@develit-services/rbac 0.2.2 → 0.3.0

package/dist/export/worker.cjs

@@ -5,7 +5,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
 const backendSdk = require('@develit-io/backend-sdk');
 const database_schema = require('../shared/rbac.Cra1T2nC.cjs');
 const drizzleOrm = require('drizzle-orm');
-const verifyScope = require('../shared/rbac.B2KUW5xp.cjs');
+const verifyScope = require('../shared/rbac.BZDCYlSt.cjs');
 const zod = require('zod');
 const cloudflare_workers = require('cloudflare:workers');
 const d1 = require('drizzle-orm/d1');
@@ -658,12 +658,13 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
   }
   async verifyAccess(input) {
     return this.handleAction(
-      // TODO: This input schema is just copied from auth and is not 100% type safe
       { data: input, schema: verifyScope.verifyAccessInputSchema },
       { successMessage: "Access verification completed." },
       async ({ userId, accessRequests, jwt }) => {
-        for (const request of accessRequests) {
-          this.validateScope(request.scope);
+        for (const requestGroup of accessRequests) {
+          for (const request of requestGroup) {
+            this.validateScope(request.scope);
+          }
         }
         const userPermissionsResponse = await this.getUserPermissions({
           userId
@@ -678,46 +679,55 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
           ...userPermissionsResponse.data.roleScopes,
           ...userPermissionsResponse.data.scopes
         ];
-        const allAccessRequestsSatisfied = accessRequests.every((request) => {
-          const placeholders = parseScopeTemplate(request.scope);
-          return allScopes.some((userScope) => {
-            const scopesMatch = userScope.scope === request.scope;
-            let resourceMatches = false;
-            if (placeholders.length > 0) {
-              if (!request.resourcePath) {
-                throw backendSdk.createInternalError(null, {
-                  message: `Resource path is required when scope '${request.scope}' contains placeholders`,
-                  status: 400,
-                  code: "RESOURCE_PATH_REQUIRED"
-                });
-              }
-              const extractedResources = extractResourcesFromPath(
-                request.scope,
-                request.resourcePath
-              );
-              const allPlaceholdersMatch = placeholders.every((placeholder) => {
-                const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
-                const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
-                const expectedValue = getValueByKey(
-                  placeholder.type,
-                  placeholder.path,
-                  jwtParam
-                );
-                if (expectedValue === void 0) {
-                  return false;
+        if (accessRequests.length === 0) {
+          return {
+            isVerified: true
+          };
+        }
+        const anyGroupSatisfied = accessRequests.some((requestGroup) => {
+          return requestGroup.every((request) => {
+            const placeholders = parseScopeTemplate(request.scope);
+            return allScopes.some((userScope) => {
+              const scopesMatch = userScope.scope === request.scope;
+              let resourceMatches = false;
+              if (placeholders.length > 0) {
+                if (!request.resourcePath) {
+                  throw backendSdk.createInternalError(null, {
+                    message: `Resource path is required when scope '${request.scope}' contains placeholders`,
+                    status: 400,
+                    code: "RESOURCE_PATH_REQUIRED"
+                  });
                 }
-                return String(extractedValue) === String(expectedValue);
-              });
-              const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
-              resourceMatches = allPlaceholdersMatch && resourceIdMatches;
-            } else {
-              resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
-            }
-            return scopesMatch && resourceMatches;
+                const extractedResources = extractResourcesFromPath(
+                  request.scope,
+                  request.resourcePath
+                );
+                const allPlaceholdersMatch = placeholders.every(
+                  (placeholder) => {
+                    const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
+                    const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
+                    const expectedValue = getValueByKey(
+                      placeholder.type,
+                      placeholder.path,
+                      jwtParam
+                    );
+                    if (expectedValue === void 0) {
+                      return false;
+                    }
+                    return String(extractedValue) === String(expectedValue);
+                  }
+                );
+                const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
+                resourceMatches = allPlaceholdersMatch && resourceIdMatches;
+              } else {
+                resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
+              }
+              return scopesMatch && resourceMatches;
+            });
           });
         });
         return {
-          isVerified: allAccessRequestsSatisfied
+          isVerified: anyGroupSatisfied
         };
       }
     );
@@ -798,7 +808,268 @@ function defineRbacService(config = { scopes: [] }) {
   };
 }
 
