@contractspec/lib.identity-rbac 1.46.2 → 1.48.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/contracts/organization.d.ts +193 -193
- package/dist/contracts/rbac.d.ts +126 -126
- package/dist/contracts/user.d.ts +139 -139
- package/dist/entities/index.js.map +1 -1
- package/dist/identity-rbac.capability.d.ts +8 -0
- package/dist/identity-rbac.capability.d.ts.map +1 -0
- package/dist/identity-rbac.capability.js +29 -0
- package/dist/identity-rbac.capability.js.map +1 -0
- package/dist/identity-rbac.feature.d.ts +4 -4
- package/dist/identity-rbac.feature.d.ts.map +1 -1
- package/dist/identity-rbac.feature.js +11 -4
- package/dist/identity-rbac.feature.js.map +1 -1
- package/dist/policies/engine.js.map +1 -1
- package/package.json +7 -8
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../src/entities/index.ts"],"sourcesContent":["// User-related entities\nexport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\n\n// Organization-related entities\nexport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\n\n// RBAC entities\nexport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\n\n// Re-export all entities as a module contribution\nimport {\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n} from './user';\nimport {\n OrganizationTypeEnum,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n} from './organization';\nimport {\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n} from './rbac';\nimport type { ModuleSchemaContribution } from '@contractspec/lib.schema';\n\n/**\n * All identity-rbac entities for schema composition.\n */\nexport const identityRbacEntities = [\n UserEntity,\n SessionEntity,\n AccountEntity,\n VerificationEntity,\n OrganizationEntity,\n MemberEntity,\n InvitationEntity,\n TeamEntity,\n TeamMemberEntity,\n RoleEntity,\n PermissionEntity,\n PolicyBindingEntity,\n ApiKeyEntity,\n PasskeyEntity,\n];\n\n/**\n * Module schema contribution for identity-rbac.\n */\nexport const identityRbacSchemaContribution: ModuleSchemaContribution = {\n moduleId: '@contractspec/lib.identity-rbac',\n entities: identityRbacEntities,\n enums: [OrganizationTypeEnum],\n};\n"],"mappings":";;;;;;;;AAsDA,MAAa,uBAAuB;CAClC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;AAKD,MAAa,iCAA2D;CACtE,UAAU;CACV,UAAU;CACV,OAAO,CAAC,qBAAqB;CAC9B"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import * as _contractspec_lib_contracts29 from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
3
|
+
//#region src/identity-rbac.capability.d.ts
|
|
4
|
+
declare const IdentityCapability: _contractspec_lib_contracts29.CapabilitySpec;
|
|
5
|
+
declare const RbacCapability: _contractspec_lib_contracts29.CapabilitySpec;
|
|
6
|
+
//#endregion
|
|
7
|
+
export { IdentityCapability, RbacCapability };
|
|
8
|
+
//# sourceMappingURL=identity-rbac.capability.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-rbac.capability.d.ts","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":[],"mappings":";;;cAEa,oBAUX,6BAAA,CAV6B;cAYlB,gBAUX,6BAAA,CAVyB"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { StabilityEnum, defineCapability } from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
3
|
+
//#region src/identity-rbac.capability.ts
|
|
4
|
+
const IdentityCapability = defineCapability({ meta: {
|
|
5
|
+
