@elsikora/nestjs-crud-automator 1.16.0-dev.1 → 1.17.0-dev.1

package/dist/esm/class/api/authorization/policy/base.class.js

@@ -0,0 +1,66 @@
+import { ApiSubscriberBase } from '../../subscriber/base.class.js';
+import { EAuthorizationEffect } from '../../../../enum/authorization/effect.enum.js';
+
+/**
+ * Base class for all authorization policies. It mirrors ApiFunctionSubscriberBase
+ * and provides helper methods to create allow/deny rules that are later executed by the policy executor.
+ * @template E - Entity type extending IApiBaseEntity
+ */
+class ApiAuthorizationPolicyBase extends ApiSubscriberBase {
+    /**
+     * Creates an ALLOW rule with optional overrides.
+     * @param {Omit<IApiAuthorizationPolicySubscriberRule<E>, "effect">} [rule] - Rule fields to merge.
+     * @returns {IApiAuthorizationPolicySubscriberRule<E>} Allow rule.
+     */
+    allow(rule = {}) {
+        return {
+            effect: EAuthorizationEffect.ALLOW,
+            ...rule,
+        };
+    }
+    /**
+     * Helper that creates an allow rule conditioned on the subject having at least one of the provided roles.
+     * @param {Array<string>} roles - Roles that grant access.
+     * @param {Omit<IApiAuthorizationPolicySubscriberRule<E>, "effect">} [rule] - Optional overrides.
+     * @returns {IApiAuthorizationPolicySubscriberRule<E>} Allow rule targeting the given roles.
+     */
+    allowForRoles(roles, rule = {}) {
+        return this.allow({
+            condition: ({ subject }) => roles.some((role) => subject.roles.includes(role)),
+            ...rule,
+        });
+    }
+    /**
+     * Creates a DENY rule with optional overrides.
+     * @param {Omit<IApiAuthorizationPolicySubscriberRule<E>, "effect">} [rule] - Rule fields to merge.
+     * @returns {IApiAuthorizationPolicySubscriberRule<E>} Deny rule.
+     */
+    deny(rule = {}) {
+        return {
+            effect: EAuthorizationEffect.DENY,
+            ...rule,
+        };
+    }
+    /**
+     * Helper that scopes data access to the owner identified by a field.
+     * Automatically handles relations by using nested id structure.
+     * @param {keyof E} [ownerField] - Entity field used to match the subject id, defaults to ownerId.
+     * @param {Omit<IApiAuthorizationPolicySubscriberRule<E>, "effect">} [rule] - Optional overrides.
+     * @returns {IApiAuthorizationPolicySubscriberRule<E>} Allow rule with owner scope.
+     */
+    scopeToOwner(ownerField = "ownerId", rule = {}) {
+        return this.allow({
+            scope: ({ subject }) => {
+                return {
+                    where: {
+                        [ownerField]: { id: subject.id },
+                    },
+                };
+            },
+            ...rule,
+        });
+    }
+}
+
+export { ApiAuthorizationPolicyBase };
+//# sourceMappingURL=base.class.js.map

package/dist/esm/class/api/authorization/policy/base.class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.class.js","sources":["../../../../../../../src/class/api/authorization/policy/base.class.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAQA;;;;AAIG;AACG,MAAgB,0BAAqD,SAAQ,iBAAiB,CAAA;AACnG;;;;AAIG;IACO,KAAK,CAAI,OAAoE,EAAiE,EAAA;QACvJ,OAAO;YACN,MAAM,EAAE,oBAAoB,CAAC,KAAK;AAClC,YAAA,GAAG,IAAI;SACP;IACF;AAEA;;;;;AAKG;AACO,IAAA,aAAa,CAAI,KAAoB,EAAE,IAAA,GAAoE,EAAiE,EAAA;QACrL,OAAO,IAAI,CAAC,KAAK,CAAC;YACjB,SAAS,EAAE,CAAC,EAAE,OAAO,EAAmC,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC,IAAY,KAAK,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACvH,YAAA,GAAG,IAAI;AACP,SAAA,CAAC;IACH;AAEA;;;;AAIG;IACO,IAAI,CAAI,OAAoE,EAAiE,EAAA;QACtJ,OAAO;YACN,MAAM,EAAE,oBAAoB,CAAC,IAAI;AACjC,YAAA,GAAG,IAAI;SACP;IACF;AAEA;;;;;;AAMG;AACO,IAAA,YAAY,CAAI,UAAA,GAAsB,SAAoB,EAAE,OAAoE,EAAiE,EAAA;QAC1M,OAAO,IAAI,CAAC,KAAK,CAAC;AACjB,YAAA,KAAK,EAAE,CAAC,EAAE,OAAO,EAAmC,KAAI;gBACvD,OAAO;AACN,oBAAA,KAAK,EAAE;wBACN,CAAC,UAAoB,GAAG,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE;AACnB,qBAAA;iBACxB;YACF,CAAC;AACD,YAAA,GAAG,IAAI;AACP,SAAA,CAAC;IACH;AACA;;;;"}