-const RbacService = defineRbacService();
+const organizationScopedKeys = (scopes) => {
+  const out = scopes.map((scope) => {
+    const [prefix, ...rest] = scope.split(".");
+    return `${prefix}.{jwt.user.rawUserMetaData.organizationId}.${rest.join(".")}`;
+  });
+  return out;
+};
+const TEST_SCOPES = [
+  "test.read",
+  "test.edit",
+  "test.delete",
+  "test.{jwt.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.edit",
+  "test.{param.resourceId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read",
+  "test.{invalid}.scope",
+  "test.{}.scope",
+  "test.{jwt.}.scope",
+  "test.{.key}.scope"
+];
+const TICKET_SCOPES = [
+  "tickets.read",
+  "tickets.create",
+  "tickets.edit",
+  "tickets.delete",
+  "tickets.archive",
+  "tickets.automations.pause",
+  "tickets.automations.resume",
+  "tickets.dependencies.read",
+  "tickets.dependencies.create",
+  "tickets.dependencies.edit",
+  "tickets.dependencies.delete",
+  "tickets.confirmation.send",
+  "tickets.confirmation.download",
+  "tickets.payments.create",
+  "tickets.payments.read",
+  "tickets.payments.edit",
+  "tickets.payments.delete",
+  "tickets.payments.confirmation.send",
+  "tickets.payments.confirmation.download",
+  "tickets.logs.read",
+  "tickets.logs.create",
+  "tickets.logs.delete"
+];
+const CLIENT_SCOPES = [
+  "clients.read",
+  "clients.create",
+  "clients.edit",
+  "clients.delete",
+  "clients.pin.read",
+  // if not - gw returns **** for pin
+  "clients.pin.edit",
+  // if not - fe should not allow pin change
+  "clients.trader.edit",
+  "clients.logs.read",
+  "clients.logs.create",
+  "clients.logs.delete"
+];
+const USER_SCOPES = [
+  "users.read",
+  "users.create",
+  "users.edit",
+  "users.delete",
+  "users.ban",
+  "users.password.reset.send",
+  "users.password.edit",
+  "users.2fa.enable",
+  "users.2fa.disable",
+  "users.roles.read",
+  "users.roles.edit",
+  "users.scopes.read",
+  "users.scopes.assign",
+  "users.scopes.delete",
+  "users.logs.read",
+  "users.logs.create",
+  "users.logs.delete"
+];
+[
+  // Ticket scopes
+  ...TICKET_SCOPES,
+  ...organizationScopedKeys(TICKET_SCOPES),
+  // Client scopes
+  ...CLIENT_SCOPES,
+  ...organizationScopedKeys(CLIENT_SCOPES),
+  // User scopes
+  ...USER_SCOPES,
+  ...organizationScopedKeys(USER_SCOPES),
+  // Trader scopes
+  "traders.read",
+  "traders.create",
+  "traders.edit",
+  "traders.delete",
+  "traders.logs",
+  // Role scopes
+  "roles.read",
+  "roles.create",
+  "roles.edit",
+  "roles.delete",
+  "roles.scopes.assign",
+  // assign scopes to roles
+  "roles.scopes.delete",
+  // delete scopes from roles
+  "roles.logs.read",
+  "roles.logs.create",
+  "roles.logs.delete",
+  "roles.users.read",
+  // read users assigned to roles
+  // Ledger scopes
+  // 'accounts.read',
+  // 'accounts.create',
+  // 'accounts.edit',
+  // 'accounts.delete',
+  // 'accounts.archive',
+  // 'accounts.balance',
+  // 'accounts.identifiers.create',
+  // 'accounts.identifiers.read',
+  // 'accounts.identifiers.edit',
+  // 'accounts.identifiers.delete',
+  // 'accounts.transactions.read',
+  // 'accounts.logs.read',
+  // 'accounts.logs.create',
+  // 'accounts.logs.delete',
+  ...TEST_SCOPES
+];
+const LABELED_SCOPES = [
+  { label: "Zobrazit tikety", value: "tickets.read" },
+  {
+    label: "Zobrazit tikety v r\xE1mci organizace",
+    value: "tickets.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  { label: "Vytvo\u0159it tiket", value: "tickets.create" },
+  { label: "Upravit tiket", value: "tickets.edit" },
+  { label: "Smazat tiket", value: "tickets.delete" },
+  { label: "Archivovat tiket", value: "tickets.archive" },
+  {
+    label: "Pozastavit automatizaci tiketu",
+    value: "tickets.automations.pause"
+  },
+  { label: "Obnovit automatizaci tiketu", value: "tickets.automations.resume" },
+  { label: "Zobrazit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.read" },
+  { label: "Vytvo\u0159it z\xE1vislosti tiket\u016F", value: "tickets.dependencies.create" },
+  { label: "Upravit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.edit" },
+  { label: "Smazat z\xE1vislosti tiket\u016F", value: "tickets.dependencies.delete" },
+  { label: "Poslat potvrzen\xED tiketu", value: "tickets.confirmation.send" },
+  {
+    label: "St\xE1hnout potvrzen\xED tiketu",
+    value: "tickets.confirmation.download"
+  },
+  { label: "Vytvo\u0159it platbu tiketu", value: "tickets.payments.create" },
+  { label: "Zobrazit platby tiketu", value: "tickets.payments.read" },
+  { label: "Upravit platby tiketu", value: "tickets.payments.edit" },
+  { label: "Smazat platby tiketu", value: "tickets.payments.delete" },
+  {
+    label: "Poslat potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.send"
+  },
+  {
+    label: "St\xE1hnout potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.download"
+  },
+  { label: "Zobrazit logy tiketu", value: "tickets.logs.read" },
+  { label: "Vytvo\u0159it logy tiketu", value: "tickets.logs.create" },
+  { label: "Smazat logy tiketu", value: "tickets.logs.delete" },
