@develit-services/rbac 0.4.0 → 0.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/export/worker.cjs +33 -7
- package/dist/export/worker.d.cts +1 -1
- package/dist/export/worker.d.mts +1 -1
- package/dist/export/worker.d.ts +1 -1
- package/dist/export/worker.mjs +33 -7
- package/dist/export/wrangler.cjs +6 -1
- package/dist/export/wrangler.d.cts +4 -0
- package/dist/export/wrangler.d.mts +4 -0
- package/dist/export/wrangler.d.ts +4 -0
- package/dist/export/wrangler.mjs +6 -1
- package/dist/shared/{rbac.CG3CtEwh.d.mts → rbac.BKJdHgo6.d.mts} +4 -0
- package/dist/shared/{rbac.2_i8g_mW.mjs → rbac.BdBAChkr.mjs} +5 -1
- package/dist/shared/{rbac.BrefTsLW.d.ts → rbac.Bv-9aL95.d.ts} +4 -0
- package/dist/shared/{rbac.JCf4hSCf.cjs → rbac.DH2MYF0T.cjs} +5 -1
- package/dist/shared/{rbac.DBpIRbd3.d.cts → rbac.Dqh3yQbz.d.cts} +4 -0
- package/dist/types.cjs +1 -1
- package/dist/types.d.cts +1 -1
- package/dist/types.d.mts +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.mjs +1 -1
- package/package.json +3 -3
package/dist/export/worker.cjs
CHANGED
|
@@ -5,7 +5,7 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
|
5
5
|
const backendSdk = require('@develit-io/backend-sdk');
|
|
6
6
|
const database_schema = require('../shared/rbac.Cra1T2nC.cjs');
|
|
7
7
|
const drizzleOrm = require('drizzle-orm');
|
|
8
|
-
const verifyScope = require('../shared/rbac.
|
|
8
|
+
const verifyScope = require('../shared/rbac.DH2MYF0T.cjs');
|
|
9
9
|
const zod = require('zod');
|
|
10
10
|
const cloudflare_workers = require('cloudflare:workers');
|
|
11
11
|
const d1 = require('drizzle-orm/d1');
|
|
@@ -480,8 +480,15 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
|
|
|
480
480
|
{ successMessage: "Scope successfully granted to user." },
|
|
481
481
|
async ({ userId, scope, resourceId }) => {
|
|
482
482
|
this.validateScope(scope);
|
|
483
|
-
const
|
|
484
|
-
|
|
483
|
+
const userScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
484
|
+
const matchingScopes = userScopes.filter((s) => s.scope === scope);
|
|
485
|
+
if (!resourceId && matchingScopes.find((s) => !s.resourceId)) {
|
|
486
|
+
throw backendSdk.createInternalError(null, {
|
|
487
|
+
message: "Scope already assigned to user.",
|
|
488
|
+
status: 409
|
|
489
|
+
});
|
|
490
|
+
}
|
|
491
|
+
if (resourceId && matchingScopes.some((s) => s.resourceId === resourceId)) {
|
|
485
492
|
throw backendSdk.createInternalError(null, {
|
|
486
493
|
message: "Scope already assigned to user.",
|
|
487
494
|
status: 409
|
|
@@ -506,7 +513,16 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
|
|
|
506
513
|
for (const scope of scopes) {
|
|
507
514
|
this.validateScope(scope.scope);
|
|
508
515
|
const userScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
509
|
-
|
|
516
|
+
const matchingScopes = userScopes.filter(
|
|
517
|
+
(s) => s.scope === scope.scope
|
|
518
|
+
);
|
|
519
|
+
if (!scope.resourceId && matchingScopes.find((s) => !s.resourceId)) {
|
|
520
|
+
throw backendSdk.createInternalError(null, {
|
|
521
|
+
message: "Scope already assigned to user.",
|
|
522
|
+
status: 409
|
|
523
|
+
});
|
|
524
|
+
}
|
|
525
|
+
if (scope.resourceId && matchingScopes.some((s) => s.resourceId === scope.resourceId)) {
|
|
510
526
|
throw backendSdk.createInternalError(null, {
|
|
511
527
|
message: "Scope already assigned to user.",
|
|
512
528
|
status: 409
|
|
@@ -622,24 +638,34 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
|
|
|
622
638
|
return this.handleAction(
|
|
623
639
|
{ data: input, schema: verifyScope.getUserPermissionsInputSchema },
|
|
624
640
|
{ successMessage: "User permissions successfully returned." },
|
|
625
|
-
async ({ userId }) => {
|
|
641
|
+
async ({ userId, filter }) => {
|
|
626
642
|
const resultRoles = await getRolesByUserQuery({ db: this.db, userId });
|
|
627
