npm - @develit-services/rbac - Versions diffs - 0.2.2 → 0.2.3 - Mend

@develit-services/rbac 0.2.2 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/export/worker.cjs CHANGED Viewed

@@ -798,7 +798,268 @@ function defineRbacService(config = { scopes: [] }) {
   };
 }
-const RbacService = defineRbacService();
+const organizationScopedKeys = (scopes) => {
+  const out = scopes.map((scope) => {
+    const [prefix, ...rest] = scope.split(".");
+    return `${prefix}.{jwt.user.rawUserMetaData.organizationId}.${rest.join(".")}`;
+  });
+  return out;
+};
+const TEST_SCOPES = [
+  "test.read",
+  "test.edit",
+  "test.delete",
+  "test.{jwt.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.edit",
+  "test.{param.resourceId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read",
+  "test.{invalid}.scope",
+  "test.{}.scope",
+  "test.{jwt.}.scope",
+  "test.{.key}.scope"
+];
+const TICKET_SCOPES = [
+  "tickets.read",
+  "tickets.create",
+  "tickets.edit",
+  "tickets.delete",
+  "tickets.archive",
+  "tickets.automations.pause",
+  "tickets.automations.resume",
+  "tickets.dependencies.read",
+  "tickets.dependencies.create",
+  "tickets.dependencies.edit",
+  "tickets.dependencies.delete",
+  "tickets.confirmation.send",
+  "tickets.confirmation.download",
+  "tickets.payments.create",
+  "tickets.payments.read",
+  "tickets.payments.edit",
+  "tickets.payments.delete",
+  "tickets.payments.confirmation.send",
+  "tickets.payments.confirmation.download",
+  "tickets.logs.read",
+  "tickets.logs.create",
+  "tickets.logs.delete"
+];
+const CLIENT_SCOPES = [
+  "clients.read",
+  "clients.create",
+  "clients.edit",
+  "clients.delete",
+  "clients.pin.read",
+  // if not - gw returns **** for pin
+  "clients.pin.edit",
+  // if not - fe should not allow pin change
+  "clients.trader.edit",
+  "clients.logs.read",
+  "clients.logs.create",
+  "clients.logs.delete"
+];
+const USER_SCOPES = [
+  "users.read",
+  "users.create",
+  "users.edit",
+  "users.delete",
+  "users.ban",
+  "users.password.reset.send",
+  "users.password.edit",
+  "users.2fa.enable",
+  "users.2fa.disable",
+  "users.roles.read",
+  "users.roles.edit",
+  "users.scopes.read",
+  "users.scopes.assign",
+  "users.scopes.delete",
+  "users.logs.read",
+  "users.logs.create",
+  "users.logs.delete"
+];
+[
+  // Ticket scopes
+  ...TICKET_SCOPES,
+  ...organizationScopedKeys(TICKET_SCOPES),
+  // Client scopes
+  ...CLIENT_SCOPES,
+  ...organizationScopedKeys(CLIENT_SCOPES),
+  // User scopes
+  ...USER_SCOPES,
+  ...organizationScopedKeys(USER_SCOPES),
+  // Trader scopes
+  "traders.read",
+  "traders.create",
+  "traders.edit",
+  "traders.delete",
+  "traders.logs",
+  // Role scopes
+  "roles.read",
+  "roles.create",
+  "roles.edit",
+  "roles.delete",
+  "roles.scopes.assign",
+  // assign scopes to roles
+  "roles.scopes.delete",
+  // delete scopes from roles
+  "roles.logs.read",
+  "roles.logs.create",
+  "roles.logs.delete",
+  "roles.users.read",
+  // read users assigned to roles
+  // Ledger scopes
+  // 'accounts.read',
+  // 'accounts.create',
+  // 'accounts.edit',
+  // 'accounts.delete',
+  // 'accounts.archive',
+  // 'accounts.balance',
+  // 'accounts.identifiers.create',
+  // 'accounts.identifiers.read',
+  // 'accounts.identifiers.edit',
+  // 'accounts.identifiers.delete',
+  // 'accounts.transactions.read',
+  // 'accounts.logs.read',
+  // 'accounts.logs.create',
+  // 'accounts.logs.delete',
+  ...TEST_SCOPES
+];
+const LABELED_SCOPES = [
+  { label: "Zobrazit tikety", value: "tickets.read" },
+  {
+    label: "Zobrazit tikety v r\xE1mci organizace",
+    value: "tickets.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  { label: "Vytvo\u0159it tiket", value: "tickets.create" },
