@develit-services/rbac 0.5.0 → 0.6.0

package/dist/database/schema.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-const database_schema = require('../shared/rbac.Cra1T2nC.cjs');
+const database_schema = require('../shared/rbac.gXUvaSJ2.cjs');
 require('@develit-io/backend-sdk');
 require('drizzle-orm/sqlite-core');
 

package/dist/database/schema.d.cts

@@ -1,2 +1,2 @@
-export { a as role, r as roleScope, u as userRole, b as userScope } from '../shared/rbac.CqpxM3E5.cjs';
+export { r as role, a as roleScope, u as userRole, b as userScope } from '../shared/rbac.Dk5HPpHF.cjs';
 import 'drizzle-orm/sqlite-core';

package/dist/database/schema.d.mts

@@ -1,2 +1,2 @@
-export { a as role, r as roleScope, u as userRole, b as userScope } from '../shared/rbac.CqpxM3E5.mjs';
+export { r as role, a as roleScope, u as userRole, b as userScope } from '../shared/rbac.Dk5HPpHF.mjs';
 import 'drizzle-orm/sqlite-core';

package/dist/database/schema.d.ts

@@ -1,2 +1,2 @@
-export { a as role, r as roleScope, u as userRole, b as userScope } from '../shared/rbac.CqpxM3E5.js';
+export { r as role, a as roleScope, u as userRole, b as userScope } from '../shared/rbac.Dk5HPpHF.js';
 import 'drizzle-orm/sqlite-core';

package/dist/database/schema.mjs

@@ -1,3 +1,3 @@
-export { a as role, r as roleScope, u as userRole, b as userScope } from '../shared/rbac.D5OV7UPA.mjs';
+export { r as role, a as roleScope, u as userRole, b as userScope } from '../shared/rbac.H1LXb5Lk.mjs';
 import '@develit-io/backend-sdk';
 import 'drizzle-orm/sqlite-core';

package/dist/export/worker.cjs

@@ -3,9 +3,9 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 const backendSdk = require('@develit-io/backend-sdk');
-const database_schema = require('../shared/rbac.Cra1T2nC.cjs');
+const database_schema = require('../shared/rbac.gXUvaSJ2.cjs');
 const drizzleOrm = require('drizzle-orm');
-const verifyScope = require('../shared/rbac.JCf4hSCf.cjs');
+const verifyScope = require('../shared/rbac.DH2MYF0T.cjs');
 const zod = require('zod');
 const cloudflare_workers = require('cloudflare:workers');
 const d1 = require('drizzle-orm/d1');
@@ -638,24 +638,34 @@ let RbacServiceBase = class extends backendSdk.develitWorker(cloudflare_workers.
     return this.handleAction(
       { data: input, schema: verifyScope.getUserPermissionsInputSchema },
       { successMessage: "User permissions successfully returned." },
-      async ({ userId }) => {
+      async ({ userId, filter }) => {
         const resultRoles = await getRolesByUserQuery({ db: this.db, userId });
         const resultScopes = await getScopesByUserQuery({ db: this.db, userId });
         const resultRoleScopes = await getScopesByRolesQuery({
           db: this.db,
           roleIds: resultRoles.filter((role) => role.id).map((role) => role.id)
         });
+        const applyFilter = (scopeValue) => {
+          if (!filter) return true;
+          if (filter.scopeContains && !scopeValue.includes(filter.scopeContains)) {
+            return false;
+          }
+          if (filter.scopeStartsWith && !scopeValue.startsWith(filter.scopeStartsWith)) {
+            return false;
+          }
+          return true;
+        };
         const roles = resultRoles.map((role) => ({
           id: role.id,
           name: role.name
         }));
-        const scopes = resultScopes.map((scope) => ({
+        const scopes = resultScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
           id: scope.id,
           scope: scope.scope,
           label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
           resourceId: scope.resourceId
         }));
-        const roleScopes = resultRoleScopes.map((scope) => ({
+        const roleScopes = resultRoleScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
           id: scope.id,
           scope: scope.scope,
           label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,