+  { label: "Zobrazit obchodn\xEDky", value: "traders.read" },
+  { label: "Vytvo\u0159it obchodn\xEDky", value: "traders.create" },
+  { label: "Upravit obchodn\xEDky", value: "traders.edit" },
+  { label: "Smazat obchodn\xEDky", value: "traders.delete" },
+  { label: "Logy obchodn\xEDk\u016F", value: "traders.logs" },
+  { label: "Zobrazit klienty", value: "clients.read" },
+  { label: "Vytvo\u0159it klienty", value: "clients.create" },
+  { label: "Upravit klienty", value: "clients.edit" },
+  { label: "Smazat klienty", value: "clients.delete" },
+  { label: "Zobrazit PIN klienta", value: "clients.pin.read" },
+  { label: "Upravit PIN klienta", value: "clients.pin.edit" },
+  // { label: 'Zobrazit limity klienta', value: 'clients.limits.read' },
+  // { label: 'Upravit limity klienta', value: 'clients.limits.edit' },
+  // { label: 'Přiřadit obchodníka klientovi', value: 'clients.trader.assign' },
+  { label: "Upravit obchodn\xEDka klienta", value: "clients.trader.edit" },
+  { label: "Zobrazit logy klient\u016F", value: "clients.logs.read" },
+  { label: "Vytvo\u0159it logy klient\u016F", value: "clients.logs.create" },
+  { label: "Smazat logy klient\u016F", value: "clients.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele", value: "users.read" },
+  { label: "Vytvo\u0159it u\u017Eivatele", value: "users.create" },
+  { label: "Upravit u\u017Eivatele", value: "users.edit" },
+  { label: "Smazat u\u017Eivatele", value: "users.delete" },
+  // { label: 'Archivovat uživatele', value: 'users.archive' },
+  { label: "Poslat reset hesla", value: "users.password.reset.send" },
+  // { label: 'Zobrazit oprávnění uživatelů', value: 'users.permissions.read' },
+  // { label: 'Přiřadit oprávnění uživatelům', value: 'users.permissions.assign' },
+  // { label: 'Odebrat oprávnění uživatelům', value: 'users.permissions.delete' },
+  { label: "Povolit 2FA u\u017Eivatel\u016Fm", value: "users.2fa.enable" },
+  { label: "Zak\xE1zat 2FA u\u017Eivatel\u016Fm", value: "users.2fa.disable" },
+  { label: "Zobrazit logy u\u017Eivatel\u016F", value: "users.logs.read" },
+  { label: "Vytvo\u0159it logy u\u017Eivatel\u016F", value: "users.logs.create" },
+  { label: "Smazat logy u\u017Eivatel\u016F", value: "users.logs.delete" },
+  { label: "Zobrazit role", value: "roles.read" },
+  { label: "Vytvo\u0159it role", value: "roles.create" },
+  { label: "Upravit role", value: "roles.edit" },
+  { label: "Smazat role", value: "roles.delete" },
+  // { label: 'Přiřadit oprávnění rolím', value: 'roles.permissions.assign' },
+  // { label: 'Odebrat oprávnění rolím', value: 'roles.permissions.delete' },
+  { label: "Zobrazit logy rol\xED", value: "roles.logs.read" },
+  { label: "Vytvo\u0159it logy rol\xED", value: "roles.logs.create" },
+  { label: "Smazat logy rol\xED", value: "roles.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele p\u0159i\u0159azen\xE9 k rol\xEDm", value: "roles.users.read" },
+  // Test scopes
+  { label: "Test: Read", value: "test.read" },
+  { label: "Test: Edit", value: "test.edit" },
+  { label: "Test: Delete", value: "test.delete" },
+  {
+    label: "Test: Organization ID Read (JWT - invalid path)",
+    value: "test.{jwt.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Read (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Edit (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.edit"
+  },
+  {
+    label: "Test: Resource Read (Param)",
+    value: "test.{param.resourceId}.read"
+  },
+  {
+    label: "Test: Organization Resource Read (Multiple JWT placeholders)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Branch Read (JWT userData)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read"
+  },
+  { label: "Test: Invalid placeholder format", value: "test.{invalid}.scope" },
+  { label: "Test: Empty placeholder", value: "test.{}.scope" },
+  { label: "Test: Empty key placeholder", value: "test.{jwt.}.scope" },
+  { label: "Test: Empty type placeholder", value: "test.{.key}.scope" }
+  // { label: 'Zobrazit účty', value: 'accounts.read' },
+  // { label: 'Vytvořit účty', value: 'accounts.create' },
+  // { label: 'Upravit účty', value: 'accounts.edit' },
+  // { label: 'Smazat účty', value: 'accounts.delete' },
+  // { label: 'Archivovat účty', value: 'accounts.archive' },
+  // { label: 'Zobrazit zůstatek účtu', value: 'accounts.balance' },
+  // {
+  //   label: 'Vytvořit identifikátory účtu',
+  //   value: 'accounts.identifiers.create',
+  // },
+  // { label: 'Zobrazit identifikátory účtu', value: 'accounts.identifiers.read' },
+  // { label: 'Upravit identifikátory účtu', value: 'accounts.identifiers.edit' },
+  // { label: 'Smazat identifikátory účtu', value: 'accounts.identifiers.delete' },
+  // { label: 'Zobrazit transakce účtu', value: 'accounts.transactions.read' },
+  // { label: 'Zobrazit logy účtů', value: 'accounts.logs.read' },
+  // { label: 'Vytvořit logy účtů', value: 'accounts.logs.create' },
+  // { label: 'Smazat logy účtů', value: 'accounts.logs.delete' },
+];
+
+const RbacService = defineRbacService({
+  scopes: LABELED_SCOPES
+});
 