+  { label: "Upravit tiket", value: "tickets.edit" },
+  { label: "Smazat tiket", value: "tickets.delete" },
+  { label: "Archivovat tiket", value: "tickets.archive" },
+  {
+    label: "Pozastavit automatizaci tiketu",
+    value: "tickets.automations.pause"
+  },
+  { label: "Obnovit automatizaci tiketu", value: "tickets.automations.resume" },
+  { label: "Zobrazit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.read" },
+  { label: "Vytvo\u0159it z\xE1vislosti tiket\u016F", value: "tickets.dependencies.create" },
+  { label: "Upravit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.edit" },
+  { label: "Smazat z\xE1vislosti tiket\u016F", value: "tickets.dependencies.delete" },
+  { label: "Poslat potvrzen\xED tiketu", value: "tickets.confirmation.send" },
+  {
+    label: "St\xE1hnout potvrzen\xED tiketu",
+    value: "tickets.confirmation.download"
+  },
+  { label: "Vytvo\u0159it platbu tiketu", value: "tickets.payments.create" },
+  { label: "Zobrazit platby tiketu", value: "tickets.payments.read" },
+  { label: "Upravit platby tiketu", value: "tickets.payments.edit" },
+  { label: "Smazat platby tiketu", value: "tickets.payments.delete" },
+  {
+    label: "Poslat potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.send"
+  },
+  {
+    label: "St\xE1hnout potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.download"
+  },
+  { label: "Zobrazit logy tiketu", value: "tickets.logs.read" },
+  { label: "Vytvo\u0159it logy tiketu", value: "tickets.logs.create" },
+  { label: "Smazat logy tiketu", value: "tickets.logs.delete" },
+  { label: "Zobrazit obchodn\xEDky", value: "traders.read" },
+  { label: "Vytvo\u0159it obchodn\xEDky", value: "traders.create" },
+  { label: "Upravit obchodn\xEDky", value: "traders.edit" },
+  { label: "Smazat obchodn\xEDky", value: "traders.delete" },
+  { label: "Logy obchodn\xEDk\u016F", value: "traders.logs" },
+  { label: "Zobrazit klienty", value: "clients.read" },
+  { label: "Vytvo\u0159it klienty", value: "clients.create" },
+  { label: "Upravit klienty", value: "clients.edit" },
+  { label: "Smazat klienty", value: "clients.delete" },
+  { label: "Zobrazit PIN klienta", value: "clients.pin.read" },
+  { label: "Upravit PIN klienta", value: "clients.pin.edit" },
+  // { label: 'Zobrazit limity klienta', value: 'clients.limits.read' },
+  // { label: 'Upravit limity klienta', value: 'clients.limits.edit' },
+  // { label: 'Přiřadit obchodníka klientovi', value: 'clients.trader.assign' },
+  { label: "Upravit obchodn\xEDka klienta", value: "clients.trader.edit" },
+  { label: "Zobrazit logy klient\u016F", value: "clients.logs.read" },
+  { label: "Vytvo\u0159it logy klient\u016F", value: "clients.logs.create" },
+  { label: "Smazat logy klient\u016F", value: "clients.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele", value: "users.read" },
+  { label: "Vytvo\u0159it u\u017Eivatele", value: "users.create" },
+  { label: "Upravit u\u017Eivatele", value: "users.edit" },
+  { label: "Smazat u\u017Eivatele", value: "users.delete" },
+  // { label: 'Archivovat uživatele', value: 'users.archive' },
+  { label: "Poslat reset hesla", value: "users.password.reset.send" },
+  // { label: 'Zobrazit oprávnění uživatelů', value: 'users.permissions.read' },
+  // { label: 'Přiřadit oprávnění uživatelům', value: 'users.permissions.assign' },
+  // { label: 'Odebrat oprávnění uživatelům', value: 'users.permissions.delete' },
+  { label: "Povolit 2FA u\u017Eivatel\u016Fm", value: "users.2fa.enable" },
+  { label: "Zak\xE1zat 2FA u\u017Eivatel\u016Fm", value: "users.2fa.disable" },
+  { label: "Zobrazit logy u\u017Eivatel\u016F", value: "users.logs.read" },
+  { label: "Vytvo\u0159it logy u\u017Eivatel\u016F", value: "users.logs.create" },