package/dist/export/worker.d.cts

@@ -1,11 +1,11 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DBpIRbd3.cjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.DiIYl-FR.cjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
 import 'drizzle-orm';
-import '../shared/rbac.CqpxM3E5.cjs';
+import '../shared/rbac.Dk5HPpHF.cjs';
 import 'drizzle-orm/sqlite-core';
 
 type TypedScopeObject<TScopes extends readonly LabeledScope$1[]> = {

package/dist/export/worker.d.mts

@@ -1,11 +1,11 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.CG3CtEwh.mjs';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.4NEkwyHb.mjs';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
 import 'drizzle-orm';
-import '../shared/rbac.CqpxM3E5.mjs';
+import '../shared/rbac.Dk5HPpHF.mjs';
 import 'drizzle-orm/sqlite-core';
 
 type TypedScopeObject<TScopes extends readonly LabeledScope$1[]> = {

package/dist/export/worker.d.ts

@@ -1,11 +1,11 @@
 import * as _develit_io_backend_sdk from '@develit-io/backend-sdk';
 import { IRPCResponse } from '@develit-io/backend-sdk';
-import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.BrefTsLW.js';
+import { L as LabeledScope$1, t as tables, C as CreateRoleInput, a as CreateRoleOutput, A as AssignRoleToUserInput, b as AssignRoleToUserOutput, c as AssignRolesToUserInput, d as AssignRolesToUserOutput, R as RevokeRoleFromUserInput, e as RevokeRoleFromUserOutput, G as GrantScopeToUserInput, f as GrantScopeToUserOutput, g as GrantScopesToUserInput, h as GrantScopesToUserOutput, i as RevokeScopeFromUserInput, j as RevokeScopeFromUserOutput, k as GrantScopeToRoleInput, l as GrantScopeToRoleOutput, m as RevokeScopeFromRoleInput, n as RevokeScopeFromRoleOutput, o as GetPermissionsOutput, p as GetUserPermissionsInput, q as GetUserPermissionsOutput, V as VerifyAccessInput, r as VerifyAccessOutput, D as DeleteRoleInput, s as DeleteRoleOutput, U as UpdateRoleInput, u as UpdateRoleOutput } from '../shared/rbac.B4swuPCq.js';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { DrizzleD1Database } from 'drizzle-orm/d1';
 import 'zod';
 import 'drizzle-orm';
-import '../shared/rbac.CqpxM3E5.js';
+import '../shared/rbac.Dk5HPpHF.js';
 import 'drizzle-orm/sqlite-core';
 