+exports.LABELED_SCOPES = LABELED_SCOPES;
 exports.default = RbacService;
 exports.defineRbacService = defineRbacService;

package/dist/export/worker.d.cts

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DB0xguAY.cjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.B4wUvd3l.cjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.cjs';
 import 'drizzle-orm/sqlite-core';
 
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -26,21 +26,28 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
     getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
     verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
-        accessRequests: Array<{
+        accessRequests: Array<Array<{
             scope: TScopes[number]['value'];
             resourceId?: string;
             resourcePath?: string;
-        }>;
+        }>>;
     }): Promise<IRPCResponse<VerifyAccessOutput>>;
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
 
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
+
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
 
 // @ts-ignore
 export = _default;
-export { defineRbacService };
+export { LABELED_SCOPES, defineRbacService };

package/dist/export/worker.d.mts

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CocWK7y6.mjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DbnJpvqK.mjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.mjs';
 import 'drizzle-orm/sqlite-core';
 
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -26,19 +26,26 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
     getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
     verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
-        accessRequests: Array<{
+        accessRequests: Array<Array<{
             scope: TScopes[number]['value'];
             resourceId?: string;
             resourcePath?: string;
-        }>;
+        }>>;
     }): Promise<IRPCResponse<VerifyAccessOutput>>;
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
 
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
+
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
 
-export { _default as default, defineRbacService };
+export { LABELED_SCOPES, _default as default, defineRbacService };

package/dist/export/worker.d.ts

@@ -1,6 +1,6 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CAcqvrNj.js';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DrhiDe1P.js';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
@@ -9,7 +9,7 @@ import '../shared/rbac.CqpxM3E5.js';
 import 'drizzle-orm/sqlite-core';
 
 declare const RbacServiceBase_base: (abstract new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv, {}>) & (abstract new (...args: any[]) => _develit_io_backend_sdk.DevelitWorkerMethods);
-declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledScope[]> extends RbacServiceBase_base {
+declare class RbacServiceBase<TScopes extends readonly LabeledScope$1[] = LabeledScope$1[]> extends RbacServiceBase_base {
     readonly db: DrizzleD1Database<typeof tables>;
     readonly SCOPES: TScopes;
     constructor(ctx: ExecutionContext, env: RbacEnv, scopes: TScopes);
@@ -26,21 +26,28 @@ declare class RbacServiceBase<TScopes extends readonly LabeledScope[] = LabeledS
     getPermissions(): Promise<IRPCResponse<GetPermissionsOutput>>;
     getUserPermissions(input: GetUserPermissionsInput): Promise<IRPCResponse<GetUserPermissionsOutput>>;
     verifyAccess(input: Omit<VerifyAccessInput, 'accessRequests'> & {
-        accessRequests: Array<{
+        accessRequests: Array<Array<{
             scope: TScopes[number]['value'];
             resourceId?: string;
             resourcePath?: string;
-        }>;
+        }>>;
     }): Promise<IRPCResponse<VerifyAccessOutput>>;
     deleteRole(input: DeleteRoleInput): Promise<IRPCResponse<DeleteRoleOutput>>;
     updateRole(input: UpdateRoleInput): Promise<IRPCResponse<UpdateRoleOutput>>;
 }
-declare function defineRbacService<const TScopes extends readonly LabeledScope[]>(config?: {
+declare function defineRbacService<const TScopes extends readonly LabeledScope$1[]>(config?: {
     scopes: TScopes;
 }): new (ctx: ExecutionContext, env: RbacEnv) => RbacServiceBase<TScopes>;
 
+declare const SCOPES: readonly ["tickets.read", "tickets.create", "tickets.edit", "tickets.delete", "tickets.archive", "tickets.automations.pause", "tickets.automations.resume", "tickets.dependencies.read", "tickets.dependencies.create", "tickets.dependencies.edit", "tickets.dependencies.delete", "tickets.confirmation.send", "tickets.confirmation.download", "tickets.payments.create", "tickets.payments.read", "tickets.payments.edit", "tickets.payments.delete", "tickets.payments.confirmation.send", "tickets.payments.confirmation.download", "tickets.logs.read", "tickets.logs.create", "tickets.logs.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.archive", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.pause", "tickets.{jwt.user.rawUserMetaData.organizationId}.automations.resume", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.dependencies.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.edit", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.delete", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.send", "tickets.{jwt.user.rawUserMetaData.organizationId}.payments.confirmation.download", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.read", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.create", "tickets.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "clients.read", "clients.create", "clients.edit", "clients.delete", "clients.pin.read", "clients.pin.edit", "clients.trader.edit", "clients.logs.read", "clients.logs.create", "clients.logs.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.read", "clients.{jwt.user.rawUserMetaData.organizationId}.create", "clients.{jwt.user.rawUserMetaData.organizationId}.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.delete", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.read", "clients.{jwt.user.rawUserMetaData.organizationId}.pin.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.trader.edit", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.read", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.create", "clients.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "users.read", "users.create", "users.edit", "users.delete", "users.ban", "users.password.reset.send", "users.password.edit", "users.2fa.enable", "users.2fa.disable", "users.roles.read", "users.roles.edit", "users.scopes.read", "users.scopes.assign", "users.scopes.delete", "users.logs.read", "users.logs.create", "users.logs.delete", "users.{jwt.user.rawUserMetaData.organizationId}.read", "users.{jwt.user.rawUserMetaData.organizationId}.create", "users.{jwt.user.rawUserMetaData.organizationId}.edit", "users.{jwt.user.rawUserMetaData.organizationId}.delete", "users.{jwt.user.rawUserMetaData.organizationId}.ban", "users.{jwt.user.rawUserMetaData.organizationId}.password.reset.send", "users.{jwt.user.rawUserMetaData.organizationId}.password.edit", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.enable", "users.{jwt.user.rawUserMetaData.organizationId}.2fa.disable", "users.{jwt.user.rawUserMetaData.organizationId}.roles.read", "users.{jwt.user.rawUserMetaData.organizationId}.roles.edit", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.read", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.assign", "users.{jwt.user.rawUserMetaData.organizationId}.scopes.delete", "users.{jwt.user.rawUserMetaData.organizationId}.logs.read", "users.{jwt.user.rawUserMetaData.organizationId}.logs.create", "users.{jwt.user.rawUserMetaData.organizationId}.logs.delete", "traders.read", "traders.create", "traders.edit", "traders.delete", "traders.logs", "roles.read", "roles.create", "roles.edit", "roles.delete", "roles.scopes.assign", "roles.scopes.delete", "roles.logs.read", "roles.logs.create", "roles.logs.delete", "roles.users.read", "test.read", "test.edit", "test.delete", "test.{jwt.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.read", "test.{jwt.user.rawUserMetaData.organizationId}.edit", "test.{param.resourceId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read", "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read", "test.{invalid}.scope", "test.{}.scope", "test.{jwt.}.scope", "test.{.key}.scope"];
+type LabeledScope = {
+    label: string;
+    value: (typeof SCOPES)[number];
+};
+declare const LABELED_SCOPES: LabeledScope[];
+
 declare const _default: new (ctx: ExecutionContext, env: RbacEnv) => WorkerEntrypoint<RbacEnv>;
 
