18
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
19
|
+
roleId: _contractspec_lib_schema637.EntityScalarField;
|
|
20
|
+
targetType: _contractspec_lib_schema637.EntityScalarField;
|
|
21
|
+
targetId: _contractspec_lib_schema637.EntityScalarField;
|
|
22
|
+
expiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
23
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
24
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
25
|
+
organizationId: _contractspec_lib_schema637.EntityScalarField;
|
|
26
|
+
role: _contractspec_lib_schema637.EntityRelationField;
|
|
27
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
28
|
+
organization: _contractspec_lib_schema637.EntityRelationField;
|
|
29
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
30
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
31
|
+
name: _contractspec_lib_schema637.EntityScalarField;
|
|
32
|
+
start: _contractspec_lib_schema637.EntityScalarField;
|
|
33
|
+
prefix: _contractspec_lib_schema637.EntityScalarField;
|
|
34
|
+
key: _contractspec_lib_schema637.EntityScalarField;
|
|
35
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
36
|
+
refillInterval: _contractspec_lib_schema637.EntityScalarField;
|
|
37
|
+
refillAmount: _contractspec_lib_schema637.EntityScalarField;
|
|
38
|
+
lastRefillAt: _contractspec_lib_schema637.EntityScalarField;
|
|
39
|
+
remaining: _contractspec_lib_schema637.EntityScalarField;
|
|
40
|
+
requestCount: _contractspec_lib_schema637.EntityScalarField;
|
|
41
|
+
lastRequest: _contractspec_lib_schema637.EntityScalarField;
|
|
42
|
+
enabled: _contractspec_lib_schema637.EntityScalarField;
|
|
43
|
+
rateLimitEnabled: _contractspec_lib_schema637.EntityScalarField;
|
|
44
|
+
rateLimitTimeWindow: _contractspec_lib_schema637.EntityScalarField;
|
|
45
|
+
rateLimitMax: _contractspec_lib_schema637.EntityScalarField;
|
|
46
|
+
expiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
47
|
+
permissions: _contractspec_lib_schema637.EntityScalarField;
|
|
48
|
+
metadata: _contractspec_lib_schema637.EntityScalarField;
|
|
49
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
50
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
51
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
52
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
53
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
54
|
+
name: _contractspec_lib_schema637.EntityScalarField;
|
|
55
|
+
publicKey: _contractspec_lib_schema637.EntityScalarField;
|
|
56
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
57
|
+
credentialID: _contractspec_lib_schema637.EntityScalarField;
|
|
58
|
+
counter: _contractspec_lib_schema637.EntityScalarField;
|
|
59
|
+
deviceType: _contractspec_lib_schema637.EntityScalarField;
|
|
60
|
+
backedUp: _contractspec_lib_schema637.EntityScalarField;
|
|
61
|
+
transports: _contractspec_lib_schema637.EntityScalarField;
|
|
62
|
+
aaguid: _contractspec_lib_schema637.EntityScalarField;
|
|
63
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
64
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
65
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
66
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
67
|
+
email: _contractspec_lib_schema637.EntityScalarField;
|
|
68
|
+
emailVerified: _contractspec_lib_schema637.EntityScalarField;
|
|
69
|
+
name: _contractspec_lib_schema637.EntityScalarField;
|
|
70
|
+
firstName: _contractspec_lib_schema637.EntityScalarField;
|
|
71
|
+
lastName: _contractspec_lib_schema637.EntityScalarField;
|
|
72
|
+
locale: _contractspec_lib_schema637.EntityScalarField;
|
|
73
|
+
timezone: _contractspec_lib_schema637.EntityScalarField;
|
|
74
|
+
imageUrl: _contractspec_lib_schema637.EntityScalarField;
|
|
75
|
+
image: _contractspec_lib_schema637.EntityScalarField;
|
|
76
|
+
metadata: _contractspec_lib_schema637.EntityScalarField;
|
|
77
|
+
onboardingCompleted: _contractspec_lib_schema637.EntityScalarField;
|
|
78
|
+
onboardingStep: _contractspec_lib_schema637.EntityScalarField;
|
|
79
|
+
whitelistedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
80
|
+
role: _contractspec_lib_schema637.EntityScalarField;
|
|
81
|
+
banned: _contractspec_lib_schema637.EntityScalarField;
|
|
82
|
+
banReason: _contractspec_lib_schema637.EntityScalarField;
|
|
83
|
+
banExpires: _contractspec_lib_schema637.EntityScalarField;
|
|
84
|
+
phoneNumber: _contractspec_lib_schema637.EntityScalarField;
|
|
85
|
+
phoneNumberVerified: _contractspec_lib_schema637.EntityScalarField;
|
|
86
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
87
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
88
|
+
sessions: _contractspec_lib_schema637.EntityRelationField;
|
|
89
|
+
accounts: _contractspec_lib_schema637.EntityRelationField;
|
|
90
|
+
memberships: _contractspec_lib_schema637.EntityRelationField;
|
|
91
|
+
invitations: _contractspec_lib_schema637.EntityRelationField;
|
|
92
|
+
teamMemberships: _contractspec_lib_schema637.EntityRelationField;
|
|
93
|
+
policyBindings: _contractspec_lib_schema637.EntityRelationField;
|
|
94
|
+
apiKeys: _contractspec_lib_schema637.EntityRelationField;
|
|
95
|
+
passkeys: _contractspec_lib_schema637.EntityRelationField;
|
|
96
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
97
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
98
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
99
|
+
expiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
100
|
+
token: _contractspec_lib_schema637.EntityScalarField;
|
|
101
|
+
ipAddress: _contractspec_lib_schema637.EntityScalarField;
|
|
102
|
+
userAgent: _contractspec_lib_schema637.EntityScalarField;
|
|
103
|
+
impersonatedBy: _contractspec_lib_schema637.EntityScalarField;
|
|
104
|
+
activeOrganizationId: _contractspec_lib_schema637.EntityScalarField;
|
|
105
|
+
activeTeamId: _contractspec_lib_schema637.EntityScalarField;
|
|
106
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
107
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
108
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
109
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