+  { label: "Smazat logy u\u017Eivatel\u016F", value: "users.logs.delete" },
+  { label: "Zobrazit role", value: "roles.read" },
+  { label: "Vytvo\u0159it role", value: "roles.create" },
+  { label: "Upravit role", value: "roles.edit" },
+  { label: "Smazat role", value: "roles.delete" },
+  // { label: 'Přiřadit oprávnění rolím', value: 'roles.permissions.assign' },
+  // { label: 'Odebrat oprávnění rolím', value: 'roles.permissions.delete' },
+  { label: "Zobrazit logy rol\xED", value: "roles.logs.read" },
+  { label: "Vytvo\u0159it logy rol\xED", value: "roles.logs.create" },
+  { label: "Smazat logy rol\xED", value: "roles.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele p\u0159i\u0159azen\xE9 k rol\xEDm", value: "roles.users.read" },
+  // Test scopes
+  { label: "Test: Read", value: "test.read" },
+  { label: "Test: Edit", value: "test.edit" },
+  { label: "Test: Delete", value: "test.delete" },
+  {
+    label: "Test: Organization ID Read (JWT - invalid path)",
+    value: "test.{jwt.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Read (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Edit (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.edit"
+  },
+  {
+    label: "Test: Resource Read (Param)",
+    value: "test.{param.resourceId}.read"
+  },
+  {
+    label: "Test: Organization Resource Read (Multiple JWT placeholders)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Branch Read (JWT userData)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read"
+  },
+  { label: "Test: Invalid placeholder format", value: "test.{invalid}.scope" },
+  { label: "Test: Empty placeholder", value: "test.{}.scope" },
+  { label: "Test: Empty key placeholder", value: "test.{jwt.}.scope" },
+  { label: "Test: Empty type placeholder", value: "test.{.key}.scope" }
+  // { label: 'Zobrazit účty', value: 'accounts.read' },
+  // { label: 'Vytvořit účty', value: 'accounts.create' },
+  // { label: 'Upravit účty', value: 'accounts.edit' },
+  // { label: 'Smazat účty', value: 'accounts.delete' },
+  // { label: 'Archivovat účty', value: 'accounts.archive' },
+  // { label: 'Zobrazit zůstatek účtu', value: 'accounts.balance' },
+  // {
+  //   label: 'Vytvořit identifikátory účtu',
+  //   value: 'accounts.identifiers.create',
+  // },
+  // { label: 'Zobrazit identifikátory účtu', value: 'accounts.identifiers.read' },
+  // { label: 'Upravit identifikátory účtu', value: 'accounts.identifiers.edit' },
+  // { label: 'Smazat identifikátory účtu', value: 'accounts.identifiers.delete' },
+  // { label: 'Zobrazit transakce účtu', value: 'accounts.transactions.read' },
+  // { label: 'Zobrazit logy účtů', value: 'accounts.logs.read' },
+  // { label: 'Vytvořit logy účtů', value: 'accounts.logs.create' },
+  // { label: 'Smazat logy účtů', value: 'accounts.logs.delete' },
+];
+const RbacService = defineRbacService({
+  scopes: LABELED_SCOPES
+});
+exports.LABELED_SCOPES = LABELED_SCOPES;
 exports.default = RbacService;
 exports.defineRbacService = defineRbacService;

package/dist/export/worker.d.cts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DB0xguAY.cjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DB0xguAY.cjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.cjs';
 import 'drizzle-orm/sqlite-core';
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -35,12 +35,19 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
 // @ts-ignore
 export = _default;
-export { defineRbacService };
+export { LABELED_SCOPES, defineRbacService };

package/dist/export/worker.d.mts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CocWK7y6.mjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CocWK7y6.mjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.mjs';
 import 'drizzle-orm/sqlite-core';