package/dist/esm/class/api/authorization/policy/discovery-service.class.d.ts

@@ -0,0 +1,10 @@
+import { OnModuleInit } from "@nestjs/common";
+import { DiscoveryService } from "@nestjs/core";
+import { ApiAuthorizationPolicyRegistry } from './registry.class';
+export declare class ApiAuthorizationPolicyDiscoveryService implements OnModuleInit {
+    private readonly discoveryService;
+    private readonly registry;
+    constructor(discoveryService: DiscoveryService, registry: ApiAuthorizationPolicyRegistry);
+    onModuleInit(): void;
+    private isPolicyWrapper;
+}

package/dist/esm/class/api/authorization/policy/discovery-service.class.js

@@ -0,0 +1,53 @@
+import { __decorate, __metadata } from '../../../../external/tslib/tslib.es6.js';
+import { AUTHORIZATION_POLICY_DECORATOR_CONSTANT } from '../../../../constant/authorization/policy/decorator.constant.js';
+import { Injectable } from '@nestjs/common';
+import { DiscoveryService } from '@nestjs/core';
+import { LoggerUtility } from '../../../../utility/logger.utility.js';
+import { ApiAuthorizationPolicyBase } from './base.class.js';
+import { ApiAuthorizationPolicyRegistry } from './registry.class.js';
+
+const policyDiscoveryLogger = LoggerUtility.getLogger("ApiAuthorizationPolicyDiscoveryService");
+let ApiAuthorizationPolicyDiscoveryService = class ApiAuthorizationPolicyDiscoveryService {
+    discoveryService;
+    registry;
+    constructor(discoveryService, registry) {
+        this.discoveryService = discoveryService;
+        this.registry = registry;
+    }
+    onModuleInit() {
+        policyDiscoveryLogger.verbose("Starting authorization policy discovery...");
+        const providers = this.discoveryService.getProviders();
+        const policyProviders = providers.filter((wrapper) => this.isPolicyWrapper(wrapper));
+        for (const wrapper of policyProviders) {
+            if (!wrapper.metatype) {
+                continue;
+            }
+            const metadata = Reflect.getMetadata(AUTHORIZATION_POLICY_DECORATOR_CONSTANT.METADATA_KEY, wrapper.metatype);
+            const properties = metadata;
+            if (!properties) {
+                continue;
+            }
+            const policyId = properties.policyId ?? `${properties.entity.name?.toLowerCase() ?? "unknown"}${AUTHORIZATION_POLICY_DECORATOR_CONSTANT.DEFAULT_POLICY_ID_SUFFIX}`;
+            this.registry.registerSubscriber({
+                description: properties.description,
+                entity: properties.entity,
+                policyId,
+                priority: properties.priority ?? 0,
+                subscriber: wrapper.instance,
+            });
+            policyDiscoveryLogger.verbose(`Registered authorization policy ${wrapper.name ?? properties.entity.name ?? "UnknownPolicy"} for entity ${properties.entity.name ?? "UnknownEntity"} with priority ${properties.priority ?? 0}`);
+        }
+        policyDiscoveryLogger.verbose(`Authorization policy discovery finished. Registered ${policyProviders.length} providers.`);
+    }
+    isPolicyWrapper(wrapper) {
+        return Boolean(wrapper.instance && wrapper.metatype && wrapper.instance instanceof ApiAuthorizationPolicyBase && Reflect.hasMetadata(AUTHORIZATION_POLICY_DECORATOR_CONSTANT.METADATA_KEY, wrapper.metatype));
+    }
+};
+ApiAuthorizationPolicyDiscoveryService = __decorate([
+    Injectable(),
+    __metadata("design:paramtypes", [DiscoveryService,
+        ApiAuthorizationPolicyRegistry])
+], ApiAuthorizationPolicyDiscoveryService);
+
+export { ApiAuthorizationPolicyDiscoveryService };
+//# sourceMappingURL=discovery-service.class.js.map