110
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
111
|
+
accountId: _contractspec_lib_schema637.EntityScalarField;
|
|
112
|
+
providerId: _contractspec_lib_schema637.EntityScalarField;
|
|
113
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
114
|
+
accessToken: _contractspec_lib_schema637.EntityScalarField;
|
|
115
|
+
refreshToken: _contractspec_lib_schema637.EntityScalarField;
|
|
116
|
+
idToken: _contractspec_lib_schema637.EntityScalarField;
|
|
117
|
+
accessTokenExpiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
118
|
+
refreshTokenExpiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
119
|
+
scope: _contractspec_lib_schema637.EntityScalarField;
|
|
120
|
+
password: _contractspec_lib_schema637.EntityScalarField;
|
|
121
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
122
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
123
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
124
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
125
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
126
|
+
identifier: _contractspec_lib_schema637.EntityScalarField;
|
|
127
|
+
value: _contractspec_lib_schema637.EntityScalarField;
|
|
128
|
+
expiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
129
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
130
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
131
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
132
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
133
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
134
|
+
organizationId: _contractspec_lib_schema637.EntityScalarField;
|
|
135
|
+
role: _contractspec_lib_schema637.EntityScalarField;
|
|
136
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
137
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
138
|
+
organization: _contractspec_lib_schema637.EntityRelationField;
|
|
139
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
140
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
141
|
+
organizationId: _contractspec_lib_schema637.EntityScalarField;
|
|
142
|
+
email: _contractspec_lib_schema637.EntityScalarField;
|
|
143
|
+
role: _contractspec_lib_schema637.EntityScalarField;
|
|
144
|
+
status: _contractspec_lib_schema637.EntityScalarField;
|
|
145
|
+
acceptedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
146
|
+
expiresAt: _contractspec_lib_schema637.EntityScalarField;
|
|
147
|
+
inviterId: _contractspec_lib_schema637.EntityScalarField;
|
|
148
|
+
teamId: _contractspec_lib_schema637.EntityScalarField;
|
|
149
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
150
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
151
|
+
organization: _contractspec_lib_schema637.EntityRelationField;
|
|
152
|
+
inviter: _contractspec_lib_schema637.EntityRelationField;
|
|
153
|
+
team: _contractspec_lib_schema637.EntityRelationField;
|
|
154
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
155
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
156
|
+
name: _contractspec_lib_schema637.EntityScalarField;
|
|
157
|
+
organizationId: _contractspec_lib_schema637.EntityScalarField;
|
|
158
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
159
|
+
updatedAt: _contractspec_lib_schema637.EntityScalarField;
|
|
160
|
+
organization: _contractspec_lib_schema637.EntityRelationField;
|
|
161
|
+
members: _contractspec_lib_schema637.EntityRelationField;
|
|
162
|
+
invitations: _contractspec_lib_schema637.EntityRelationField;
|
|
163
|
+
}> | _contractspec_lib_schema637.EntitySpec<{
|
|
164
|
+
id: _contractspec_lib_schema637.EntityScalarField;
|
|
165
|
+
teamId: _contractspec_lib_schema637.EntityScalarField;
|
|
166
|
+
userId: _contractspec_lib_schema637.EntityScalarField;
|
|
167
|
+
createdAt: _contractspec_lib_schema637.EntityScalarField;
|
|
168
|
+
team: _contractspec_lib_schema637.EntityRelationField;
|
|
169
|
+
user: _contractspec_lib_schema637.EntityRelationField;
|
|
170
170
|
}>)[];
|
|
171
171
|
/**
|
|
172
172
|
* Module schema contribution for identity-rbac.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;AAsDa,cAAA,oBAeZ,EAAA,6BAfgC,UAehC,CAAA;EAAA,EAAA,EAAA,2BAAA,CAAA,iBAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":[],"mappings":";;;;;;;;;;AAsDa,cAAA,oBAeZ,EAAA,6BAfgC,UAehC,CAAA;EAAA,EAAA,EAAA,2BAAA,CAAA,iBAAA;;;;;2CAfgC,CAAA;EAAA,EAAA,EAAA,2BAAA,CAAA,iBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBjC;;cAAa,gCAAgC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":["// User-related entities\nexport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\n\n// Organization-related entities\nexport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\n\n// RBAC entities\nexport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\n\n// Re-export all entities as a module contribution\nimport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\nimport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\nimport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\nimport type { ModuleSchemaContribution } from '@contractspec/lib.schema';\n\n/**\n * All identity-rbac entities for schema composition.\n */\nexport const identityRbacEntities = [\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n];\n\n/**\n * Module schema contribution for identity-rbac.\n */\nexport const identityRbacSchemaContribution: ModuleSchemaContribution = {\n moduleId: '@contractspec/lib.identity-rbac',\n entities: identityRbacEntities,\n enums: [OrganizationTypeEnum],\n};\n"],"mappings":";;;;;;;;AAsDA,MAAa,uBAAuB;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;AAKD,MAAa,iCAA2D;CACtE,UAAU;CACV,UAAU;CACV,OAAO,CAAC,qBAAqB;CAC9B"}
|
|
@@ -1,86 +1,86 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as _contractspec_lib_schema796 from "@contractspec/lib.schema";
|
|
2
2
|
|
|
3
3
|
//#region src/entities/organization.d.ts
|
|
4
4
|
/**
|
|
5
5
|
* Organization type enum.
|
|
6
6
|
*/
|
|
7
|
-
declare const OrganizationTypeEnum:
|
|
7
|
+
declare const OrganizationTypeEnum: _contractspec_lib_schema796.EntityEnumDef;
|
|
8
8
|
/**
|
|
9
9
|
* Organization entity - tenant/company grouping.