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -35,10 +35,17 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
-export { _default as default, defineRbacService };
+export { LABELED_SCOPES, _default as default, defineRbacService };

package/dist/export/worker.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CAcqvrNj.js';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CAcqvrNj.js';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.js';
 import 'drizzle-orm/sqlite-core';
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -35,12 +35,19 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
 // @ts-ignore
 export = _default;
-export { defineRbacService };
+export { LABELED_SCOPES, defineRbacService };

package/dist/export/worker.mjs CHANGED Viewed

@@ -794,6 +794,266 @@ function defineRbacService(config = { scopes: [] }) {
   };
 }
-const RbacService = defineRbacService();
+const organizationScopedKeys = (scopes) => {
+  const out = scopes.map((scope) => {
+    const [prefix, ...rest] = scope.split(".");
+    return `${prefix}.{jwt.user.rawUserMetaData.organizationId}.${rest.join(".")}`;
+  });
+  return out;
+};
+const TEST_SCOPES = [
+  "test.read",
+  "test.edit",
+  "test.delete",
+  "test.{jwt.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.edit",
+  "test.{param.resourceId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read",
+  "test.{invalid}.scope",
+  "test.{}.scope",
+  "test.{jwt.}.scope",
+  "test.{.key}.scope"
+];
+const TICKET_SCOPES = [
+  "tickets.read",
+  "tickets.create",
+  "tickets.edit",
+  "tickets.delete",
+  "tickets.archive",
+  "tickets.automations.pause",
+  "tickets.automations.resume",
+  "tickets.dependencies.read",
+  "tickets.dependencies.create",
+  "tickets.dependencies.edit",
+  "tickets.dependencies.delete",
+  "tickets.confirmation.send",
+  "tickets.confirmation.download",
+  "tickets.payments.create",
+  "tickets.payments.read",
+  "tickets.payments.edit",
+  "tickets.payments.delete",
+  "tickets.payments.confirmation.send",
+  "tickets.payments.confirmation.download",
+  "tickets.logs.read",
+  "tickets.logs.create",
+  "tickets.logs.delete"
+];
+const CLIENT_SCOPES = [
+  "clients.read",
+  "clients.create",
+  "clients.edit",
+  "clients.delete",
+  "clients.pin.read",
+  // if not - gw returns **** for pin
+  "clients.pin.edit",
+  // if not - fe should not allow pin change
+  "clients.trader.edit",
+  "clients.logs.read",
+  "clients.logs.create",
+  "clients.logs.delete"
+];
+const USER_SCOPES = [
+  "users.read",
+  "users.create",
+  "users.edit",
+  "users.delete",
+  "users.ban",
+  "users.password.reset.send",
+  "users.password.edit",
+  "users.2fa.enable",
+  "users.2fa.disable",
+  "users.roles.read",
+  "users.roles.edit",
+  "users.scopes.read",
+  "users.scopes.assign",
+  "users.scopes.delete",
+  "users.logs.read",
+  "users.logs.create",
+  "users.logs.delete"
+];
+[
+  // Ticket scopes
+  ...TICKET_SCOPES,
+  ...organizationScopedKeys(TICKET_SCOPES),
+  // Client scopes
+  ...CLIENT_SCOPES,
+  ...organizationScopedKeys(CLIENT_SCOPES),
+  // User scopes
+  ...USER_SCOPES,
+  ...organizationScopedKeys(USER_SCOPES),
+  // Trader scopes
+  "traders.read",
+  "traders.create",
+  "traders.edit",
+  "traders.delete",
+  "traders.logs",
+  // Role scopes
+  "roles.read",
+  "roles.create",
+  "roles.edit",
+  "roles.delete",
+  "roles.scopes.assign",
+  // assign scopes to roles
+  "roles.scopes.delete",
+  // delete scopes from roles
+  "roles.logs.read",
+  "roles.logs.create",
+  "roles.logs.delete",
+  "roles.users.read",
+  // read users assigned to roles
+  // Ledger scopes
+  // 'accounts.read',
+  // 'accounts.create',
+  // 'accounts.edit',
+  // 'accounts.delete',
+  // 'accounts.archive',
+  // 'accounts.balance',