 type TypedScopeObject<TScopes extends readonly LabeledScope$1[]> = {

package/dist/export/worker.mjs

@@ -1,7 +1,7 @@
 import { uuidv4, first, createInternalError, develitWorker, action, service } from '@develit-io/backend-sdk';
-import { s as schema } from '../shared/rbac.D5OV7UPA.mjs';
+import { s as schema } from '../shared/rbac.H1LXb5Lk.mjs';
 import { eq, and, count, inArray } from 'drizzle-orm';
-import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, j as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, i as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema, l as isScopeObject, m as isOrCondition, n as isAndCondition, o as isImplicitAndCondition } from '../shared/rbac.2_i8g_mW.mjs';
+import { c as createRoleInputSchema, a as assignRoleToUserInputSchema, b as assignRolesToUserInputSchema, r as revokeRoleFromUserInputSchema, f as grantScopeToUserInputSchema, h as grantScopesToUserInputSchema, n as revokeScopeFromUserInputSchema, e as grantScopeToRoleInputSchema, m as revokeScopeFromRoleInputSchema, g as getUserPermissionsInputSchema, v as verifyAccessInputSchema, d as deleteRoleInputSchema, u as updateRoleInputSchema, l as isScopeObject, k as isOrCondition, i as isAndCondition, j as isImplicitAndCondition } from '../shared/rbac.tv1QQcSW.mjs';
 import { z } from 'zod';
 import { WorkerEntrypoint } from 'cloudflare:workers';
 import { drizzle } from 'drizzle-orm/d1';
@@ -634,24 +634,34 @@ let RbacServiceBase = class extends develitWorker(WorkerEntrypoint) {
     return this.handleAction(
       { data: input, schema: getUserPermissionsInputSchema },
       { successMessage: "User permissions successfully returned." },
-      async ({ userId }) => {
+      async ({ userId, filter }) => {
         const resultRoles = await getRolesByUserQuery({ db: this.db, userId });
         const resultScopes = await getScopesByUserQuery({ db: this.db, userId });
         const resultRoleScopes = await getScopesByRolesQuery({
           db: this.db,
           roleIds: resultRoles.filter((role) => role.id).map((role) => role.id)
         });
+        const applyFilter = (scopeValue) => {
+          if (!filter) return true;
+          if (filter.scopeContains && !scopeValue.includes(filter.scopeContains)) {
+            return false;
+          }
+          if (filter.scopeStartsWith && !scopeValue.startsWith(filter.scopeStartsWith)) {
+            return false;
+          }
+          return true;
+        };
         const roles = resultRoles.map((role) => ({
           id: role.id,
           name: role.name
         }));
-        const scopes = resultScopes.map((scope) => ({
+        const scopes = resultScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
           id: scope.id,
           scope: scope.scope,
           label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,
           resourceId: scope.resourceId
         }));
-        const roleScopes = resultRoleScopes.map((scope) => ({
+        const roleScopes = resultRoleScopes.filter((scope) => applyFilter(scope.scope)).map((scope) => ({
           id: scope.id,
           scope: scope.scope,
           label: this.SCOPES.find((s) => s.value === scope.scope)?.label || null,

package/dist/export/wrangler.d.cts

@@ -1,4 +1,4 @@
-import { R as RbacServiceWranglerConfig } from '../shared/rbac.ClMKyW8J.cjs';
+import { R as RbacServiceWranglerConfig } from '../shared/rbac.DUk_qXWk.cjs';
 
 declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
     vars: {

package/dist/export/wrangler.d.mts

@@ -1,4 +1,4 @@
-import { R as RbacServiceWranglerConfig } from '../shared/rbac.ClMKyW8J.mjs';
+import { R as RbacServiceWranglerConfig } from '../shared/rbac.DUk_qXWk.mjs';
 
 declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
     vars: {

package/dist/export/wrangler.d.ts

@@ -1,4 +1,4 @@
-import { R as RbacServiceWranglerConfig } from '../shared/rbac.ClMKyW8J.js';
+import { R as RbacServiceWranglerConfig } from '../shared/rbac.DUk_qXWk.js';
 
 declare function defineRbacServiceWrangler(config: RbacServiceWranglerConfig): {
     vars: {

package/dist/shared/{rbac.CG3CtEwh.d.mts → rbac.4NEkwyHb.d.mts}

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { InferSelectModel, InferInsertModel } from 'drizzle-orm';
-import { s as schema } from './rbac.CqpxM3E5.mjs';
+import { s as schema } from './rbac.Dk5HPpHF.mjs';
 
 declare const tables: typeof schema;
 
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
 
 declare const getUserPermissionsInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
+    filter: z.ZodOptional<z.ZodObject<{
+        scopeContains: z.ZodOptional<z.ZodString>;
+        scopeStartsWith: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
 }
@@ -250,5 +254,5 @@ declare function isAndCondition(condition: ScopeCondition): condition is {
 };
 declare function isImplicitAndCondition(condition: ScopeCondition): condition is ScopeCondition[];
 