 // @ts-ignore
 export = _default;
-export { defineRbacService };
+export { LABELED_SCOPES, defineRbacService };

package/dist/export/worker.mjs

@@ -1,7 +1,7 @@
 import { uuidv4, first, createInternalError, develitWorker, action, service } from '@develit-io/backend-sdk';
 import { s as schema } from '../shared/rbac.D5OV7UPA.mjs';
 import { eq, and, count, inArray } from 'drizzle-orm';
-import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema } from '../shared/rbac.CUCczegz.mjs';
+import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema } from '../shared/rbac.ihzxYB9Z.mjs';
 import { z } from 'zod';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { drizzle } from 'drizzle-orm/d1';
@@ -654,12 +654,13 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
   }
   async verifyAccess(input) {
     return this.handleAction(
-      // TODO: This input schema is just copied from auth and is not 100% type safe
       { data: input, schema: verifyAccessInputSchema },
       { successMessage: "Access verification completed." },
       async ({ userId, accessRequests, jwt }) => {
-        for (const request of accessRequests) {
-          this.validateScope(request.scope);
+        for (const requestGroup of accessRequests) {
+          for (const request of requestGroup) {
+            this.validateScope(request.scope);
+          }
         }
         const userPermissionsResponse = await this.getUserPermissions({
           userId
@@ -674,46 +675,55 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
           ...userPermissionsResponse.data.roleScopes,
           ...userPermissionsResponse.data.scopes
         ];
-        const allAccessRequestsSatisfied = accessRequests.every((request) => {
-          const placeholders = parseScopeTemplate(request.scope);
-          return allScopes.some((userScope) => {
-            const scopesMatch = userScope.scope === request.scope;
-            let resourceMatches = false;
-            if (placeholders.length > 0) {
-              if (!request.resourcePath) {
-                throw createInternalError(null, {
-                  message: `Resource path is required when scope '${request.scope}' contains placeholders`,
-                  status: 400,
-                  code: "RESOURCE_PATH_REQUIRED"
-                });
-              }
-              const extractedResources = extractResourcesFromPath(
-                request.scope,
-                request.resourcePath
-              );
-              const allPlaceholdersMatch = placeholders.every((placeholder) => {
-                const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
-                const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
-                const expectedValue = getValueByKey(
-                  placeholder.type,
-                  placeholder.path,
-                  jwtParam
-                );
-                if (expectedValue === void 0) {
-                  return false;
+        if (accessRequests.length === 0) {
+          return {
+            isVerified: true
+          };
+        }
+        const anyGroupSatisfied = accessRequests.some((requestGroup) => {
+          return requestGroup.every((request) => {
+            const placeholders = parseScopeTemplate(request.scope);
+            return allScopes.some((userScope) => {
+              const scopesMatch = userScope.scope === request.scope;
+              let resourceMatches = false;
+              if (placeholders.length > 0) {
+                if (!request.resourcePath) {
+                  throw createInternalError(null, {
+                    message: `Resource path is required when scope '${request.scope}' contains placeholders`,
+                    status: 400,
+                    code: "RESOURCE_PATH_REQUIRED"
+                  });
                 }
-                return String(extractedValue) === String(expectedValue);
-              });
-              const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
-              resourceMatches = allPlaceholdersMatch && resourceIdMatches;
-            } else {
-              resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
-            }
-            return scopesMatch && resourceMatches;
+                const extractedResources = extractResourcesFromPath(
+                  request.scope,
+                  request.resourcePath
+                );
+                const allPlaceholdersMatch = placeholders.every(
+                  (placeholder) => {
+                    const extractedValue = extractedResources[`${placeholder.type}.${placeholder.path}`];
+                    const jwtParam = placeholder.type === "jwt" ? jwt : void 0;
+                    const expectedValue = getValueByKey(
+                      placeholder.type,
+                      placeholder.path,
+                      jwtParam
+                    );
+                    if (expectedValue === void 0) {
+                      return false;
+                    }
+                    return String(extractedValue) === String(expectedValue);
+                  }
+                );
+                const resourceIdMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
+                resourceMatches = allPlaceholdersMatch && resourceIdMatches;
+              } else {
+                resourceMatches = userScope.resourceId === null || userScope.resourceId === request.resourceId;
+              }
+              return scopesMatch && resourceMatches;
+            });
           });
         });
         return {
-          isVerified: allAccessRequestsSatisfied
+          isVerified: anyGroupSatisfied
         };
       }
     );
@@ -794,6 +804,266 @@ function defineRbacService(config = { scopes: [] }) {
   };
 }
 