key: "identity",
|
|
6
|
+
version: "1.0.0",
|
|
7
|
+
kind: "api",
|
|
8
|
+
stability: StabilityEnum.Experimental,
|
|
9
|
+
description: "User identity and authentication",
|
|
10
|
+
owners: ["@platform.core"],
|
|
11
|
+
tags: ["identity", "auth"]
|
|
12
|
+
} });
|
|
13
|
+
const RbacCapability = defineCapability({ meta: {
|
|
14
|
+
key: "rbac",
|
|
15
|
+
version: "1.0.0",
|
|
16
|
+
kind: "api",
|
|
17
|
+
stability: StabilityEnum.Experimental,
|
|
18
|
+
description: "Role-based access control",
|
|
19
|
+
owners: ["@platform.core"],
|
|
20
|
+
tags: [
|
|
21
|
+
"rbac",
|
|
22
|
+
"permissions",
|
|
23
|
+
"auth"
|
|
24
|
+
]
|
|
25
|
+
} });
|
|
26
|
+
|
|
27
|
+
//#endregion
|
|
28
|
+
export { IdentityCapability, RbacCapability };
|
|
29
|
+
//# sourceMappingURL=identity-rbac.capability.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity-rbac.capability.js","names":[],"sources":["../src/identity-rbac.capability.ts"],"sourcesContent":["import { defineCapability, StabilityEnum } from '@contractspec/lib.contracts';\n\nexport const IdentityCapability = defineCapability({\n meta: {\n key: 'identity',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'User identity and authentication',\n owners: ['@platform.core'],\n tags: ['identity', 'auth'],\n },\n});\n\nexport const RbacCapability = defineCapability({\n meta: {\n key: 'rbac',\n version: '1.0.0',\n kind: 'api',\n stability: StabilityEnum.Experimental,\n description: 'Role-based access control',\n owners: ['@platform.core'],\n tags: ['rbac', 'permissions', 'auth'],\n },\n});\n"],"mappings":";;;AAEA,MAAa,qBAAqB,iBAAiB,EACjD,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM,CAAC,YAAY,OAAO;CAC3B,EACF,CAAC;AAEF,MAAa,iBAAiB,iBAAiB,EAC7C,MAAM;CACJ,KAAK;CACL,SAAS;CACT,MAAM;CACN,WAAW,cAAc;CACzB,aAAa;CACb,QAAQ,CAAC,iBAAiB;CAC1B,MAAM;EAAC;EAAQ;EAAe;EAAO;CACtC,EACF,CAAC"}
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import
|
|
1
|
+
import * as _contractspec_lib_contracts31 from "@contractspec/lib.contracts";
|
|
2
2
|
|
|
3
3
|
//#region src/identity-rbac.feature.d.ts
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
|
-
* Identity RBAC feature module that bundles user
|
|
7
|
-
* and role-based access control
|
|
6
|
+
* Identity & RBAC feature module that bundles user management,
|
|
7
|
+
* organization tenancy, and role-based access control.
|
|
8
8
|
*/
|
|
9
|
-
declare const IdentityRbacFeature: FeatureModuleSpec;
|
|
9
|
+
declare const IdentityRbacFeature: _contractspec_lib_contracts31.FeatureModuleSpec;
|
|
10
10
|
//#endregion
|
|
11
11
|
export { IdentityRbacFeature };
|
|
12
12
|
//# sourceMappingURL=identity-rbac.feature.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-rbac.feature.d.ts","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"identity-rbac.feature.d.ts","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":[],"mappings":";;;;;;;AAWA;cAAa,qBAkFX,6BAAA,CAlF8B"}
|
|
@@ -1,9 +1,16 @@
|
|
|
1
|
+
import { defineFeature } from "@contractspec/lib.contracts";
|
|
2
|
+
|
|
1
3
|
//#region src/identity-rbac.feature.ts
|
|
2
4
|
/**
|
|
3
|
-
* Identity RBAC
|
|
4
|
-
*
|
|
5
|
+
* Identity RBAC Feature Module Specification
|
|
6
|
+
*
|
|
7
|
+
* Defines the feature module for identity management and role-based access control.