643
|
const resultScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
628
644
|
const resultRoleScopes = await getScopesByRolesQuery({
|
|
629
645
|
db: this.db,
|
|
630
646
|
roleIds: resultRoles.filter((role) => role.id).map((role) => role.id)
|
|
631
647
|
});
|
|
648
|
+
const applyFilter = (scopeValue) => {
|
|
649
|
+
if (!filter) return true;
|
|
650
|
+
if (filter.scopeContains && !scopeValue.includes(filter.scopeContains)) {
|
|
651
|
+
return false;
|
|
652
|
+
}
|
|
653
|
+
if (filter.scopeStartsWith && !scopeValue.startsWith(filter.scopeStartsWith)) {
|
|
654
|
+
return false;
|
|
655
|
+
}
|
|
656
|
+
return true;
|
|
657
|
+
};
|
|
632
658
|
const roles = resultRoles.map((role) => ({
|
|
633
659
|
id: role.id,
|
|
634
660
|
name: role.name
|
|
635
661
|
}));
|
|
636
|
-
const scopes = resultScopes.map((scope) => ({
|
|
662
|
+
const scopes = resultScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
|
|
637
663
|
id: scope.id,
|
|
638
664
|
scope: scope.scope,
|
|
639
665
|
label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
|
|
640
666
|
resourceId: scope.resourceId
|
|
641
667
|
}));
|
|
642
|
-
const roleScopes = resultRoleScopes.map((scope) => ({
|
|
668
|
+
const roleScopes = resultRoleScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
|
|
643
669
|
id: scope.id,
|
|
644
670
|
scope: scope.scope,
|
|
645
671
|
label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
|
package/dist/export/worker.d.cts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.Dqh3yQbz.cjs';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
package/dist/export/worker.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.BKJdHgo6.mjs';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
package/dist/export/worker.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
|
|
2
2
|
import { IRPCResponse } from '@develit-io/backend-sdk';
|
|
3
|
-
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.
|
|
3
|
+
import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.Bv-9aL95.js';
|
|
4
4
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
5
5
|
import { DrizzleD1Database } from 'drizzle-orm/d1';
|
|
6
6
|
import 'zod';
|
package/dist/export/worker.mjs
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { uuidv4, first, createInternalError, develitWorker, action, service } from '@develit-io/backend-sdk';
|
|
2
2
|
import { s as schema } from '../shared/rbac.D5OV7UPA.mjs';
|
|
3
3
|
import { eq, and, count, inArray } from 'drizzle-orm';
|
|
4
|
-
import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema, l as isScopeObject, m as isOrCondition, n as isAndCondition, o as isImplicitAndCondition } from '../shared/rbac.
|
|
4
|
+
import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema, l as isScopeObject, m as isOrCondition, n as isAndCondition, o as isImplicitAndCondition } from '../shared/rbac.BdBAChkr.mjs';
|
|
5
5
|
import { z } from 'zod';
|
|
6
6
|
import { WorkerEntrypoint } from 'cloudflare:workers';
|
|
7
7
|
import { drizzle } from 'drizzle-orm/d1';
|
|
@@ -476,8 +476,15 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
|
|
|
476
476
|
{ successMessage: "Scope successfully granted to user." },
|
|
477
477
|
async ({ userId, scope, resourceId }) => {
|
|
478
478
|
this.validateScope(scope);
|
|
479
|
-
const
|
|
480
|
-
|
|
479
|
+
const userScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
480
|
+
const matchingScopes = userScopes.filter((s) => s.scope === scope);
|
|
481
|
+
if (!resourceId && matchingScopes.find((s) => !s.resourceId)) {
|
|
482
|
+
throw createInternalError(null, {
|
|
483
|
+
message: "Scope already assigned to user.",
|
|
484
|
+
status: 409
|
|
485
|
+
});
|
|
486
|
+
}
|
|
487
|
+
if (resourceId && matchingScopes.some((s) => s.resourceId === resourceId)) {
|
|
481
488
|