+  // 'accounts.identifiers.create',
+  // 'accounts.identifiers.read',
+  // 'accounts.identifiers.edit',
+  // 'accounts.identifiers.delete',
+  // 'accounts.transactions.read',
+  // 'accounts.logs.read',
+  // 'accounts.logs.create',
+  // 'accounts.logs.delete',
+  ...TEST_SCOPES
+];
+const LABELED_SCOPES = [
+  { label: "Zobrazit tikety", value: "tickets.read" },
+  {
+    label: "Zobrazit tikety v r\xE1mci organizace",
+    value: "tickets.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  { label: "Vytvo\u0159it tiket", value: "tickets.create" },
+  { label: "Upravit tiket", value: "tickets.edit" },
+  { label: "Smazat tiket", value: "tickets.delete" },
+  { label: "Archivovat tiket", value: "tickets.archive" },
+  {
+    label: "Pozastavit automatizaci tiketu",
+    value: "tickets.automations.pause"
+  },
+  { label: "Obnovit automatizaci tiketu", value: "tickets.automations.resume" },
+  { label: "Zobrazit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.read" },
+  { label: "Vytvo\u0159it z\xE1vislosti tiket\u016F", value: "tickets.dependencies.create" },
+  { label: "Upravit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.edit" },
+  { label: "Smazat z\xE1vislosti tiket\u016F", value: "tickets.dependencies.delete" },
+  { label: "Poslat potvrzen\xED tiketu", value: "tickets.confirmation.send" },
+  {
+    label: "St\xE1hnout potvrzen\xED tiketu",
+    value: "tickets.confirmation.download"
+  },
+  { label: "Vytvo\u0159it platbu tiketu", value: "tickets.payments.create" },
+  { label: "Zobrazit platby tiketu", value: "tickets.payments.read" },
+  { label: "Upravit platby tiketu", value: "tickets.payments.edit" },
+  { label: "Smazat platby tiketu", value: "tickets.payments.delete" },
+  {
+    label: "Poslat potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.send"
+  },
+  {
+    label: "St\xE1hnout potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.download"
+  },
+  { label: "Zobrazit logy tiketu", value: "tickets.logs.read" },
+  { label: "Vytvo\u0159it logy tiketu", value: "tickets.logs.create" },
+  { label: "Smazat logy tiketu", value: "tickets.logs.delete" },
+  { label: "Zobrazit obchodn\xEDky", value: "traders.read" },
+  { label: "Vytvo\u0159it obchodn\xEDky", value: "traders.create" },
+  { label: "Upravit obchodn\xEDky", value: "traders.edit" },
+  { label: "Smazat obchodn\xEDky", value: "traders.delete" },
+  { label: "Logy obchodn\xEDk\u016F", value: "traders.logs" },
+  { label: "Zobrazit klienty", value: "clients.read" },
+  { label: "Vytvo\u0159it klienty", value: "clients.create" },
+  { label: "Upravit klienty", value: "clients.edit" },
+  { label: "Smazat klienty", value: "clients.delete" },
+  { label: "Zobrazit PIN klienta", value: "clients.pin.read" },
+  { label: "Upravit PIN klienta", value: "clients.pin.edit" },
+  // { label: 'Zobrazit limity klienta', value: 'clients.limits.read' },
+  // { label: 'Upravit limity klienta', value: 'clients.limits.edit' },
+  // { label: 'Přiřadit obchodníka klientovi', value: 'clients.trader.assign' },
+  { label: "Upravit obchodn\xEDka klienta", value: "clients.trader.edit" },
+  { label: "Zobrazit logy klient\u016F", value: "clients.logs.read" },
+  { label: "Vytvo\u0159it logy klient\u016F", value: "clients.logs.create" },
+  { label: "Smazat logy klient\u016F", value: "clients.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele", value: "users.read" },
+  { label: "Vytvo\u0159it u\u017Eivatele", value: "users.create" },
+  { label: "Upravit u\u017Eivatele", value: "users.edit" },
+  { label: "Smazat u\u017Eivatele", value: "users.delete" },
+  // { label: 'Archivovat uživatele', value: 'users.archive' },
+  { label: "Poslat reset hesla", value: "users.password.reset.send" },