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Identity & RBAC feature module that bundles user management,
|
|
11
|
+
* organization tenancy, and role-based access control.
|
|
5
12
|
*/
|
|
6
|
-
const IdentityRbacFeature = {
|
|
13
|
+
const IdentityRbacFeature = defineFeature({
|
|
7
14
|
meta: {
|
|
8
15
|
key: "identity-rbac",
|
|
9
16
|
version: "1.0.0",
|
|
@@ -181,7 +188,7 @@ const IdentityRbacFeature = {
|
|
|
181
188
|
}],
|
|
182
189
|
requires: []
|
|
183
190
|
}
|
|
184
|
-
};
|
|
191
|
+
});
|
|
185
192
|
|
|
186
193
|
//#endregion
|
|
187
194
|
export { IdentityRbacFeature };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"identity-rbac.feature.js","names":[
|
|
1
|
+
{"version":3,"file":"identity-rbac.feature.js","names":[],"sources":["../src/identity-rbac.feature.ts"],"sourcesContent":["/**\n * Identity RBAC Feature Module Specification\n *\n * Defines the feature module for identity management and role-based access control.\n */\nimport { defineFeature } from '@contractspec/lib.contracts';\n\n/**\n * Identity & RBAC feature module that bundles user management,\n * organization tenancy, and role-based access control.\n */\nexport const IdentityRbacFeature = defineFeature({\n meta: {\n key: 'identity-rbac',\n version: '1.0.0',\n title: 'Identity & RBAC',\n description:\n 'User identity, organization management, and role-based access control',\n domain: 'platform',\n owners: ['@platform.identity-rbac'],\n tags: ['identity', 'rbac', 'users', 'organizations', 'permissions'],\n stability: 'stable',\n },\n\n // All contract operations included in this feature\n operations: [\n // User operations\n { key: 'identity.user.create', version: '1.0.0' },\n { key: 'identity.user.update', version: '1.0.0' },\n { key: 'identity.user.delete', version: '1.0.0' },\n { key: 'identity.user.me', version: '1.0.0' },\n { key: 'identity.user.list', version: '1.0.0' },\n\n // Organization operations\n { key: 'identity.org.create', version: '1.0.0' },\n { key: 'identity.org.update', version: '1.0.0' },\n { key: 'identity.org.get', version: '1.0.0' },\n { key: 'identity.org.list', version: '1.0.0' },\n { key: 'identity.org.invite', version: '1.0.0' },\n { key: 'identity.org.invite.accept', version: '1.0.0' },\n { key: 'identity.org.member.remove', version: '1.0.0' },\n { key: 'identity.org.members.list', version: '1.0.0' },\n\n // RBAC operations\n { key: 'identity.rbac.role.create', version: '1.0.0' },\n { key: 'identity.rbac.role.update', version: '1.0.0' },\n { key: 'identity.rbac.role.delete', version: '1.0.0' },\n { key: 'identity.rbac.role.list', version: '1.0.0' },\n { key: 'identity.rbac.assign', version: '1.0.0' },\n { key: 'identity.rbac.revoke', version: '1.0.0' },\n { key: 'identity.rbac.check', version: '1.0.0' },\n { key: 'identity.rbac.permissions', version: '1.0.0' },\n ],\n\n // Events emitted by this feature\n events: [\n // User events\n { key: 'user.created', version: '1.0.0' },\n { key: 'user.updated', version: '1.0.0' },\n { key: 'user.deleted', version: '1.0.0' },\n { key: 'user.email_verified', version: '1.0.0' },\n\n // Organization events\n { key: 'org.created', version: '1.0.0' },\n { key: 'org.updated', version: '1.0.0' },\n { key: 'org.deleted', version: '1.0.0' },\n { key: 'org.member.added', version: '1.0.0' },\n { key: 'org.member.removed', version: '1.0.0' },\n { key: 'org.member.role_changed', version: '1.0.0' },\n\n // Invitation events\n { key: 'org.invite.sent', version: '1.0.0' },\n { key: 'org.invite.accepted', version: '1.0.0' },\n { key: 'org.invite.declined', version: '1.0.0' },\n\n // Role events\n { key: 'role.assigned', version: '1.0.0' },\n { key: 'role.revoked', version: '1.0.0' },\n ],\n\n // No presentations for this library feature\n presentations: [],\n opToPresentation: [],\n presentationsTargets: [],\n\n // Capability definitions\n capabilities: {\n provides: [\n { key: 'identity', version: '1.0.0' },\n { key: 'rbac', version: '1.0.0' },\n ],\n requires: [],\n },\n});\n"],"mappings":";;;;;;;;;;;;AAWA,MAAa,sBAAsB,cAAc;CAC/C,MAAM;EACJ,KAAK;EACL,SAAS;EACT,OAAO;EACP,aACE;EACF,QAAQ;EACR,QAAQ,CAAC,0BAA0B;EACnC,MAAM;GAAC;GAAY;GAAQ;GAAS;GAAiB;GAAc;EACnE,WAAW;EACZ;CAGD,YAAY;EAEV;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAG/C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAqB,SAAS;GAAS;EAC9C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA8B,SAAS;GAAS;EACvD;GAAE,KAAK;GAA6B,SAAS;GAAS;EAGtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACtD;GAAE,KAAK;GAA2B,SAAS;GAAS;EACpD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAwB,SAAS;GAAS;EACjD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAA6B,SAAS;GAAS;EACvD;CAGD,QAAQ;EAEN;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAgB,SAAS;GAAS;EACzC;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAe,SAAS;GAAS;EACxC;GAAE,KAAK;GAAoB,SAAS;GAAS;EAC7C;GAAE,KAAK;GAAsB,SAAS;GAAS;EAC/C;GAAE,KAAK;GAA2B,SAAS;GAAS;EAGpD;GAAE,KAAK;GAAmB,SAAS;GAAS;EAC5C;GAAE,KAAK;GAAuB,SAAS;GAAS;EAChD;GAAE,KAAK;GAAuB,SAAS;GAAS;EAGhD;GAAE,KAAK;GAAiB,SAAS;GAAS;EAC1C;GAAE,KAAK;GAAgB,SAAS;GAAS;EAC1C;CAGD,eAAe,EAAE;CACjB,kBAAkB,EAAE;CACpB,sBAAsB,EAAE;CAGxB,cAAc;EACZ,UAAU,CACR;GAAE,KAAK;GAAY,SAAS;GAAS,EACrC;GAAE,KAAK;GAAQ,SAAS;GAAS,CAClC;EACD,UAAU,EAAE;EACb;CACF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","names":[
|
|
1
|
+
{"version":3,"file":"engine.js","names":[],"sources":["../../src/policies/engine.ts"],"sourcesContent":["/**\n * Standard permissions for identity-rbac module.\n */\nexport const Permission = {\n // User permissions\n USER_CREATE: 'user.create',\n USER_READ: 'user.read',\n USER_UPDATE: 'user.update',\n USER_DELETE: 'user.delete',\n USER_LIST: 'user.list',\n USER_MANAGE: 'user.manage',\n\n // Organization permissions\n ORG_CREATE: 'org.create',\n ORG_READ: 'org.read',\n ORG_UPDATE: 'org.update',\n ORG_DELETE: 'org.delete',\n ORG_LIST: 'org.list',\n\n // Member permissions\n MEMBER_INVITE: 'member.invite',\n MEMBER_REMOVE: 'member.remove',\n MEMBER_UPDATE_ROLE: 'member.update_role',\n MEMBER_LIST: 'member.list',\n