-export { scopeConditionSchema as $, assignRoleToUserInputSchema as H, assignRolesToUserInputSchema as I, createRoleInputSchema as J, deleteRoleInputSchema as K, getUserPermissionsInputSchema as M, grantScopeToRoleInputSchema as N, grantScopeToUserInputSchema as O, grantScopesToUserInputSchema as P, revokeRoleFromUserInputSchema as Q, revokeScopeFromRoleInputSchema as T, revokeScopeFromUserInputSchema as W, updateRoleInputSchema as X, scopeObjectSchema as Y, verifyAccessInputSchema as a0, isScopeObject as a1, isOrCondition as a2, isAndCondition as a3, isImplicitAndCondition as a4, tables as t };
-export type { AssignRoleToUserInput as A, UserRoleInsertType as B, CreateRoleInput as C, DeleteRoleInput as D, UserScopeSelectType as E, UserScopeInsertType as F, GrantScopeToUserInput as G, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, ScopeObject as Z, ScopeCondition as _, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleScopeSelectType as v, RoleScopeInsertType as w, RoleSelectType as x, RoleInsertType as y, UserRoleSelectType as z };
+export { revokeScopeFromRoleInputSchema as $, assignRoleToUserInputSchema as J, assignRolesToUserInputSchema as K, createRoleInputSchema as M, deleteRoleInputSchema as N, getUserPermissionsInputSchema as O, grantScopeToRoleInputSchema as P, grantScopeToUserInputSchema as Q, grantScopesToUserInputSchema as T, isAndCondition as W, isImplicitAndCondition as X, isOrCondition as Y, isScopeObject as Z, revokeRoleFromUserInputSchema as _, revokeScopeFromUserInputSchema as a0, scopeConditionSchema as a1, scopeObjectSchema as a2, updateRoleInputSchema as a3, verifyAccessInputSchema as a4, tables as t };
+export type { AssignRoleToUserInput as A, ScopeObject as B, CreateRoleInput as C, DeleteRoleInput as D, UserRoleInsertType as E, UserRoleSelectType as F, GrantScopeToUserInput as G, UserScopeInsertType as H, UserScopeSelectType as I, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleInsertType as v, RoleScopeInsertType as w, RoleScopeSelectType as x, RoleSelectType as y, ScopeCondition as z };

package/dist/shared/{rbac.BrefTsLW.d.ts → rbac.B4swuPCq.d.ts}

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { InferSelectModel, InferInsertModel } from 'drizzle-orm';
-import { s as schema } from './rbac.CqpxM3E5.js';
+import { s as schema } from './rbac.Dk5HPpHF.js';
 
 declare const tables: typeof schema;
 
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
 
 declare const getUserPermissionsInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
+    filter: z.ZodOptional<z.ZodObject<{
+        scopeContains: z.ZodOptional<z.ZodString>;
+        scopeStartsWith: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
 }
@@ -250,5 +254,5 @@ declare function isAndCondition(condition: ScopeCondition): condition is {
 };
 declare function isImplicitAndCondition(condition: ScopeCondition): condition is ScopeCondition[];
 
-export { scopeConditionSchema as $, assignRoleToUserInputSchema as H, assignRolesToUserInputSchema as I, createRoleInputSchema as J, deleteRoleInputSchema as K, getUserPermissionsInputSchema as M, grantScopeToRoleInputSchema as N, grantScopeToUserInputSchema as O, grantScopesToUserInputSchema as P, revokeRoleFromUserInputSchema as Q, revokeScopeFromRoleInputSchema as T, revokeScopeFromUserInputSchema as W, updateRoleInputSchema as X, scopeObjectSchema as Y, verifyAccessInputSchema as a0, isScopeObject as a1, isOrCondition as a2, isAndCondition as a3, isImplicitAndCondition as a4, tables as t };
-export type { AssignRoleToUserInput as A, UserRoleInsertType as B, CreateRoleInput as C, DeleteRoleInput as D, UserScopeSelectType as E, UserScopeInsertType as F, GrantScopeToUserInput as G, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, ScopeObject as Z, ScopeCondition as _, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleScopeSelectType as v, RoleScopeInsertType as w, RoleSelectType as x, RoleInsertType as y, UserRoleSelectType as z };
+export { revokeScopeFromRoleInputSchema as $, assignRoleToUserInputSchema as J, assignRolesToUserInputSchema as K, createRoleInputSchema as M, deleteRoleInputSchema as N, getUserPermissionsInputSchema as O, grantScopeToRoleInputSchema as P, grantScopeToUserInputSchema as Q, grantScopesToUserInputSchema as T, isAndCondition as W, isImplicitAndCondition as X, isOrCondition as Y, isScopeObject as Z, revokeRoleFromUserInputSchema as _, revokeScopeFromUserInputSchema as a0, scopeConditionSchema as a1, scopeObjectSchema as a2, updateRoleInputSchema as a3, verifyAccessInputSchema as a4, tables as t };
+export type { AssignRoleToUserInput as A, ScopeObject as B, CreateRoleInput as C, DeleteRoleInput as D, UserRoleInsertType as E, UserRoleSelectType as F, GrantScopeToUserInput as G, UserScopeInsertType as H, UserScopeSelectType as I, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleInsertType as v, RoleScopeInsertType as w, RoleScopeSelectType as x, RoleSelectType as y, ScopeCondition as z };