throw createInternalError(null, {
|
|
482
489
|
message: "Scope already assigned to user.",
|
|
483
490
|
status: 409
|
|
@@ -502,7 +509,16 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
|
|
|
502
509
|
for (const scope of scopes) {
|
|
503
510
|
this.validateScope(scope.scope);
|
|
504
511
|
const userScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
505
|
-
|
|
512
|
+
const matchingScopes = userScopes.filter(
|
|
513
|
+
(s) => s.scope === scope.scope
|
|
514
|
+
);
|
|
515
|
+
if (!scope.resourceId && matchingScopes.find((s) => !s.resourceId)) {
|
|
516
|
+
throw createInternalError(null, {
|
|
517
|
+
message: "Scope already assigned to user.",
|
|
518
|
+
status: 409
|
|
519
|
+
});
|
|
520
|
+
}
|
|
521
|
+
if (scope.resourceId && matchingScopes.some((s) => s.resourceId === scope.resourceId)) {
|
|
506
522
|
throw createInternalError(null, {
|
|
507
523
|
message: "Scope already assigned to user.",
|
|
508
524
|
status: 409
|
|
@@ -618,24 +634,34 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
|
|
|
618
634
|
return this.handleAction(
|
|
619
635
|
{ data: input, schema: getUserPermissionsInputSchema },
|
|
620
636
|
{ successMessage: "User permissions successfully returned." },
|
|
621
|
-
async ({ userId }) => {
|
|
637
|
+
async ({ userId, filter }) => {
|
|
622
638
|
const resultRoles = await getRolesByUserQuery({ db: this.db, userId });
|
|
623
639
|
const resultScopes = await getScopesByUserQuery({ db: this.db, userId });
|
|
624
640
|
const resultRoleScopes = await getScopesByRolesQuery({
|
|
625
641
|
db: this.db,
|
|
626
642
|
roleIds: resultRoles.filter((role) => role.id).map((role) => role.id)
|
|
627
643
|
});
|
|
644
|
+
const applyFilter = (scopeValue) => {
|
|
645
|
+
if (!filter) return true;
|
|
646
|
+
if (filter.scopeContains && !scopeValue.includes(filter.scopeContains)) {
|
|
647
|
+
return false;
|
|
648
|
+
}
|
|
649
|
+
if (filter.scopeStartsWith && !scopeValue.startsWith(filter.scopeStartsWith)) {
|
|
650
|
+
return false;
|
|
651
|
+
}
|
|
652
|
+
return true;
|
|
653
|
+
};
|
|
628
654
|
const roles = resultRoles.map((role) => ({
|
|
629
655
|
id: role.id,
|
|
630
656
|
name: role.name
|
|
631
657
|
}));
|
|
632
|
-
const scopes = resultScopes.map((scope) => ({
|
|
658
|
+
const scopes = resultScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
|
|
633
659
|
id: scope.id,
|
|
634
660
|
scope: scope.scope,
|
|
635
661
|
label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
|
|
636
662
|
resourceId: scope.resourceId
|
|
637
663
|
}));
|
|
638
|
-
const roleScopes = resultRoleScopes.map((scope) => ({
|
|
664
|
+
const roleScopes = resultRoleScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
|
|
639
665
|
id: scope.id,
|
|
640
666
|
scope: scope.scope,
|
|
641
667
|
label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
|
package/dist/export/wrangler.cjs
CHANGED
|
@@ -10,10 +10,15 @@ function defineRbacServiceWrangler(config) {
|
|
|
10
10
|
name
|
|
11
11
|
}),
|
|
12
12
|
vars: {
|
|
13
|
-
// Variables
|
|
14
13
|
...envs.local.vars,
|
|
15
14
|
ENVIRONMENT: "localhost"
|
|
16
15
|
},
|
|
16
|
+
services: [
|
|
17
|
+
{
|
|
18
|
+
binding: "SECRETS_STORE",
|
|
19
|
+
service: `${project}-secrets-store`
|
|
20
|
+
}
|
|
21
|
+
],
|
|
17
22
|
d1_databases: [
|
|
18
23
|
{
|
|
19
24
|
binding: "RBAC_D1",
|
|
@@ -5,6 +5,10 @@ declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
|
|
|
5
5
|
ENVIRONMENT: string;
|
|
6
6
|
SERVICE_CONFIG_INCLUDE_CONFIRMATION: boolean;
|
|
7
7
|
};
|
|
8
|
+
services: {
|
|
9
|
+
binding: string;
|
|
10
|
+
service: string;
|
|
11
|
+
}[];
|
|
8
12
|
d1_databases: {
|
|
9
13
|
binding: string;
|
|
10
14
|
database_name: string;
|
|
@@ -5,6 +5,10 @@ declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
|
|
|
5
5
|
ENVIRONMENT: string;
|
|
6
6
|