-const RbacService = defineRbacService();
+const organizationScopedKeys = (scopes) => {
+  const out = scopes.map((scope) => {
+    const [prefix, ...rest] = scope.split(".");
+    return `${prefix}.{jwt.user.rawUserMetaData.organizationId}.${rest.join(".")}`;
+  });
+  return out;
+};
+const TEST_SCOPES = [
+  "test.read",
+  "test.edit",
+  "test.delete",
+  "test.{jwt.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.{jwt.user.rawUserMetaData.organizationId}.edit",
+  "test.{param.resourceId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read",
+  "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read",
+  "test.{invalid}.scope",
+  "test.{}.scope",
+  "test.{jwt.}.scope",
+  "test.{.key}.scope"
+];
+const TICKET_SCOPES = [
+  "tickets.read",
+  "tickets.create",
+  "tickets.edit",
+  "tickets.delete",
+  "tickets.archive",
+  "tickets.automations.pause",
+  "tickets.automations.resume",
+  "tickets.dependencies.read",
+  "tickets.dependencies.create",
+  "tickets.dependencies.edit",
+  "tickets.dependencies.delete",
+  "tickets.confirmation.send",
+  "tickets.confirmation.download",
+  "tickets.payments.create",
+  "tickets.payments.read",
+  "tickets.payments.edit",
+  "tickets.payments.delete",
+  "tickets.payments.confirmation.send",
+  "tickets.payments.confirmation.download",
+  "tickets.logs.read",
+  "tickets.logs.create",
+  "tickets.logs.delete"
+];
+const CLIENT_SCOPES = [
+  "clients.read",
+  "clients.create",
+  "clients.edit",
+  "clients.delete",
+  "clients.pin.read",
+  // if not - gw returns **** for pin
+  "clients.pin.edit",
+  // if not - fe should not allow pin change
+  "clients.trader.edit",
+  "clients.logs.read",
+  "clients.logs.create",
+  "clients.logs.delete"
+];
+const USER_SCOPES = [
+  "users.read",
+  "users.create",
+  "users.edit",
+  "users.delete",
+  "users.ban",
+  "users.password.reset.send",
+  "users.password.edit",
+  "users.2fa.enable",
+  "users.2fa.disable",
+  "users.roles.read",
+  "users.roles.edit",
+  "users.scopes.read",
+  "users.scopes.assign",
+  "users.scopes.delete",
+  "users.logs.read",
+  "users.logs.create",
+  "users.logs.delete"
+];
+[
+  // Ticket scopes
+  ...TICKET_SCOPES,
+  ...organizationScopedKeys(TICKET_SCOPES),
+  // Client scopes
+  ...CLIENT_SCOPES,
+  ...organizationScopedKeys(CLIENT_SCOPES),
+  // User scopes
+  ...USER_SCOPES,
+  ...organizationScopedKeys(USER_SCOPES),
+  // Trader scopes
+  "traders.read",
+  "traders.create",
+  "traders.edit",
+  "traders.delete",
+  "traders.logs",
+  // Role scopes
+  "roles.read",
+  "roles.create",
+  "roles.edit",
+  "roles.delete",
+  "roles.scopes.assign",
+  // assign scopes to roles
+  "roles.scopes.delete",
+  // delete scopes from roles
+  "roles.logs.read",
+  "roles.logs.create",
+  "roles.logs.delete",
+  "roles.users.read",
+  // read users assigned to roles
+  // Ledger scopes
+  // 'accounts.read',
+  // 'accounts.create',
+  // 'accounts.edit',
+  // 'accounts.delete',
+  // 'accounts.archive',
+  // 'accounts.balance',
+  // 'accounts.identifiers.create',
+  // 'accounts.identifiers.read',
+  // 'accounts.identifiers.edit',
+  // 'accounts.identifiers.delete',
+  // 'accounts.transactions.read',
+  // 'accounts.logs.read',
+  // 'accounts.logs.create',
+  // 'accounts.logs.delete',
+  ...TEST_SCOPES
+];
+const LABELED_SCOPES = [
+  { label: "Zobrazit tikety", value: "tickets.read" },
+  {
+    label: "Zobrazit tikety v r\xE1mci organizace",
+    value: "tickets.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  { label: "Vytvo\u0159it tiket", value: "tickets.create" },
+  { label: "Upravit tiket", value: "tickets.edit" },
+  { label: "Smazat tiket", value: "tickets.delete" },
+  { label: "Archivovat tiket", value: "tickets.archive" },
+  {
+    label: "Pozastavit automatizaci tiketu",
+    value: "tickets.automations.pause"
+  },
+  { label: "Obnovit automatizaci tiketu", value: "tickets.automations.resume" },
+  { label: "Zobrazit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.read" },
+  { label: "Vytvo\u0159it z\xE1vislosti tiket\u016F", value: "tickets.dependencies.create" },
+  { label: "Upravit z\xE1vislosti tiket\u016F", value: "tickets.dependencies.edit" },
+  { label: "Smazat z\xE1vislosti tiket\u016F", value: "tickets.dependencies.delete" },
+  { label: "Poslat potvrzen\xED tiketu", value: "tickets.confirmation.send" },
+  {
+    label: "St\xE1hnout potvrzen\xED tiketu",
+    value: "tickets.confirmation.download"
+  },
+  { label: "Vytvo\u0159it platbu tiketu", value: "tickets.payments.create" },
+  { label: "Zobrazit platby tiketu", value: "tickets.payments.read" },
+  { label: "Upravit platby tiketu", value: "tickets.payments.edit" },
+  { label: "Smazat platby tiketu", value: "tickets.payments.delete" },
+  {
+    label: "Poslat potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.send"
+  },
+  {
+    label: "St\xE1hnout potvrzen\xED platby tiketu",
+    value: "tickets.payments.confirmation.download"
+  },
+  { label: "Zobrazit logy tiketu", value: "tickets.logs.read" },
+  { label: "Vytvo\u0159it logy tiketu", value: "tickets.logs.create" },
+  { label: "Smazat logy tiketu", value: "tickets.logs.delete" },
+  { label: "Zobrazit obchodn\xEDky", value: "traders.read" },