|
|
10
10
|
*/
|
|
11
|
-
declare const OrganizationEntity:
|
|
12
|
-
id:
|
|
13
|
-
name:
|
|
14
|
-
slug:
|
|
15
|
-
logo:
|
|
16
|
-
description:
|
|
17
|
-
metadata:
|
|
18
|
-
type:
|
|
19
|
-
onboardingCompleted:
|
|
20
|
-
onboardingStep:
|
|
21
|
-
referralCode:
|
|
22
|
-
referredBy:
|
|
23
|
-
createdAt:
|
|
24
|
-
updatedAt:
|
|
25
|
-
members:
|
|
26
|
-
invitations:
|
|
27
|
-
teams:
|
|
28
|
-
policyBindings:
|
|
11
|
+
declare const OrganizationEntity: _contractspec_lib_schema796.EntitySpec<{
|
|
12
|
+
id: _contractspec_lib_schema796.EntityScalarField;
|
|
13
|
+
name: _contractspec_lib_schema796.EntityScalarField;
|
|
14
|
+
slug: _contractspec_lib_schema796.EntityScalarField;
|
|
15
|
+
logo: _contractspec_lib_schema796.EntityScalarField;
|
|
16
|
+
description: _contractspec_lib_schema796.EntityScalarField;
|
|
17
|
+
metadata: _contractspec_lib_schema796.EntityScalarField;
|
|
18
|
+
type: _contractspec_lib_schema796.EntityEnumField;
|
|
19
|
+
onboardingCompleted: _contractspec_lib_schema796.EntityScalarField;
|
|
20
|
+
onboardingStep: _contractspec_lib_schema796.EntityScalarField;
|
|
21
|
+
referralCode: _contractspec_lib_schema796.EntityScalarField;
|
|
22
|
+
referredBy: _contractspec_lib_schema796.EntityScalarField;
|
|
23
|
+
createdAt: _contractspec_lib_schema796.EntityScalarField;
|
|
24
|
+
updatedAt: _contractspec_lib_schema796.EntityScalarField;
|
|
25
|
+
members: _contractspec_lib_schema796.EntityRelationField;
|
|
26
|
+
invitations: _contractspec_lib_schema796.EntityRelationField;
|
|
27
|
+
teams: _contractspec_lib_schema796.EntityRelationField;
|
|
28
|
+
policyBindings: _contractspec_lib_schema796.EntityRelationField;
|
|
29
29
|
}>;
|
|
30
30
|
/**
|
|
31
31
|
* Member entity - user membership in an organization.
|
|
32
32
|
*/
|
|
33
|
-
declare const MemberEntity:
|
|
34
|
-
id:
|
|
35
|
-
userId:
|
|
36
|
-
organizationId:
|
|
37
|
-
role:
|
|
38
|
-
createdAt:
|
|
39
|
-
user:
|
|
40
|
-
organization:
|
|
33
|
+
declare const MemberEntity: _contractspec_lib_schema796.EntitySpec<{
|
|
34
|
+
id: _contractspec_lib_schema796.EntityScalarField;
|
|
35
|
+
userId: _contractspec_lib_schema796.EntityScalarField;
|
|
36
|
+
organizationId: _contractspec_lib_schema796.EntityScalarField;
|
|
37
|
+
role: _contractspec_lib_schema796.EntityScalarField;
|
|
38
|
+
createdAt: _contractspec_lib_schema796.EntityScalarField;
|
|
39
|
+
user: _contractspec_lib_schema796.EntityRelationField;
|
|
40
|
+
organization: _contractspec_lib_schema796.EntityRelationField;
|
|
41
41
|
}>;
|
|
42
42
|
/**
|
|
43
43
|
* Invitation entity - pending organization invites.
|
|
44
44
|
*/
|
|
45
|
-
declare const InvitationEntity:
|
|
46
|
-
id:
|
|
47
|
-
organizationId:
|
|
48
|
-
email:
|
|
49
|
-
role:
|
|
50
|
-
status:
|
|
51
|
-
acceptedAt:
|
|
52
|
-
expiresAt:
|
|
53
|
-
inviterId:
|
|
54
|
-
teamId:
|
|
55
|
-
createdAt:
|
|
56
|
-
updatedAt:
|
|
57
|
-
organization:
|
|
58
|
-
inviter:
|
|
59
|
-
team:
|
|
45
|
+
declare const InvitationEntity: _contractspec_lib_schema796.EntitySpec<{
|
|
46
|
+
id: _contractspec_lib_schema796.EntityScalarField;
|
|
47
|
+
organizationId: _contractspec_lib_schema796.EntityScalarField;
|
|
48
|
+
email: _contractspec_lib_schema796.EntityScalarField;
|
|
49
|
+
role: _contractspec_lib_schema796.EntityScalarField;
|
|
50
|
+
status: _contractspec_lib_schema796.EntityScalarField;
|
|
51
|
+
acceptedAt: _contractspec_lib_schema796.EntityScalarField;
|
|
52
|
+
expiresAt: _contractspec_lib_schema796.EntityScalarField;
|
|
53
|
+
inviterId: _contractspec_lib_schema796.EntityScalarField;
|
|
54
|
+
teamId: _contractspec_lib_schema796.EntityScalarField;
|
|
55
|
+
createdAt: _contractspec_lib_schema796.EntityScalarField;
|
|
56
|
+
updatedAt: _contractspec_lib_schema796.EntityScalarField;
|
|
57
|
+
organization: _contractspec_lib_schema796.EntityRelationField;
|
|
58
|
+
inviter: _contractspec_lib_schema796.EntityRelationField;
|
|
59
|
+
team: _contractspec_lib_schema796.EntityRelationField;
|
|
60
60
|
}>;
|
|
61
61
|
/**
|
|
62
62
|
* Team entity - team within an organization.
|
|
63
63
|
*/
|
|
64
|
-
declare const TeamEntity:
|
|
65
|
-
id:
|
|
66
|
-
name:
|
|
67
|
-
organizationId:
|
|
68
|
-
createdAt:
|
|
69
|
-
updatedAt:
|
|
70
|
-
organization:
|
|
71
|
-
members:
|
|
72
|
-
invitations:
|
|
64
|
+
declare const TeamEntity: _contractspec_lib_schema796.EntitySpec<{
|
|
65
|
+
id: _contractspec_lib_schema796.EntityScalarField;
|
|
66
|
+
name: _contractspec_lib_schema796.EntityScalarField;
|
|
67
|
+
organizationId: _contractspec_lib_schema796.EntityScalarField;
|
|
68
|
+
createdAt: _contractspec_lib_schema796.EntityScalarField;
|
|
69
|
+
updatedAt: _contractspec_lib_schema796.EntityScalarField;
|
|
70
|
+
organization: _contractspec_lib_schema796.EntityRelationField;
|
|
71
|
+
members: _contractspec_lib_schema796.EntityRelationField;
|
|
72
|
+
invitations: _contractspec_lib_schema796.EntityRelationField;
|
|
73
73
|
}>;
|
|
74
74
|
/**
|
|
75
75
|
* TeamMember entity - user's team membership.