package/dist/esm/class/api/authorization/policy/discovery-service.class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery-service.class.js","sources":["../../../../../../../src/class/api/authorization/policy/discovery-service.class.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;AAYA,MAAM,qBAAqB,GAAkB,aAAa,CAAC,SAAS,CAAC,wCAAwC,CAAC;AAGvG,IAAM,sCAAsC,GAA5C,MAAM,sCAAsC,CAAA;AAEhC,IAAA,gBAAA;AACA,IAAA,QAAA;IAFlB,WAAA,CACkB,gBAAkC,EAClC,QAAwC,EAAA;QADxC,IAAA,CAAA,gBAAgB,GAAhB,gBAAgB;QAChB,IAAA,CAAA,QAAQ,GAAR,QAAQ;IACvB;IAEI,YAAY,GAAA;AAClB,QAAA,qBAAqB,CAAC,OAAO,CAAC,4CAA4C,CAAC;QAC3E,MAAM,SAAS,GAA2B,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE;AAC9E,QAAA,MAAM,eAAe,GAA2B,SAAS,CAAC,MAAM,CAAC,CAAC,OAAwB,KAAK,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;AAE7H,QAAA,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE;AACtC,YAAA,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBACtB;YACD;AAEA,YAAA,MAAM,QAAQ,GAAY,OAAO,CAAC,WAAW,CAAC,uCAAuC,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC;YACrH,MAAM,UAAU,GAA4E,QAAmF;YAE/K,IAAI,CAAC,UAAU,EAAE;gBAChB;YACD;YAEA,MAAM,QAAQ,GAAW,UAAU,CAAC,QAAQ,IAAI,CAAA,EAAG,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,SAAS,GAAG,uCAAuC,CAAC,wBAAwB,CAAA,CAAE;AAE1K,YAAA,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC;gBAChC,WAAW,EAAE,UAAU,CAAC,WAAW;gBACnC,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,QAAQ;AACR,gBAAA,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,CAAC;gBAClC,UAAU,EAAE,OAAO,CAAC,QAA6D;AACjF,aAAA,CAAC;AAEF,YAAA,qBAAqB,CAAC,OAAO,CAAC,CAAA,gCAAA,EAAmC,OAAO,CAAC,IAAI,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,eAAe,CAAA,YAAA,EAAe,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,eAAe,CAAA,eAAA,EAAkB,UAAU,CAAC,QAAQ,IAAI,CAAC,CAAA,CAAE,CAAC;QAChO;QAEA,qBAAqB,CAAC,OAAO,CAAC,CAAA,oDAAA,EAAuD,eAAe,CAAC,MAAM,CAAA,WAAA,CAAa,CAAC;IAC1H;AAEQ,IAAA,eAAe,CAAC,OAAwB,EAAA;AAC/C,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,YAAY,0BAA0B,IAAI,OAAO,CAAC,WAAW,CAAC,uCAAuC,CAAC,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9M;;AAzCY,sCAAsC,GAAA,UAAA,CAAA;AADlD,IAAA,UAAU,EAAE;qCAGwB,gBAAgB;QACxB,8BAA8B,CAAA;AAH9C,CAAA,EAAA,sCAAsC,CA0ClD;;;;"}

package/dist/esm/class/api/authorization/policy/executor.class.d.ts

@@ -0,0 +1,8 @@
+import type { IApiBaseEntity } from '../../../../interface/api-base-entity.interface';
+import type { IApiAuthorizationPolicySubscriber, IApiAuthorizationPolicySubscriberContext, IApiAuthorizationPolicySubscriberRule } from '../../../../interface/authorization/policy/subscriber/index';
+import type { TApiAuthorizationPolicyHookResult } from '../../../../type/class/api/authorization/policy/hook/index';
+export declare class ApiAuthorizationPolicyExecutor {
+    static execute<E extends IApiBaseEntity, TAction extends string>(subscriber: IApiAuthorizationPolicySubscriber<E>, action: TAction, context: IApiAuthorizationPolicySubscriberContext<E>): Promise<Array<IApiAuthorizationPolicySubscriberRule<E, TApiAuthorizationPolicyHookResult<TAction, E>>>>;
+    private static normalizeRuleResult;
+    private static resolveRouteType;
+}