package/dist/shared/{rbac.JCf4hSCf.cjs → rbac.DH2MYF0T.cjs}

@@ -21,7 +21,11 @@ const deleteRoleInputSchema = zod.z.object({
 });
 
 const getUserPermissionsInputSchema = zod.z.object({
-  userId: zod.z.uuid()
+  userId: zod.z.uuid(),
+  filter: zod.z.object({
+    scopeContains: zod.z.string().optional(),
+    scopeStartsWith: zod.z.string().optional()
+  }).optional()
 });
 
 const grantScopeToRoleInputSchema = zod.z.object({

package/dist/shared/{rbac.ClMKyW8J.d.mts → rbac.DUk_qXWk.d.cts}

@@ -17,4 +17,4 @@ interface RbacServiceWranglerConfig {
 interface RbacServiceEnv extends RbacEnv {
 }
 
-export type { RbacServiceWranglerConfig as R, RbacServiceEnvironmentConfig as a, RbacServiceEnv as b };
+export type { RbacServiceWranglerConfig as R, RbacServiceEnv as a, RbacServiceEnvironmentConfig as b };

package/dist/shared/{rbac.ClMKyW8J.d.ts → rbac.DUk_qXWk.d.mts}

@@ -17,4 +17,4 @@ interface RbacServiceWranglerConfig {
 interface RbacServiceEnv extends RbacEnv {
 }
 
-export type { RbacServiceWranglerConfig as R, RbacServiceEnvironmentConfig as a, RbacServiceEnv as b };
+export type { RbacServiceWranglerConfig as R, RbacServiceEnv as a, RbacServiceEnvironmentConfig as b };

package/dist/shared/{rbac.ClMKyW8J.d.cts → rbac.DUk_qXWk.d.ts}

@@ -17,4 +17,4 @@ interface RbacServiceWranglerConfig {
 interface RbacServiceEnv extends RbacEnv {
 }
 
-export type { RbacServiceWranglerConfig as R, RbacServiceEnvironmentConfig as a, RbacServiceEnv as b };
+export type { RbacServiceWranglerConfig as R, RbacServiceEnv as a, RbacServiceEnvironmentConfig as b };

package/dist/shared/{rbac.DBpIRbd3.d.cts → rbac.DiIYl-FR.d.cts}

@@ -1,6 +1,6 @@
 import { z } from 'zod';
 import { InferSelectModel, InferInsertModel } from 'drizzle-orm';
-import { s as schema } from './rbac.CqpxM3E5.cjs';
+import { s as schema } from './rbac.Dk5HPpHF.cjs';
 
 declare const tables: typeof schema;
 