SERVICE_CONFIG_INCLUDE_CONFIRMATION: boolean;
|
|
7
7
|
};
|
|
8
|
+
services: {
|
|
9
|
+
binding: string;
|
|
10
|
+
service: string;
|
|
11
|
+
}[];
|
|
8
12
|
d1_databases: {
|
|
9
13
|
binding: string;
|
|
10
14
|
database_name: string;
|
|
@@ -5,6 +5,10 @@ declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
|
|
|
5
5
|
ENVIRONMENT: string;
|
|
6
6
|
SERVICE_CONFIG_INCLUDE_CONFIRMATION: boolean;
|
|
7
7
|
};
|
|
8
|
+
services: {
|
|
9
|
+
binding: string;
|
|
10
|
+
service: string;
|
|
11
|
+
}[];
|
|
8
12
|
d1_databases: {
|
|
9
13
|
binding: string;
|
|
10
14
|
database_name: string;
|
package/dist/export/wrangler.mjs
CHANGED
|
@@ -8,10 +8,15 @@ function defineRbacServiceWrangler(config) {
|
|
|
8
8
|
name
|
|
9
9
|
}),
|
|
10
10
|
vars: {
|
|
11
|
-
// Variables
|
|
12
11
|
...envs.local.vars,
|
|
13
12
|
ENVIRONMENT: "localhost"
|
|
14
13
|
},
|
|
14
|
+
services: [
|
|
15
|
+
{
|
|
16
|
+
binding: "SECRETS_STORE",
|
|
17
|
+
service: `${project}-secrets-store`
|
|
18
|
+
}
|
|
19
|
+
],
|
|
15
20
|
d1_databases: [
|
|
16
21
|
{
|
|
17
22
|
binding: "RBAC_D1",
|
|
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
|
|
|
93
93
|
|
|
94
94
|
declare const getUserPermissionsInputSchema: z.ZodObject<{
|
|
95
95
|
userId: z.ZodUUID;
|
|
96
|
+
filter: z.ZodOptional<z.ZodObject<{
|
|
97
|
+
scopeContains: z.ZodOptional<z.ZodString>;
|
|
98
|
+
scopeStartsWith: z.ZodOptional<z.ZodString>;
|
|
99
|
+
}, z.core.$strip>>;
|
|
96
100
|
}, z.core.$strip>;
|
|
97
101
|
interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
|
|
98
102
|
}
|
|
@@ -19,7 +19,11 @@ const deleteRoleInputSchema = z.object({
|
|
|
19
19
|
});
|
|
20
20
|
|
|
21
21
|
const getUserPermissionsInputSchema = z.object({
|
|
22
|
-
userId: z.uuid()
|
|
22
|
+
userId: z.uuid(),
|
|
23
|
+
filter: z.object({
|
|
24
|
+
scopeContains: z.string().optional(),
|
|
25
|
+
scopeStartsWith: z.string().optional()
|
|
26
|
+
}).optional()
|
|
23
27
|
});
|
|
24
28
|
|
|
25
29
|
const grantScopeToRoleInputSchema = z.object({
|
|
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
|
|
|
93
93
|
|
|
94
94
|
declare const getUserPermissionsInputSchema: z.ZodObject<{
|
|
95
95
|
userId: z.ZodUUID;
|
|
96
|
+
filter: z.ZodOptional<z.ZodObject<{
|
|
97
|
+
scopeContains: z.ZodOptional<z.ZodString>;
|
|
98
|
+
scopeStartsWith: z.ZodOptional<z.ZodString>;
|
|
99
|
+
}, z.core.$strip>>;
|
|
96
100
|
}, z.core.$strip>;
|
|
97
101
|
interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
|
|
98
102
|
}
|
|
@@ -21,7 +21,11 @@ const deleteRoleInputSchema = zod.z.object({
|
|
|
21
21
|
});
|
|
22
22
|
|
|
23
23
|
const getUserPermissionsInputSchema = zod.z.object({
|
|
24
|
-
userId: zod.z.uuid()
|
|
24
|
+
userId: zod.z.uuid(),
|
|
25
|
+
filter: zod.z.object({
|
|
26
|
+
scopeContains: zod.z.string().optional(),
|
|
27
|
+
scopeStartsWith: zod.z.string().optional()
|
|
28
|
+
}).optional()
|
|
25
29
|
});
|
|
26
30
|
|
|
27
31
|
const grantScopeToRoleInputSchema = zod.z.object({
|
|
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
|
|
|
93
93
|
|
|
94
94
|
declare const getUserPermissionsInputSchema: z.ZodObject<{
|
|
95
95
|
userId: z.ZodUUID;
|
|
96
|
+
filter: z.ZodOptional<z.ZodObject<{
|
|
97
|
+
scopeContains: z.ZodOptional<z.ZodString>;
|
|
98
|
+
scopeStartsWith: z.ZodOptional<z.ZodString>;
|
|
99
|
+
}, z.core.$strip>>;
|
|
96
100
|
}, z.core.$strip>;
|
|
97
101
|
interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
|
|
98
102
|
}
|
package/dist/types.cjs
CHANGED
package/dist/types.d.cts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.Dqh3yQbz.cjs';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.cjs';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.BKJdHgo6.mjs';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.mjs';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.