+  { label: "Vytvo\u0159it obchodn\xEDky", value: "traders.create" },
+  { label: "Upravit obchodn\xEDky", value: "traders.edit" },
+  { label: "Smazat obchodn\xEDky", value: "traders.delete" },
+  { label: "Logy obchodn\xEDk\u016F", value: "traders.logs" },
+  { label: "Zobrazit klienty", value: "clients.read" },
+  { label: "Vytvo\u0159it klienty", value: "clients.create" },
+  { label: "Upravit klienty", value: "clients.edit" },
+  { label: "Smazat klienty", value: "clients.delete" },
+  { label: "Zobrazit PIN klienta", value: "clients.pin.read" },
+  { label: "Upravit PIN klienta", value: "clients.pin.edit" },
+  // { label: 'Zobrazit limity klienta', value: 'clients.limits.read' },
+  // { label: 'Upravit limity klienta', value: 'clients.limits.edit' },
+  // { label: 'Přiřadit obchodníka klientovi', value: 'clients.trader.assign' },
+  { label: "Upravit obchodn\xEDka klienta", value: "clients.trader.edit" },
+  { label: "Zobrazit logy klient\u016F", value: "clients.logs.read" },
+  { label: "Vytvo\u0159it logy klient\u016F", value: "clients.logs.create" },
+  { label: "Smazat logy klient\u016F", value: "clients.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele", value: "users.read" },
+  { label: "Vytvo\u0159it u\u017Eivatele", value: "users.create" },
+  { label: "Upravit u\u017Eivatele", value: "users.edit" },
+  { label: "Smazat u\u017Eivatele", value: "users.delete" },
+  // { label: 'Archivovat uživatele', value: 'users.archive' },
+  { label: "Poslat reset hesla", value: "users.password.reset.send" },
+  // { label: 'Zobrazit oprávnění uživatelů', value: 'users.permissions.read' },
+  // { label: 'Přiřadit oprávnění uživatelům', value: 'users.permissions.assign' },
+  // { label: 'Odebrat oprávnění uživatelům', value: 'users.permissions.delete' },
+  { label: "Povolit 2FA u\u017Eivatel\u016Fm", value: "users.2fa.enable" },
+  { label: "Zak\xE1zat 2FA u\u017Eivatel\u016Fm", value: "users.2fa.disable" },
+  { label: "Zobrazit logy u\u017Eivatel\u016F", value: "users.logs.read" },
+  { label: "Vytvo\u0159it logy u\u017Eivatel\u016F", value: "users.logs.create" },
+  { label: "Smazat logy u\u017Eivatel\u016F", value: "users.logs.delete" },
+  { label: "Zobrazit role", value: "roles.read" },
+  { label: "Vytvo\u0159it role", value: "roles.create" },
+  { label: "Upravit role", value: "roles.edit" },
+  { label: "Smazat role", value: "roles.delete" },
+  // { label: 'Přiřadit oprávnění rolím', value: 'roles.permissions.assign' },
+  // { label: 'Odebrat oprávnění rolím', value: 'roles.permissions.delete' },
+  { label: "Zobrazit logy rol\xED", value: "roles.logs.read" },
+  { label: "Vytvo\u0159it logy rol\xED", value: "roles.logs.create" },
+  { label: "Smazat logy rol\xED", value: "roles.logs.delete" },
+  { label: "Zobrazit u\u017Eivatele p\u0159i\u0159azen\xE9 k rol\xEDm", value: "roles.users.read" },
+  // Test scopes
+  { label: "Test: Read", value: "test.read" },
+  { label: "Test: Edit", value: "test.edit" },
+  { label: "Test: Delete", value: "test.delete" },
+  {
+    label: "Test: Organization ID Read (JWT - invalid path)",
+    value: "test.{jwt.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Read (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Edit (JWT)",
+    value: "test.{jwt.user.rawUserMetaData.organizationId}.edit"
+  },
+  {
+    label: "Test: Resource Read (Param)",
+    value: "test.{param.resourceId}.read"
+  },
+  {
+    label: "Test: Organization Resource Read (Multiple JWT placeholders)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.resource.{jwt.user.rawUserMetaData.organizationId}.read"
+  },
+  {
+    label: "Test: Organization Branch Read (JWT userData)",
+    value: "test.organization.{jwt.user.rawUserMetaData.organizationId}.branch.{jwt.userData.organizationBranchId}.read"
+  },
+  { label: "Test: Invalid placeholder format", value: "test.{invalid}.scope" },
+  { label: "Test: Empty placeholder", value: "test.{}.scope" },
+  { label: "Test: Empty key placeholder", value: "test.{jwt.}.scope" },
+  { label: "Test: Empty type placeholder", value: "test.{.key}.scope" }
+  // { label: 'Zobrazit účty', value: 'accounts.read' },
+  // { label: 'Vytvořit účty', value: 'accounts.create' },
+  // { label: 'Upravit účty', value: 'accounts.edit' },
+  // { label: 'Smazat účty', value: 'accounts.delete' },
+  // { label: 'Archivovat účty', value: 'accounts.archive' },
+  // { label: 'Zobrazit zůstatek účtu', value: 'accounts.balance' },
+  // {
+  //   label: 'Vytvořit identifikátory účtu',
+  //   value: 'accounts.identifiers.create',
+  // },
+  // { label: 'Zobrazit identifikátory účtu', value: 'accounts.identifiers.read' },
+  // { label: 'Upravit identifikátory účtu', value: 'accounts.identifiers.edit' },
+  // { label: 'Smazat identifikátory účtu', value: 'accounts.identifiers.delete' },
+  // { label: 'Zobrazit transakce účtu', value: 'accounts.transactions.read' },
+  // { label: 'Zobrazit logy účtů', value: 'accounts.logs.read' },
+  // { label: 'Vytvořit logy účtů', value: 'accounts.logs.create' },
+  // { label: 'Smazat logy účtů', value: 'accounts.logs.delete' },
+];
+
+const RbacService = defineRbacService({
+  scopes: LABELED_SCOPES
+});
 