MANAGE_MEMBERS: 'org.manage_members',\n\n // Team permissions\n TEAM_CREATE: 'team.create',\n TEAM_UPDATE: 'team.update',\n TEAM_DELETE: 'team.delete',\n TEAM_MANAGE: 'team.manage',\n\n // Role permissions\n ROLE_CREATE: 'role.create',\n ROLE_UPDATE: 'role.update',\n ROLE_DELETE: 'role.delete',\n ROLE_ASSIGN: 'role.assign',\n ROLE_REVOKE: 'role.revoke',\n\n // Billing permissions\n BILLING_VIEW: 'billing.view',\n BILLING_MANAGE: 'billing.manage',\n\n // Project permissions\n PROJECT_CREATE: 'project.create',\n PROJECT_READ: 'project.read',\n PROJECT_UPDATE: 'project.update',\n PROJECT_DELETE: 'project.delete',\n PROJECT_MANAGE: 'project.manage',\n\n // Admin permissions\n ADMIN_ACCESS: 'admin.access',\n ADMIN_IMPERSONATE: 'admin.impersonate',\n} as const;\n\nexport type PermissionKey = (typeof Permission)[keyof typeof Permission];\n\n/**\n * Standard role definitions.\n */\nexport const StandardRole = {\n OWNER: {\n name: 'owner',\n description: 'Organization owner with full access',\n permissions: Object.values(Permission),\n },\n ADMIN: {\n name: 'admin',\n description: 'Administrator with most permissions',\n permissions: [\n Permission.USER_READ,\n Permission.USER_LIST,\n Permission.ORG_READ,\n Permission.ORG_UPDATE,\n Permission.MEMBER_INVITE,\n Permission.MEMBER_REMOVE,\n Permission.MEMBER_UPDATE_ROLE,\n Permission.MEMBER_LIST,\n Permission.MANAGE_MEMBERS,\n Permission.TEAM_CREATE,\n Permission.TEAM_UPDATE,\n Permission.TEAM_DELETE,\n Permission.TEAM_MANAGE,\n Permission.PROJECT_CREATE,\n Permission.PROJECT_READ,\n Permission.PROJECT_UPDATE,\n Permission.PROJECT_DELETE,\n Permission.PROJECT_MANAGE,\n Permission.BILLING_VIEW,\n ],\n },\n MEMBER: {\n name: 'member',\n description: 'Regular organization member',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n Permission.PROJECT_CREATE,\n ],\n },\n VIEWER: {\n name: 'viewer',\n description: 'Read-only access',\n permissions: [\n Permission.USER_READ,\n Permission.ORG_READ,\n Permission.MEMBER_LIST,\n Permission.PROJECT_READ,\n ],\n },\n} as const;\n\n/**\n * Permission check input.\n */\nexport interface PermissionCheckInput {\n userId: string;\n orgId?: string;\n permission: PermissionKey | string;\n}\n\n/**\n * Permission check result.\n */\nexport interface PermissionCheckResult {\n allowed: boolean;\n reason?: string;\n matchedRole?: string;\n}\n\n/**\n * Role with permissions.\n */\nexport interface RoleWithPermissions {\n id: string;\n name: string;\n permissions: string[];\n}\n\n/**\n * Policy binding for permission evaluation.\n */\nexport interface PolicyBindingForEval {\n roleId: string;\n role: RoleWithPermissions;\n targetType: 'user' | 'organization';\n targetId: string;\n expiresAt?: Date | null;\n}\n\n/**\n * RBAC Policy Engine for permission checks.\n */\nexport class RBACPolicyEngine {\n private roleCache = new Map<string, RoleWithPermissions>();\n private bindingCache = new Map<string, PolicyBindingForEval[]>();\n\n /**\n * Check if a user has a specific permission.