@@ -93,6 +93,10 @@ interface GetPermissionsOutput {
 
 declare const getUserPermissionsInputSchema: z.ZodObject<{
     userId: z.ZodUUID;
+    filter: z.ZodOptional<z.ZodObject<{
+        scopeContains: z.ZodOptional<z.ZodString>;
+        scopeStartsWith: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
 }, z.core.$strip>;
 interface GetUserPermissionsInput extends z.infer<typeof getUserPermissionsInputSchema> {
 }
@@ -250,5 +254,5 @@ declare function isAndCondition(condition: ScopeCondition): condition is {
 };
 declare function isImplicitAndCondition(condition: ScopeCondition): condition is ScopeCondition[];
 
-export { scopeConditionSchema as $, assignRoleToUserInputSchema as H, assignRolesToUserInputSchema as I, createRoleInputSchema as J, deleteRoleInputSchema as K, getUserPermissionsInputSchema as M, grantScopeToRoleInputSchema as N, grantScopeToUserInputSchema as O, grantScopesToUserInputSchema as P, revokeRoleFromUserInputSchema as Q, revokeScopeFromRoleInputSchema as T, revokeScopeFromUserInputSchema as W, updateRoleInputSchema as X, scopeObjectSchema as Y, verifyAccessInputSchema as a0, isScopeObject as a1, isOrCondition as a2, isAndCondition as a3, isImplicitAndCondition as a4, tables as t };
-export type { AssignRoleToUserInput as A, UserRoleInsertType as B, CreateRoleInput as C, DeleteRoleInput as D, UserScopeSelectType as E, UserScopeInsertType as F, GrantScopeToUserInput as G, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, ScopeObject as Z, ScopeCondition as _, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleScopeSelectType as v, RoleScopeInsertType as w, RoleSelectType as x, RoleInsertType as y, UserRoleSelectType as z };
+export { revokeScopeFromRoleInputSchema as $, assignRoleToUserInputSchema as J, assignRolesToUserInputSchema as K, createRoleInputSchema as M, deleteRoleInputSchema as N, getUserPermissionsInputSchema as O, grantScopeToRoleInputSchema as P, grantScopeToUserInputSchema as Q, grantScopesToUserInputSchema as T, isAndCondition as W, isImplicitAndCondition as X, isOrCondition as Y, isScopeObject as Z, revokeRoleFromUserInputSchema as _, revokeScopeFromUserInputSchema as a0, scopeConditionSchema as a1, scopeObjectSchema as a2, updateRoleInputSchema as a3, verifyAccessInputSchema as a4, tables as t };
+export type { AssignRoleToUserInput as A, ScopeObject as B, CreateRoleInput as C, DeleteRoleInput as D, UserRoleInsertType as E, UserRoleSelectType as F, GrantScopeToUserInput as G, UserScopeInsertType as H, UserScopeSelectType as I, LabeledScope as L, RevokeRoleFromUserInput as R, Scope as S, UpdateRoleInput as U, VerifyAccessInput as V, CreateRoleOutput as a, AssignRoleToUserOutput as b, AssignRolesToUserInput as c, AssignRolesToUserOutput as d, RevokeRoleFromUserOutput as e, GrantScopeToUserOutput as f, GrantScopesToUserInput as g, GrantScopesToUserOutput as h, RevokeScopeFromUserInput as i, RevokeScopeFromUserOutput as j, GrantScopeToRoleInput as k, GrantScopeToRoleOutput as l, RevokeScopeFromRoleInput as m, RevokeScopeFromRoleOutput as n, GetPermissionsOutput as o, GetUserPermissionsInput as p, GetUserPermissionsOutput as q, VerifyAccessOutput as r, DeleteRoleOutput as s, UpdateRoleOutput as u, RoleInsertType as v, RoleScopeInsertType as w, RoleScopeSelectType as x, RoleSelectType as y, ScopeCondition as z };