+  // { label: 'Zobrazit oprávnění uživatelů', value: 'users.permissions.read' },
+  // { label: 'Přiřadit oprávnění uživatelům', value: 'users.permissions.assign' },
+  // { label: 'Odebrat oprávnění uživatelům', value: 'users.permissions.delete' },
+  { label: "Povolit 2FA u\u017Eivatel\u016Fm", value: "users.2fa.enable" },
+  { label: "Zak\xE1zat 2FA u\u017Eivatel\u016Fm", value: "users.2fa.disable" },
+  { label: "Zobrazit logy u\u017Eivatel\u016F", value: "users.logs.read" },
+  { label: "Vytvo\u0159it logy u\u017Eivatel\u016F", value: "users.logs.create" },
+  { label: "Smazat logy u\u017Eivatel\u016F", value: "users.logs.delete" },
+  { label: "Zobrazit role", value: "roles.read" },
+  { label: "Vytvo\u0159it role", value: "roles.create" },
+  { label: "Upravit role", value: "roles.edit" },
+  { label: "Smazat role", value: "roles.delete" },
+  // { label: 'Přiřadit oprávnění rolím', value: 'roles.permissions.assign' },
+  // { label: 'Odebrat oprávnění rolím', value: 'roles.permissions.delete' },
+  { label: "Zobrazit logy rol\xED", value: "roles.logs.read" },
+  { label: "Vytvo\u0159it logy rol\xED", value: "roles.logs.create" },
+  { label: "Smazat logy rol\xED", value: "roles.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele p\u0159i\u0159azen\xE9 k rol\xEDm", value: "roles.users.read" },
+  // Test scopes
+  { label: "Test: Read", value: "test.read" },
+  { label: "Test: Edit", value: "test.edit" },
+  { label: "Test: Delete", value: "test.delete" },
+  {
+    label: "Test: Organization ID Read (JWT - invalid path)",
+    value: "test.{jwt.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Read (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Edit (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.edit"
+  },
+  {
+    label: "Test: Resource Read (Param)",
+    value: "test.{param.resourceId}.read"
+  },
+  {
+    label: "Test: Organization Resource Read (Multiple JWT placeholders)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Branch Read (JWT userData)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read"
+  },
+  { label: "Test: Invalid placeholder format", value: "test.{invalid}.scope" },
+  { label: "Test: Empty placeholder", value: "test.{}.scope" },
+  { label: "Test: Empty key placeholder", value: "test.{jwt.}.scope" },
+  { label: "Test: Empty type placeholder", value: "test.{.key}.scope" }
+  // { label: 'Zobrazit účty', value: 'accounts.read' },
+  // { label: 'Vytvořit účty', value: 'accounts.create' },
+  // { label: 'Upravit účty', value: 'accounts.edit' },
+  // { label: 'Smazat účty', value: 'accounts.delete' },
+  // { label: 'Archivovat účty', value: 'accounts.archive' },
+  // { label: 'Zobrazit zůstatek účtu', value: 'accounts.balance' },
+  // {
+  //   label: 'Vytvořit identifikátory účtu',
+  //   value: 'accounts.identifiers.create',
+  // },
+  // { label: 'Zobrazit identifikátory účtu', value: 'accounts.identifiers.read' },
+  // { label: 'Upravit identifikátory účtu', value: 'accounts.identifiers.edit' },
+  // { label: 'Smazat identifikátory účtu', value: 'accounts.identifiers.delete' },
+  // { label: 'Zobrazit transakce účtu', value: 'accounts.transactions.read' },
+  // { label: 'Zobrazit logy účtů', value: 'accounts.logs.read' },
+  // { label: 'Vytvořit logy účtů', value: 'accounts.logs.create' },
+  // { label: 'Smazat logy účtů', value: 'accounts.logs.delete' },
+];
+const RbacService = defineRbacService({
+  scopes: LABELED_SCOPES
+});
-export { RbacService as default, defineRbacService };
+export { LABELED_SCOPES, RbacService as default, defineRbacService };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@develit-services/rbac",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "author": "Develit.io s.r.o.",
   "type": "module",
   "exports": {