|
|
1
|
+
export { A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, C as CreateRoleInput, a as CreateRoleOutput, D as DeleteRoleInput, s as DeleteRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, L as LabeledScope, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, y as RoleInsertType, w as RoleScopeInsertType, v as RoleScopeSelectType, x as RoleSelectType, S as Scope, _ as ScopeCondition, Z as ScopeObject, U as UpdateRoleInput, u as UpdateRoleOutput, B as UserRoleInsertType, z as UserRoleSelectType, F as UserScopeInsertType, E as UserScopeSelectType, V as VerifyAccessInput, r as VerifyAccessOutput, H as assignRoleToUserInputSchema, I as assignRolesToUserInputSchema, J as createRoleInputSchema, K as deleteRoleInputSchema, M as getUserPermissionsInputSchema, N as grantScopeToRoleInputSchema, O as grantScopeToUserInputSchema, P as grantScopesToUserInputSchema, a3 as isAndCondition, a4 as isImplicitAndCondition, a2 as isOrCondition, a1 as isScopeObject, Q as revokeRoleFromUserInputSchema, T as revokeScopeFromRoleInputSchema, W as revokeScopeFromUserInputSchema, $ as scopeConditionSchema, Y as scopeObjectSchema, X as updateRoleInputSchema, a0 as verifyAccessInputSchema } from './shared/rbac.Bv-9aL95.js';
|
|
2
2
|
import { z } from 'zod';
|
|
3
3
|
export { b as RbacServiceEnv, a as RbacServiceEnvironmentConfig, R as RbacServiceWranglerConfig } from './shared/rbac.ClMKyW8J.js';
|
|
4
4
|
import 'drizzle-orm';
|
package/dist/types.mjs
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, n as isAndCondition, o as isImplicitAndCondition, m as isOrCondition, l as isScopeObject, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, k as scopeConditionSchema, s as scopeObjectSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, p as verifyScopeInputSchema, q as verifyScopeOutputSchema } from './shared/rbac.
|
|
1
|
+
export { a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, c as createRoleInputSchema, d as deleteRoleInputSchema, g as getUserPermissionsInputSchema, e as grantScopeToRoleInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, n as isAndCondition, o as isImplicitAndCondition, m as isOrCondition, l as isScopeObject, r as revokeRoleFromUserInputSchema, i as revokeScopeFromRoleInputSchema, j as revokeScopeFromUserInputSchema, k as scopeConditionSchema, s as scopeObjectSchema, u as updateRoleInputSchema, v as verifyAccessInputSchema, p as verifyScopeInputSchema, q as verifyScopeOutputSchema } from './shared/rbac.BdBAChkr.mjs';
|
|
2
2
|
import 'zod';
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@develit-services/rbac",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.5.1",
|
|
4
4
|
"author": "Develit.io s.r.o.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
@@ -30,13 +30,13 @@
|
|
|
30
30
|
"./dist"
|
|
31
31
|
],
|
|
32
32
|
"scripts": {
|
|
33
|
-
"dev": "wrangler dev --port 9237 --persist-to ../../.wrangler/state",
|
|
33
|
+
"dev": "wrangler dev --port 9237 --persist-to ../../.wrangler/state -c ./wrangler.jsonc -c ../../apps/secrets-store/wrangler.jsonc",
|
|
34
34
|
"wrangler:generate": "bunx develit wrangler:generate --types",
|
|
35
35
|
"db:init": "wrangler d1 execute develit-rbac --local --persist-to ../../.wrangler/state --command=\"SELECT 'Creating database...' AS status;\"",
|
|
36
36
|
"db:generate": "drizzle-kit generate",
|
|
37
37
|
"db:migrate": "drizzle-kit migrate",
|
|
38
38
|
"db:explore": "drizzle-kit studio",
|
|
39
|
-
"types": "
|
|
39
|
+
"types": "bash typegen.sh",
|
|
40
40
|
"lint": "biome check",
|
|
41
41
|
"lint:fix": "biome check --fix",
|
|
42
42
|
"test": "vitest",
|