|
|
76
76
|
*/
|
|
77
|
-
declare const TeamMemberEntity:
|
|
78
|
-
id:
|
|
79
|
-
teamId:
|
|
80
|
-
userId:
|
|
81
|
-
createdAt:
|
|
82
|
-
team:
|
|
83
|
-
user:
|
|
77
|
+
declare const TeamMemberEntity: _contractspec_lib_schema796.EntitySpec<{
|
|
78
|
+
id: _contractspec_lib_schema796.EntityScalarField;
|
|
79
|
+
teamId: _contractspec_lib_schema796.EntityScalarField;
|
|
80
|
+
userId: _contractspec_lib_schema796.EntityScalarField;
|
|
81
|
+
createdAt: _contractspec_lib_schema796.EntityScalarField;
|
|
82
|
+
team: _contractspec_lib_schema796.EntityRelationField;
|
|
83
|
+
user: _contractspec_lib_schema796.EntityRelationField;
|
|
84
84
|
}>;
|
|
85
85
|
//#endregion
|
|
86
86
|
export { InvitationEntity, MemberEntity, OrganizationEntity, OrganizationTypeEnum, TeamEntity, TeamMemberEntity };
|
package/dist/entities/rbac.d.ts
CHANGED
|
@@ -1,87 +1,87 @@
|
|
|
1
|
-
import * as
|
|
1
|
+
import * as _contractspec_lib_schema575 from "@contractspec/lib.schema";
|
|
2
2
|
|
|
3
3
|
//#region src/entities/rbac.d.ts
|
|
4
4
|
/**
|
|
5
5
|
* Role entity - named set of permissions.
|
|
6
6
|
*/
|
|
7
|
-
declare const RoleEntity:
|
|
8
|
-
id:
|
|
9
|
-
name:
|
|
10
|
-
description:
|
|
11
|
-
permissions:
|
|
12
|
-
createdAt:
|
|
13
|
-
updatedAt:
|
|
14
|
-
policyBindings:
|
|
7
|
+
declare const RoleEntity: _contractspec_lib_schema575.EntitySpec<{
|
|
8
|
+
id: _contractspec_lib_schema575.EntityScalarField;
|
|
9
|
+
name: _contractspec_lib_schema575.EntityScalarField;
|
|
10
|
+
description: _contractspec_lib_schema575.EntityScalarField;
|
|
11
|
+
permissions: _contractspec_lib_schema575.EntityScalarField;
|
|
12
|
+
createdAt: _contractspec_lib_schema575.EntityScalarField;
|
|
13
|
+
updatedAt: _contractspec_lib_schema575.EntityScalarField;
|
|
14
|
+
policyBindings: _contractspec_lib_schema575.EntityRelationField;
|
|
15
15
|
}>;
|
|
16
16
|
/**
|
|
17
17
|
* Permission entity - atomic access right.
|
|
18
18
|
*/
|
|
19
|
-
declare const PermissionEntity:
|
|
20
|
-
id:
|
|
21
|
-
name:
|
|
22
|
-
description:
|
|
23
|
-
createdAt:
|
|
24
|
-
updatedAt:
|
|
19
|
+
declare const PermissionEntity: _contractspec_lib_schema575.EntitySpec<{
|
|
20
|
+
id: _contractspec_lib_schema575.EntityScalarField;
|
|
21
|
+
name: _contractspec_lib_schema575.EntityScalarField;
|
|
22
|
+
description: _contractspec_lib_schema575.EntityScalarField;
|
|
23
|
+
createdAt: _contractspec_lib_schema575.EntityScalarField;
|
|
24
|
+
updatedAt: _contractspec_lib_schema575.EntityScalarField;
|
|
25
25
|
}>;
|
|
26
26
|
/**
|
|
27
27
|
* PolicyBinding entity - binds roles to principals.
|
|
28
28
|
*/
|
|
29
|
-
declare const PolicyBindingEntity:
|
|
30
|
-
id:
|
|
31
|
-
roleId:
|
|
32
|
-
targetType:
|
|
33
|
-
targetId:
|
|
34
|
-
expiresAt:
|
|
35
|
-
createdAt:
|
|
36
|
-
userId:
|
|
37
|
-
organizationId:
|
|
38
|
-
role:
|
|
39
|
-
user:
|
|
40
|
-
organization:
|
|
29
|
+
declare const PolicyBindingEntity: _contractspec_lib_schema575.EntitySpec<{
|
|
30
|
+
id: _contractspec_lib_schema575.EntityScalarField;
|
|
31
|
+
roleId: _contractspec_lib_schema575.EntityScalarField;
|
|
32
|
+
targetType: _contractspec_lib_schema575.EntityScalarField;
|
|
33
|
+
targetId: _contractspec_lib_schema575.EntityScalarField;
|
|
34
|
+
expiresAt: _contractspec_lib_schema575.EntityScalarField;
|
|
35
|
+
createdAt: _contractspec_lib_schema575.EntityScalarField;
|
|
36
|
+
userId: _contractspec_lib_schema575.EntityScalarField;
|
|
37
|
+
organizationId: _contractspec_lib_schema575.EntityScalarField;
|
|
38
|
+
role: _contractspec_lib_schema575.EntityRelationField;
|
|
39
|
+
user: _contractspec_lib_schema575.EntityRelationField;
|
|
40
|
+
organization: _contractspec_lib_schema575.EntityRelationField;
|
|
41
41
|
}>;
|
|
42
42
|
/**
|
|
43
43
|
* ApiKey entity - API keys for programmatic access.