package/dist/shared/rbac.Dk5HPpHF.d.cts

@@ -0,0 +1,247 @@
+import * as drizzle_orm_sqlite_core from 'drizzle-orm/sqlite-core';
+
+declare const roleScope: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
+    name: "roles_scopes";
+    schema: undefined;
+    columns: {
+        roleId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "role_id";
+            tableName: "roles_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        scope: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "scope";
+            tableName: "roles_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        resourceId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "resource_id";
+            tableName: "roles_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        id: _packages_backend_sdk.IsPrimaryKey<_packages_backend_sdk.NotNull<_packages_backend_sdk.SQLiteTextBuilderInitial<"id", [string, ...string[]], number | undefined>>>;
+        createdAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"created_at">>;
+        createdBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"created_by", [string, ...string[]], number | undefined>;
+        updatedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"updated_at">>>;
+        updatedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"updated_by", [string, ...string[]], number | undefined>;
+        deletedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"deleted_at">>;
+        deletedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"deleted_by", [string, ...string[]], number | undefined>;
+    };
+    dialect: "sqlite";
+}>;
+
+declare const role: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
+    name: "roles";
+    schema: undefined;
+    columns: {
+        name: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "name";
+            tableName: "roles";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        id: _packages_backend_sdk.IsPrimaryKey<_packages_backend_sdk.NotNull<_packages_backend_sdk.SQLiteTextBuilderInitial<"id", [string, ...string[]], number | undefined>>>;
+        createdAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"created_at">>;
+        createdBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"created_by", [string, ...string[]], number | undefined>;
+        updatedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"updated_at">>>;
+        updatedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"updated_by", [string, ...string[]], number | undefined>;
+        deletedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"deleted_at">>;
+        deletedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"deleted_by", [string, ...string[]], number | undefined>;
+    };
+    dialect: "sqlite";
+}>;
+
+declare const userRole: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
+    name: "user_roles";
+    schema: undefined;
+    columns: {
+        userId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "user_id";
+            tableName: "user_roles";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        roleId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "role_id";
+            tableName: "user_roles";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        id: _packages_backend_sdk.IsPrimaryKey<_packages_backend_sdk.NotNull<_packages_backend_sdk.SQLiteTextBuilderInitial<"id", [string, ...string[]], number | undefined>>>;
+        createdAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"created_at">>;
+        createdBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"created_by", [string, ...string[]], number | undefined>;
+        updatedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"updated_at">>>;
+        updatedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"updated_by", [string, ...string[]], number | undefined>;
+        deletedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"deleted_at">>;
+        deletedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"deleted_by", [string, ...string[]], number | undefined>;
+    };
+    dialect: "sqlite";
+}>;
+
+declare const userScope: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
+    name: "user_scopes";
+    schema: undefined;
+    columns: {
+        userId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "user_id";
+            tableName: "user_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        scope: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "scope";
+            tableName: "user_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        resourceId: drizzle_orm_sqlite_core.SQLiteColumn<{
+            name: "resource_id";
+            tableName: "user_scopes";
+            dataType: "string";
+            columnType: "SQLiteText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: number | undefined;
+        }>;
+        id: _packages_backend_sdk.IsPrimaryKey<_packages_backend_sdk.NotNull<_packages_backend_sdk.SQLiteTextBuilderInitial<"id", [string, ...string[]], number | undefined>>>;
+        createdAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"created_at">>;
+        createdBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"created_by", [string, ...string[]], number | undefined>;
+        updatedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"updated_at">>>;
+        updatedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"updated_by", [string, ...string[]], number | undefined>;
+        deletedAt: _packages_backend_sdk.HasDefault<_packages_backend_sdk.SQLiteTimestampBuilderInitial<"deleted_at">>;
+        deletedBy: _packages_backend_sdk.SQLiteTextBuilderInitial<"deleted_by", [string, ...string[]], number | undefined>;
+    };
+    dialect: "sqlite";
+}>;
+
+declare const schema_role: typeof role;
+declare const schema_roleScope: typeof roleScope;
+declare const schema_userRole: typeof userRole;
+declare const schema_userScope: typeof userScope;
+declare namespace schema {
+  export {
+    schema_role as role,
+    schema_roleScope as roleScope,
+    schema_userRole as userRole,
+    schema_userScope as userScope,
+  };
+}
+
+export { roleScope as a, userScope as b, role as r, schema as s, userRole as u };