\n */\n async checkPermission(\n input: PermissionCheckInput,\n bindings: PolicyBindingForEval[]\n ): Promise<PermissionCheckResult> {\n const { userId, orgId, permission } = input;\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n if (activeBindings.length === 0) {\n return {\n allowed: false,\n reason: 'No active role bindings found',\n };\n }\n\n // Check if any role grants the permission\n for (const binding of activeBindings) {\n if (binding.role.permissions.includes(permission)) {\n return {\n allowed: true,\n matchedRole: binding.role.name,\n };\n }\n }\n\n return {\n allowed: false,\n reason: `No role grants the \"${permission}\" permission`,\n };\n }\n\n /**\n * Get all permissions for a user in a context.\n */\n async getPermissions(\n userId: string,\n orgId: string | undefined,\n bindings: PolicyBindingForEval[]\n ): Promise<{\n permissions: Set<string>;\n roles: RoleWithPermissions[];\n }> {\n const now = new Date();\n\n // Get all applicable bindings\n const userBindings = bindings.filter(\n (b) => b.targetType === 'user' && b.targetId === userId\n );\n\n const orgBindings = orgId\n ? bindings.filter(\n (b) => b.targetType === 'organization' && b.targetId === orgId\n )\n : [];\n\n const allBindings = [...userBindings, ...orgBindings];\n\n // Filter out expired bindings\n const activeBindings = allBindings.filter(\n (b) => !b.expiresAt || b.expiresAt > now\n );\n\n const permissions = new Set<string>();\n const roles: RoleWithPermissions[] = [];\n\n for (const binding of activeBindings) {\n roles.push(binding.role);\n for (const perm of binding.role.permissions) {\n permissions.add(perm);\n }\n }\n\n return { permissions, roles };\n }\n\n /**\n * Check if user has any of the specified permissions.\n */\n async hasAnyPermission(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.some((p) => userPerms.has(p));\n }\n\n /**\n * Check if user has all of the specified permissions.\n */\n async hasAllPermissions(\n userId: string,\n orgId: string | undefined,\n permissions: string[],\n bindings: PolicyBindingForEval[]\n ): Promise<boolean> {\n const { permissions: userPerms } = await this.getPermissions(\n userId,\n orgId,\n bindings\n );\n\n return permissions.every((p) => userPerms.has(p));\n }\n}\n\n/**\n * Create a new RBAC policy engine instance.\n */\nexport function createRBACEngine(): RBACPolicyEngine {\n return new RBACPolicyEngine();\n}\n"],"mappings":";;;;AAGA,MAAa,aAAa;CAExB,aAAa;CACb,WAAW;CACX,aAAa;CACb,aAAa;CACb,WAAW;CACX,aAAa;CAGb,YAAY;CACZ,UAAU;CACV,YAAY;CACZ,YAAY;CACZ,UAAU;CAGV,eAAe;CACf,eAAe;CACf,oBAAoB;CACpB,aAAa;CACb,gBAAgB;CAGhB,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CACb,aAAa;CAGb,cAAc;CACd,gBAAgB;CAGhB,gBAAgB;CAChB,cAAc;CACd,gBAAgB;CAChB,gBAAgB;CAChB,gBAAgB;CAGhB,cAAc;CACd,mBAAmB;CACpB;;;;AAOD,MAAa,eAAe;CAC1B,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa,OAAO,OAAO,WAAW;EACvC;CACD,OAAO;EACL,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACD,QAAQ;EACN,MAAM;EACN,aAAa;EACb,aAAa;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACX,WAAW;GACZ;EACF;CACF;;;;AA2CD,IAAa,mBAAb,MAA8B;CAC5B,AAAQ,4BAAY,IAAI,KAAkC;CAC1D,AAAQ,+BAAe,IAAI,KAAqC;;;;CAKhE,MAAM,gBACJ,OACA,UACgC;EAChC,MAAM,EAAE,QAAQ,OAAO,eAAe;EACtC,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;AAED,MAAI,eAAe,WAAW,EAC5B,QAAO;GACL,SAAS;GACT,QAAQ;GACT;AAIH,OAAK,MAAM,WAAW,eACpB,KAAI,QAAQ,KAAK,YAAY,SAAS,WAAW,CAC/C,QAAO;GACL,SAAS;GACT,aAAa,QAAQ,KAAK;GAC3B;AAIL,SAAO;GACL,SAAS;GACT,QAAQ,uBAAuB,WAAW;GAC3C;;;;;CAMH,MAAM,eACJ,QACA,OACA,UAIC;EACD,MAAM,sBAAM,IAAI,MAAM;EAGtB,MAAM,eAAe,SAAS,QAC3B,MAAM,EAAE,eAAe,UAAU,EAAE,aAAa,OAClD;EAED,MAAM,cAAc,QAChB,SAAS,QACN,MAAM,EAAE,eAAe,kBAAkB,EAAE,aAAa,MAC1D,GACD,EAAE;EAKN,MAAM,iBAHc,CAAC,GAAG,cAAc,GAAG,YAAY,CAGlB,QAChC,MAAM,CAAC,EAAE,aAAa,EAAE,YAAY,IACtC;EAED,MAAM,8BAAc,IAAI,KAAa;EACrC,MAAM,QAA+B,EAAE;AAEvC,OAAK,MAAM,WAAW,gBAAgB;AACpC,SAAM,KAAK,QAAQ,KAAK;AACxB,QAAK,MAAM,QAAQ,QAAQ,KAAK,YAC9B,aAAY,IAAI,KAAK;;AAIzB,SAAO;GAAE;GAAa;GAAO;;;;;CAM/B,MAAM,iBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,MAAM,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;CAMlD,MAAM,kBACJ,QACA,OACA,aACA,UACkB;EAClB,MAAM,EAAE,aAAa,cAAc,MAAM,KAAK,eAC5C,QACA,OACA,SACD;AAED,SAAO,YAAY,OAAO,MAAM,UAAU,IAAI,EAAE,CAAC;;;;;;AAOrD,SAAgB,mBAAqC;AACnD,QAAO,IAAI,kBAAkB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contractspec/lib.identity-rbac",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.48.0",
|
|
4
4
|
"description": "Identity, Organizations, and RBAC module for ContractSpec applications",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"contractspec",
|
|
@@ -10,7 +10,6 @@
|
|
|
10
10
|
"organizations",
|
|
11
11
|
"typescript"
|
|
12
12
|
],
|
|
13
|
-
"main": "./dist/index.js",
|
|
14
13
|
"types": "./dist/index.d.ts",
|
|
15
14
|
"type": "module",
|
|
16
15
|
"scripts": {
|
|
@@ -26,13 +25,13 @@
|
|
|
26
25
|
"lint:check": "eslint src"
|
|
27
26
|
},
|
|
28
27
|
"dependencies": {
|
|
29
|
-
"@contractspec/lib.schema": "1.
|
|
30
|
-
"@contractspec/lib.contracts": "1.
|
|
31
|
-
"zod": "^4.
|
|
28
|
+
"@contractspec/lib.schema": "1.48.0",
|
|
29
|
+
"@contractspec/lib.contracts": "1.48.0",
|
|
30
|
+
"zod": "^4.3.5"
|
|
32
31
|
},
|
|
33
32
|
"devDependencies": {
|
|
34
|
-
"@contractspec/tool.typescript": "1.
|
|
35
|
-
"@contractspec/tool.tsdown": "1.
|
|
33
|
+
"@contractspec/tool.typescript": "1.48.0",
|
|
34
|
+
"@contractspec/tool.tsdown": "1.48.0",
|
|
36
35
|
"typescript": "^5.9.3"
|
|
37
36
|
},
|
|
38
37
|
"exports": {
|
|
@@ -46,12 +45,12 @@
|
|
|
46
45
|
"./entities/rbac": "./dist/entities/rbac.js",
|
|
47
46
|
"./entities/user": "./dist/entities/user.js",
|
|
48
47
|
"./events": "./dist/events.js",
|
|
48
|
+
"./identity-rbac.capability": "./dist/identity-rbac.capability.js",
|
|
49
49
|
"./identity-rbac.feature": "./dist/identity-rbac.feature.js",
|
|
50
50
|
"./policies": "./dist/policies/index.js",
|
|
51
51
|
"./policies/engine": "./dist/policies/engine.js",
|
|
52
52
|
"./*": "./*"
|
|
53
53
|
},
|
|
54
|
-
"module": "./dist/index.js",
|
|
55
54
|
"files": [
|
|
56
55
|
"dist",
|
|
57
56
|
"README.md"
|