|
|
44
44
|
*/
|
|
45
|
-
declare const ApiKeyEntity:
|
|
46
|
-
id:
|
|
47
|
-
name:
|
|
48
|
-
start:
|
|
49
|
-
prefix:
|
|
50
|
-
key:
|
|
51
|
-
userId:
|
|
52
|
-
refillInterval:
|
|
53
|
-
refillAmount:
|
|
54
|
-
lastRefillAt:
|
|
55
|
-
remaining:
|
|
56
|
-
requestCount:
|
|
57
|
-
lastRequest:
|
|
58
|
-
enabled:
|
|
59
|
-
rateLimitEnabled:
|
|
60
|
-
rateLimitTimeWindow:
|
|
61
|
-
rateLimitMax:
|
|
62
|
-
expiresAt:
|
|
63
|
-
permissions:
|
|
64
|
-
metadata:
|
|
65
|
-
createdAt:
|
|
66
|
-
updatedAt:
|
|
67
|
-
user:
|
|
45
|
+
declare const ApiKeyEntity: _contractspec_lib_schema575.EntitySpec<{
|
|
46
|
+
id: _contractspec_lib_schema575.EntityScalarField;
|
|
47
|
+
name: _contractspec_lib_schema575.EntityScalarField;
|
|
48
|
+
start: _contractspec_lib_schema575.EntityScalarField;
|
|
49
|
+
prefix: _contractspec_lib_schema575.EntityScalarField;
|
|
50
|
+
key: _contractspec_lib_schema575.EntityScalarField;
|
|
51
|
+
userId: _contractspec_lib_schema575.EntityScalarField;
|
|
52
|
+
refillInterval: _contractspec_lib_schema575.EntityScalarField;
|
|
53
|
+
refillAmount: _contractspec_lib_schema575.EntityScalarField;
|
|
54
|
+
lastRefillAt: _contractspec_lib_schema575.EntityScalarField;
|
|
55
|
+
remaining: _contractspec_lib_schema575.EntityScalarField;
|
|
56
|
+
requestCount: _contractspec_lib_schema575.EntityScalarField;
|
|
57
|
+
lastRequest: _contractspec_lib_schema575.EntityScalarField;
|
|
58
|
+
enabled: _contractspec_lib_schema575.EntityScalarField;
|
|
59
|
+
rateLimitEnabled: _contractspec_lib_schema575.EntityScalarField;
|
|
60
|
+
rateLimitTimeWindow: _contractspec_lib_schema575.EntityScalarField;
|
|
61
|
+
rateLimitMax: _contractspec_lib_schema575.EntityScalarField;
|
|
62
|
+
expiresAt: _contractspec_lib_schema575.EntityScalarField;
|
|
63
|
+
permissions: _contractspec_lib_schema575.EntityScalarField;
|
|
64
|
+
metadata: _contractspec_lib_schema575.EntityScalarField;
|
|
65
|
+
createdAt: _contractspec_lib_schema575.EntityScalarField;
|
|
66
|
+
updatedAt: _contractspec_lib_schema575.EntityScalarField;
|
|
67
|
+
user: _contractspec_lib_schema575.EntityRelationField;
|
|
68
68
|
}>;
|
|
69
69
|
/**
|
|
70
70
|
* Passkey entity - WebAuthn passkeys.
|
|
71
71
|
*/
|
|
72
|
-
declare const PasskeyEntity:
|
|
73
|
-
id:
|
|
74
|
-
name:
|
|
75
|
-
publicKey:
|
|
76
|
-
userId:
|
|
77
|
-
credentialID:
|
|
78
|
-
counter:
|
|
79
|
-
deviceType:
|
|
80
|
-
backedUp:
|
|
81
|
-
transports:
|
|
82
|
-
aaguid:
|
|
83
|
-
createdAt:
|
|
84
|
-
user:
|
|
72
|
+
declare const PasskeyEntity: _contractspec_lib_schema575.EntitySpec<{
|
|
73
|
+
id: _contractspec_lib_schema575.EntityScalarField;
|
|
74
|
+
name: _contractspec_lib_schema575.EntityScalarField;
|
|
75
|
+
publicKey: _contractspec_lib_schema575.EntityScalarField;
|
|
76
|
+
userId: _contractspec_lib_schema575.EntityScalarField;
|
|
77
|
+
credentialID: _contractspec_lib_schema575.EntityScalarField;
|
|
78
|
+
counter: _contractspec_lib_schema575.EntityScalarField;
|
|
79
|
+
deviceType: _contractspec_lib_schema575.EntityScalarField;
|
|
80
|
+
backedUp: _contractspec_lib_schema575.EntityScalarField;
|
|
81
|
+
transports: _contractspec_lib_schema575.EntityScalarField;
|
|
82
|
+
aaguid: _contractspec_lib_schema575.EntityScalarField;
|
|
83
|
+
createdAt: _contractspec_lib_schema575.EntityScalarField;
|
|
84
|
+
user: _contractspec_lib_schema575.EntityRelationField;
|
|
85
85
|
}>;
|
|
86
86
|
//#endregion
|
|
87
87
|
export { ApiKeyEntity, PasskeyEntity, PermissionEntity, PolicyBindingEntity, RoleEntity };
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import * as _contractspec_lib_contracts29 from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
3
|
+
//#region src/identity-rbac.capability.d.ts
|
|
4
|
+
declare const IdentityCapability: _contractspec_lib_contracts29.CapabilitySpec;
|
|
5
|
+
declare const RbacCapability: _contractspec_lib_contracts29.CapabilitySpec;
|
|
6
|
+
//#endregion
|
|
7
|
+
export { IdentityCapability, RbacCapability };
|
|
8
|
+
//# sourceMappingURL=identity-rbac.capability.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-rbac.capability.d.ts","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":[],"mappings":";;;cAEa,oBAUX,6BAAA,CAV6B;cAYlB,gBAUX,6BAAA,CAVyB"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { StabilityEnum, defineCapability } from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
3
|
+
//#region src/identity-rbac.capability.ts
|
|
4
|
+
const IdentityCapability = defineCapability({ meta: {
|
|
5
|
+
key: "identity",
|
|
6
|
+
version: "1.0.0",
|
|
7
|
+
kind: "api",
|
|
8
|
+
stability: StabilityEnum.Experimental,
|
|
9
|
+
description: "User identity and authentication",
|
|
10
|
+
owners: ["@platform.core"],
|
|
11
|
+
tags: ["identity", "auth"]
|
|
12
|
+
} });
|
|
13
|
+
const RbacCapability = defineCapability({ meta: {
|
|
14
|
+
key: "rbac",
|
|
15
|
+
version: "1.0.0",
|
|
16
|
+
kind: "api",
|
|
17
|
+
stability: StabilityEnum.Experimental,
|
|
18
|
+
description: "Role-based access control",
|
|
19
|
+
owners: ["@platform.core"],
|
|
20
|
+
tags: [
|
|
21
|
+
"rbac",
|
|
22
|
+
"permissions",
|
|
23
|
+
"auth"
|
|
24
|
+
]
|
|
25
|
+
} });
|
|
26
|
+
|
|
27
|
+
//#endregion
|
|
28
|
+
export { IdentityCapability, RbacCapability };
|
|
29
|
+
//# sourceMappingURL=identity-rbac.capability.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-rbac.capability.js","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":["import { defineCapability, StabilityEnum } from '@contractspec/lib.contracts';\n\nexport const IdentityCapability = defineCapability({\n meta: {\n key: 'identity',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'User identity and authentication',\n owners: ['@platform.core'],\n tags: ['identity', 'auth'],\n },\n});\n\nexport const RbacCapability = defineCapability({\n meta: {\n key: 'rbac',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'Role-based access control',\n owners: ['@platform.core'],\n tags: ['rbac', 'permissions', 'auth'],\n },\n});\n"],"mappings":";;;AAEA,MAAa,qBAAqB,iBAAiB,EACjD,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM,CAAC,YAAY,OAAO;CAC3B,EACF,CAAC;AAEF,MAAa,iBAAiB,iBAAiB,EAC7C,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM;EAAC;EAAQ;EAAe;EAAO;CACtC,EACF,CAAC"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import
|
|
1
|
+
import * as _contractspec_lib_contracts31 from "@contractspec/lib.contracts";
|
|
2
2
|
|
|
3
3
|
//#region src/identity-rbac.feature.d.ts
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
|
-
* Identity RBAC feature module that bundles user
|
|
7
|
-
* and role-based access control
|
|
6
|
+
* Identity & RBAC feature module that bundles user management,
|
|
7
|
+
* organization tenancy, and role-based access control.