-export { RbacService as default, defineRbacService };
+export { LABELED_SCOPES, RbacService as default, defineRbacService };

package/dist/shared/{rbac.DB0xguAY.d.cts → rbac.B4wUvd3l.d.cts}

@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
 
 declare const verifyAccessInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
-    accessRequests: z.ZodArray<z.ZodObject<{
+    accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
         scope: z.ZodString;
         resourceId: z.ZodOptional<z.ZodString>;
         resourcePath: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strip>>>;
     jwt: z.ZodOptional<z.ZodObject<{
         sub: z.ZodString;
         iat: z.ZodNumber;

package/dist/shared/{rbac.B2KUW5xp.cjs → rbac.BZDCYlSt.cjs}

@@ -140,11 +140,13 @@ const coercedJwtPayloadSchema = jwtPayloadSchema.extend({
 const verifyAccessInputSchema = zod.z.object({
   userId: zod.z.uuid(),
   accessRequests: zod.z.array(
-    zod.z.object({
-      scope: zod.z.string(),
-      resourceId: zod.z.string().optional(),
-      resourcePath: zod.z.string().optional()
-    })
+    zod.z.array(
+      zod.z.object({
+        scope: zod.z.string(),
+        resourceId: zod.z.string().optional(),
+        resourcePath: zod.z.string().optional()
+      })
+    )
   ),
   jwt: coercedJwtPayloadSchema.optional()
 });

package/dist/shared/{rbac.CocWK7y6.d.mts → rbac.DbnJpvqK.d.mts}

@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
 
 declare const verifyAccessInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
-    accessRequests: z.ZodArray<z.ZodObject<{
+    accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
         scope: z.ZodString;
         resourceId: z.ZodOptional<z.ZodString>;
         resourcePath: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strip>>>;
     jwt: z.ZodOptional<z.ZodObject<{
         sub: z.ZodString;
         iat: z.ZodNumber;

package/dist/shared/{rbac.CAcqvrNj.d.ts → rbac.DrhiDe1P.d.ts}

@@ -190,11 +190,11 @@ interface UpdateRoleOutput {
 
 declare const verifyAccessInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
-    accessRequests: z.ZodArray<z.ZodObject<{
+    accessRequests: z.ZodArray<z.ZodArray<z.ZodObject<{
         scope: z.ZodString;
         resourceId: z.ZodOptional<z.ZodString>;
         resourcePath: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strip>>>;
     jwt: z.ZodOptional<z.ZodObject<{
         sub: z.ZodString;
         iat: z.ZodNumber;

package/dist/shared/{rbac.CUCczegz.mjs → rbac.ihzxYB9Z.mjs}

@@ -138,11 +138,13 @@ const coercedJwtPayloadSchema = jwtPayloadSchema.extend({
 const verifyAccessInputSchema = z.object({
   userId: z.uuid(),
   accessRequests: z.array(
-    z.object({
-      scope: z.string(),
-      resourceId: z.string().optional(),
-      resourcePath: z.string().optional()
-    })
+    z.array(
+      z.object({
+        scope: z.string(),
+        resourceId: z.string().optional(),
+        resourcePath: z.string().optional()
+      })
+    )
   ),
   jwt: coercedJwtPayloadSchema.optional()
 });

package/dist/types.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-const verifyScope = require('./shared/rbac.B2KUW5xp.cjs');
+const verifyScope = require('./shared/rbac.BZDCYlSt.cjs');
 require('zod');
 
 

package/dist/types.d.cts

@@ -1,4 +1,4 @@
-export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.DB0xguAY.cjs';
+export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.B4wUvd3l.cjs';
 import { z } from 'zod';
 export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.cjs';
 import 'drizzle-orm';

package/dist/types.d.mts

@@ -1,4 +1,4 @@
-export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.CocWK7y6.mjs';
+export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.DbnJpvqK.mjs';
 import { z } from 'zod';
 export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.mjs';
 import 'drizzle-orm';

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.CAcqvrNj.js';
+export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, X as updateRoleInputSchema, Y as verifyAccessInputSchema } from './shared/rbac.DrhiDe1P.js';
 import { z } from 'zod';
 export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.js';
 import 'drizzle-orm';

package/dist/types.mjs

@@ -1,2 +1,2 @@
-export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, k as verifyScopeInputSchema, l as verifyScopeOutputSchema } from './shared/rbac.CUCczegz.mjs';
+export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, k as verifyScopeInputSchema, l as verifyScopeOutputSchema } from './shared/rbac.ihzxYB9Z.mjs';
 import 'zod';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@develit-services/rbac",
-  "version": "0.2.2",
+  "version": "0.3.0",
   "author": "Develit.io s.r.o.",
   "type": "module",
   "exports": {