|
|
8
8
|
*/
|
|
9
|
-
declare const IdentityRbacFeature: FeatureModuleSpec;
|
|
9
|
+
declare const IdentityRbacFeature: _contractspec_lib_contracts31.FeatureModuleSpec;
|
|
10
10
|
//#endregion
|
|
11
11
|
export { IdentityRbacFeature };
|
|
12
12
|
//# sourceMappingURL=identity-rbac.feature.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-rbac.feature.d.ts","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"identity-rbac.feature.d.ts","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":[],"mappings":";;;;;;;AAWA;cAAa,qBAkFX,6BAAA,CAlF8B"}
|
|
@@ -1,9 +1,16 @@
|
|
|
1
|
+
import { defineFeature } from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
1
3
|
//#region src/identity-rbac.feature.ts
|
|
2
4
|
/**
|
|
3
|
-
* Identity RBAC
|
|
4
|
-
*
|
|
5
|
+
* Identity RBAC Feature Module Specification
|
|
6
|
+
*
|
|
7
|
+
* Defines the feature module for identity management and role-based access control.
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Identity & RBAC feature module that bundles user management,
|
|
11
|
+
* organization tenancy, and role-based access control.
|
|
5
12
|
*/
|
|
6
|
-
const IdentityRbacFeature = {
|
|
13
|
+
const IdentityRbacFeature = defineFeature({
|
|
7
14
|
meta: {
|
|
8
15
|
key: "identity-rbac",
|
|
9
16
|
version: "1.0.0",
|
|
@@ -181,7 +188,7 @@ const IdentityRbacFeature = {
|
|
|
181
188
|
}],
|
|
182
189
|
requires: []
|
|
183
190
|
}
|
|
184
|
-
};
|
|
191
|
+
});
|
|
185
192
|
|
|
186
193
|
//#endregion
|
|
187
194
|
export { IdentityRbacFeature };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-rbac.feature.js","names":[
|
|
1
|
+
{"version":3,"file":"identity-rbac.feature.js","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":["/**\n * Identity RBAC Feature Module Specification\n *\n * Defines the feature module for identity management and role-based access control.\n */\nimport { defineFeature } from '@contractspec/lib.contracts';\n\n/**\n * Identity & RBAC feature module that bundles user management,\n * organization tenancy, and role-based access control.\n */\nexport const IdentityRbacFeature = defineFeature({\n meta: {\n key: 'identity-rbac',\n version: '1.0.0',\n title: 'Identity & RBAC',\n description:\n 'User identity, organization management, and role-based access control',\n domain: 'platform',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'users', 'organizations', 'permissions'],\n stability: 'stable',\n },\n\n // All contract operations included in this feature\n operations: [\n // User operations\n { key: 'identity.user.create', version: '1.0.0' },\n { key: 'identity.user.update', version: '1.0.0' },\n { key: 'identity.user.delete', version: '1.0.0' },\n { key: 'identity.user.me', version: '1.0.0' },\n { key: 'identity.user.list', version: '1.0.0' },\n\n // Organization operations\n { key: 'identity.org.create', version: '1.0.0' },\n { key: 'identity.org.update', version: '1.0.0' },\n { key: 'identity.org.get', version: '1.0.0' },\n { key: 'identity.org.list', version: '1.0.0' },\n { key: 'identity.org.invite', version: '1.0.0' },\n { key: 'identity.org.invite.accept', version: '1.0.0' },\n { key: 'identity.org.member.remove', version: '1.0.0' },\n { key: 'identity.org.members.list', version: '1.0.0' },\n\n // RBAC operations\n { key: 'identity.rbac.role.create', version: '1.0.0' },\n { key: 'identity.rbac.role.update', version: '1.0.0' },\n { key: 'identity.rbac.role.delete', version: '1.0.0' },\n { key: 'identity.rbac.role.list', version: '1.0.0' },\n { key: 'identity.rbac.assign', version: '1.0.0' },\n { key: 'identity.rbac.revoke', version: '1.0.0' },\n { key: 'identity.rbac.check', version: '1.0.0' },\n { key: 'identity.rbac.permissions', version: '1.0.0' },\n ],\n\n // Events emitted by this feature\n events: [\n // User events\n { key: 'user.created', version: '1.0.0' },\n { key: 'user.updated', version: '1.0.0' },\n { key: 'user.deleted', version: '1.0.0' },\n { key: 'user.email_verified', version: '1.0.0' },\n\n // Organization events\n { key: 'org.created', version: '1.0.0' },\n { key: 'org.updated', version: '1.0.0' },\n { key: 'org.deleted', version: '1.0.0' },\n { key: 'org.member.added', version: '1.0.0' },\n { key: 'org.member.removed', version: '1.0.0' },\n { key: 'org.member.role_changed', version: '1.0.0' },\n\n // Invitation events\n { key: 'org.invite.sent', version: '1.0.0' },\n { key: 'org.invite.accepted', version: '1.0.0' },\n { key: 'org.invite.declined', version: '1.0.0' },\n\n // Role events\n { key: 'role.assigned', version: '1.0.0' },\n { key: 'role.revoked', version: '1.0.0' },\n ],\n\n // No presentations for this library feature\n presentations: [],\n opToPresentation: [],\n presentationsTargets: [],\n\n // Capability definitions\n capabilities: {\n provides: [\n { key: 'identity', version: '1.0.0' },\n { key: 'rbac', version: '1.0.0' },\n ],\n requires: [],\n },\n});\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,sBAAsB,cAAc;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,OAAO;EACP,aACE;EACF,QAAQ;EACR,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAiB;GAAc;EACnE,WAAW;EACZ;CAGD,YAAY;EAEV;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAG/C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAqB,SAAS;GAAS;EAC9C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA6B,SAAS;GAAS;EAGtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA2B,SAAS;GAAS;EACpD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACvD;CAGD,QAAQ;EAEN;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAC/C;GAAE,KAAK;GAA2B,SAAS;GAAS;EAGpD;GAAE,KAAK;GAAmB,SAAS;GAAS;EAC5C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAiB,SAAS;GAAS;EAC1C;GAAE,KAAK;GAAgB,SAAS;GAAS;EAC1C;CAGD,eAAe,EAAE;CACjB,kBAAkB,EAAE;CACpB,sBAAsB,EAAE;CAGxB,cAAc;EACZ,UAAU,CACR;GAAE,KAAK;GAAY,SAAS;GAAS,EACrC;GAAE,KAAK;GAAQ,SAAS;GAAS,CAClC;EACD,UAAU,EAAE;EACb;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","names":[
|
|
1
|
+
{"version":3,"file":"engine.js","names":[],"sources":["../../src/policies/engine.ts"],"sourcesContent":["/**\n * Standard permissions for identity-rbac module.\n */\nexport const Permission = {\n // User permissions\n USER_CREATE: 'user.create',\n USER_READ: 'user.read',\n USER_UPDATE: 'user.update',\n USER_DELETE: 'user.delete',\n USER_LIST: 'user.list',\n USER_MANAGE: 'user.manage',\n\n // Organization permissions\n ORG_CREATE: 'org.create',\n ORG_READ: 'org.read',\n ORG_UPDATE: 'org.update',\n ORG_DELETE: 'org.delete',\n ORG_LIST: 'org.list',\n\n // Member permissions\n MEMBER_INVITE: 'member.invite',\n MEMBER_REMOVE: 'member.remove',\n MEMBER_UPDATE_ROLE: 'member.update_role',\n MEMBER_LIST: 'member.list',\n MANAGE_MEMBERS: 'org.manage_members',\n\n // Team permissions\n TEAM_CREATE: 'team.create',\n TEAM_UPDATE: 'team.update',\n TEAM_DELETE: 'team.delete',\n TEAM_MANAGE: 'team.manage',\n\n // Role permissions\n ROLE_CREATE: 'role.create',\n ROLE_UPDATE: 'role.update',\n ROLE_DELETE: 'role.delete',\n ROLE_ASSIGN: 'role.assign',\n ROLE_REVOKE: 'role.revoke',\n\n // Billing permissions\n BILLING_VIEW: 'billing.view',\n BILLING_MANAGE: 'billing.manage',\n\n // Project permissions\n PROJECT_CREATE: 'project.create',\n PROJECT_READ: 'project.read',\n PROJECT_UPDATE: 'project.update',\n PROJECT_DELETE: 'project.delete',\n PROJECT_MANAGE: 'project.manage',\n\n // Admin permissions\n ADMIN_ACCESS: 'admin.access',\n ADMIN_IMPERSONATE: 'admin.impersonate',\n} as const;\n\nexport type PermissionKey = (typeof Permission)[keyof typeof Permission];\n\n/**\n * Standard role definitions.\n */\nexport const StandardRole = {\n OWNER: {\n name: 'owner',\n description: 'Organization owner with full access',\n permissions: Object.values(Permission),\n },\n ADMIN: {\n name: 'admin',\n description: 'Administrator with most permissions',\n permissions: [\n Permission.USER_READ,\n Permission.USER_LIST,\n Permission.ORG_READ,\n Permission.ORG_UPDATE,\n Permission.MEMBER_INVITE,\n Permission.MEMBER_REMOVE,\n Permission.MEMBER_UPDATE_ROLE,\n Permission.MEMBER_LIST,\n Permission.MANAGE_MEMBERS,\n Permission.TEAM_CREATE,\n Permission.TEAM_UPDATE,\n Permission.TEAM_DELETE,\n Permission.TEAM_MANAGE,\n Permission.PROJECT_CREATE,\n Permission.PROJECT_READ,\n Permission.PROJECT_UPDATE,\n Permission.PROJECT_DELETE,\n Permission.PROJECT_MANAGE,\n Permission.BILLING_VIEW,\n ],\n },\n MEMBER: {\n name: 'member',\n description: 'Regular organization member',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n Permission.PROJECT_CREATE,\n ],\n },\n VIEWER: {\n name: 'viewer',\n description: 'Read-only access',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n ],\n },\n} as const;\n\n/**\n * Permission check input.\n */\nexport interface PermissionCheckInput {\n userId: string;\n orgId?: string;\n permission: PermissionKey | string;\n}\n\n/**\n * Permission check result.\n */\nexport interface PermissionCheckResult {\n allowed: boolean;\n reason?: string;\n matchedRole?: string;\n}\n\n/**\n * Role with permissions.\n */\nexport interface RoleWithPermissions {\n id: string;\n name: string;\n permissions: string[];\n}\n\n/**\n * Policy binding for permission evaluation.\n */\nexport interface PolicyBindingForEval {\n roleId: string;\n role: RoleWithPermissions;\n targetType: 'user' | 'organization';\n targetId: string;\n expiresAt?: Date | null;\n}\n\n/**\n * RBAC Policy Engine for permission checks.\n */\nexport class RBACPolicyEngine {\n private roleCache = new Map<string, RoleWithPermissions>();\n private bindingCache = new Map<string, PolicyBindingForEval[]>();\n\n /**\n * Check if a user has a specific permission.\n */\n async checkPermission(\n input: PermissionCheckInput,\n bindings: PolicyBindingForEval[]\n ): Promise<PermissionCheckResult> {\n const { userId, orgId, permission } = input;\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n if (activeBindings.length === 0) {\n return {\n allowed: false,\n reason: 'No active role bindings found',\n };\n }\n\n // Check if any role grants the permission\n for (const binding of activeBindings) {\n if (binding.role.permissions.includes(permission)) {\n return {\n allowed: true,\n matchedRole: binding.role.name,\n };\n }\n }\n\n return {\n allowed: false,\n reason: `No role grants the \"${permission}\" permission`,\n };\n }\n\n /**\n * Get all permissions for a user in a context.\n */\n async getPermissions(\n userId: string,\n orgId: string | undefined,\n bindings: PolicyBindingForEval[]\n ): Promise<{\n permissions: Set<string>;\n roles: RoleWithPermissions[];\n }> {\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n const permissions = new Set<string>();\n const roles: RoleWithPermissions[] = [];\n\n for (const binding of activeBindings) {\n roles.push(binding.role);\n for (const perm of binding.role.permissions) {\n permissions.add(perm);\n }\n }\n\n return { permissions, roles };\n }\n\n /**\n * Check if user has any of the specified permissions.\n */\n async hasAnyPermission(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.some((p) => userPerms.has(p));\n }\n\n /**\n * Check if user has all of the specified permissions.\n */\n async hasAllPermissions(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.every((p) => userPerms.has(p));\n }\n}\n\n/**\n * Create a new RBAC policy engine instance.\n */\nexport function createRBACEngine(): RBACPolicyEngine {\n return new RBACPolicyEngine();\n}\n"],"mappings":";;;;AAGA,MAAa,aAAa;CAExB,aAAa;CACb,WAAW;CACX,aAAa;CACb,aAAa;CACb,WAAW;CACX,aAAa;CAGb,YAAY;CACZ,UAAU;CACV,YAAY;CACZ,YAAY;CACZ,UAAU;CAGV,eAAe;CACf,eAAe;CACf,oBAAoB;CACpB,aAAa;CACb,gBAAgB;CAGhB,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,cAAc;CACd,gBAAgB;CAGhB,gBAAgB;CAChB,cAAc;CACd,gBAAgB;CAChB,gBAAgB;CAChB,gBAAgB;CAGhB,cAAc;CACd,mBAAmB;CACpB;;;;AAOD,MAAa,eAAe;CAC1B,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa,OAAO,OAAO,WAAW;EACvC;CACD,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACF;;;;AA2CD,IAAa,mBAAb,MAA8B;CAC5B,AAAQ,4BAAY,IAAI,KAAkC;CAC1D,AAAQ,+BAAe,IAAI,KAAqC;;;;CAKhE,MAAM,gBACJ,OACA,UACgC;EAChC,MAAM,EAAE,QAAQ,OAAO,eAAe;EACtC,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;AAED,MAAI,eAAe,WAAW,EAC5B,QAAO;GACL,SAAS;GACT,QAAQ;GACT;AAIH,OAAK,MAAM,WAAW,eACpB,KAAI,QAAQ,KAAK,YAAY,SAAS,WAAW,CAC/C,QAAO;GACL,SAAS;GACT,aAAa,QAAQ,KAAK;GAC3B;AAIL,SAAO;GACL,SAAS;GACT,QAAQ,uBAAuB,WAAW;GAC3C;;;;;CAMH,MAAM,eACJ,QACA,OACA,UAIC;EACD,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;EAED,MAAM,8BAAc,IAAI,KAAa;EACrC,MAAM,QAA+B,EAAE;AAEvC,OAAK,MAAM,WAAW,gBAAgB;AACpC,SAAM,KAAK,QAAQ,KAAK;AACxB,QAAK,MAAM,QAAQ,QAAQ,KAAK,YAC9B,aAAY,IAAI,KAAK;;AAIzB,SAAO;GAAE;GAAa;GAAO;;;;;CAM/B,MAAM,iBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,MAAM,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;CAMlD,MAAM,kBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,OAAO,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;;AAOrD,SAAgB,mBAAqC;AACnD,QAAO,IAAI,kBAAkB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contractspec/lib.identity-rbac",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.47.0",
|
|
4
4
|
"description": "Identity, Organizations, and RBAC module for ContractSpec applications",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"contractspec",
|
|
@@ -10,7 +10,6 @@
|
|
|
10
10
|
"organizations",
|
|
11
11
|
"typescript"
|
|
12
12
|
],
|
|
13
|
-
"main": "./dist/index.js",
|
|
14
13
|
"types": "./dist/index.d.ts",
|
|
15
14
|
"type": "module",
|
|
16
15
|
"scripts": {
|
|
@@ -26,13 +25,13 @@
|
|
|
26
25
|
"lint:check": "eslint src"
|
|
27
26
|
},
|
|
28
27
|
"dependencies": {
|
|
29
|
-
"@contractspec/lib.schema": "1.
|
|
30
|
-
"@contractspec/lib.contracts": "1.
|
|
31
|
-
"zod": "^4.
|
|
28
|
+
"@contractspec/lib.schema": "1.47.0",
|
|
29
|
+
"@contractspec/lib.contracts": "1.47.0",
|
|
30
|
+
"zod": "^4.3.5"
|
|
32
31
|
},
|
|
33
32
|
"devDependencies": {
|
|
34
|
-
"@contractspec/tool.typescript": "1.
|
|
35
|
-
"@contractspec/tool.tsdown": "1.
|
|
33
|
+
"@contractspec/tool.typescript": "1.47.0",
|
|
34
|
+
"@contractspec/tool.tsdown": "1.47.0",
|
|
36
35
|
"typescript": "^5.9.3"
|
|
37
36
|
},
|
|
38
37
|
"exports": {
|
|
@@ -46,12 +45,12 @@
|
|
|
46
45
|
"./entities/rbac": "./dist/entities/rbac.js",
|
|
47
46
|
"./entities/user": "./dist/entities/user.js",
|
|
48
47
|
"./events": "./dist/events.js",
|
|
48
|
+
"./identity-rbac.capability": "./dist/identity-rbac.capability.js",
|
|
49
49
|
"./identity-rbac.feature": "./dist/identity-rbac.feature.js",
|
|
50
50
|
"./policies": "./dist/policies/index.js",
|
|
51
51
|
"./policies/engine": "./dist/policies/engine.js",
|
|
52
52
|
"./*": "./*"
|
|
53
53
|
},
|
|
54
|
-
"module": "./dist/index.js",
|
|
55
54
|
"files": [
|
|
56
55
|
"dist",
|
|
57
56
|
"README.md"
|