package/dist/esm/class/api/authorization/policy/executor.class.js

@@ -0,0 +1,41 @@
+import { EApiAuthorizationPolicyOnType } from '../../../../enum/authorization/policy/on-type.enum.js';
+import { EApiRouteType } from '../../../../enum/decorator/api/route-type.enum.js';
+import { CapitalizeString } from '../../../../utility/capitalize-string.utility.js';
+import { LoggerUtility } from '../../../../utility/logger.utility.js';
+
+const policyExecutorLogger = LoggerUtility.getLogger("ApiAuthorizationPolicyExecutor");
+class ApiAuthorizationPolicyExecutor {
+    static async execute(subscriber, action, context) {
+        const routeType = context.routeType ?? this.resolveRouteType(action);
+        if (routeType) {
+            const hookName = `on${EApiAuthorizationPolicyOnType.BEFORE}${CapitalizeString(routeType)}`;
+            const hook = subscriber[hookName];
+            if (typeof hook === "function") {
+                policyExecutorLogger.verbose(`Executing authorization policy hook ${hookName} from ${subscriber.constructor.name} for action "${action}"`);
+                const typedHook = hook;
+                const result = typedHook.call(subscriber, context);
+                return this.normalizeRuleResult(await result);
+            }
+            return [];
+        }
+        if (typeof subscriber.getCustomActionRule !== "function") {
+            return [];
+        }
+        const customActionHook = subscriber.getCustomActionRule.bind(subscriber);
+        const customResult = customActionHook(action, context);
+        return this.normalizeRuleResult(await customResult);
+    }
+    static normalizeRuleResult(result) {
+        if (Array.isArray(result)) {
+            return result.filter((rule) => rule != null);
+        }
+        return result ? [result] : [];
+    }
+    static resolveRouteType(action) {
+        const routeTypes = Object.values(EApiRouteType);
+        return routeTypes.find((routeType) => routeType === action);
+    }
+}
+
+export { ApiAuthorizationPolicyExecutor };
+//# sourceMappingURL=executor.class.js.map

package/dist/esm/class/api/authorization/policy/executor.class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.class.js","sources":["../../../../../../../src/class/api/authorization/policy/executor.class.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;AAUA,MAAM,oBAAoB,GAAkB,aAAa,CAAC,SAAS,CAAC,gCAAgC,CAAC;MAIxF,8BAA8B,CAAA;IACnC,aAAa,OAAO,CAAmD,UAAgD,EAAE,MAAe,EAAE,OAAoD,EAAA;AACpM,QAAA,MAAM,SAAS,GAA8B,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAE/F,IAAI,SAAS,EAAE;AACd,YAAA,MAAM,QAAQ,GAAW,CAAA,EAAA,EAAK,6BAA6B,CAAC,MAAM,CAAA,EAAG,gBAAgB,CAAC,SAAS,CAAC,CAAA,CAAE;AAClG,YAAA,MAAM,IAAI,GAAY,UAAU,CAAC,QAAsD,CAAC;AAExF,YAAA,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE;AAC/B,gBAAA,oBAAoB,CAAC,OAAO,CAAC,CAAA,oCAAA,EAAuC,QAAQ,CAAA,MAAA,EAAS,UAAU,CAAC,WAAW,CAAC,IAAI,CAAA,aAAA,EAAgB,MAAM,CAAA,CAAA,CAAG,CAAC;gBAC1I,MAAM,SAAS,GAAqH,IAAwH;gBAC5P,MAAM,MAAM,GAA2D,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;AAE1G,gBAAA,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,MAAM,CAAC;YAC9C;AAEA,YAAA,OAAO,EAAE;QACV;AAEA,QAAA,IAAI,OAAO,UAAU,CAAC,mBAAmB,KAAK,UAAU,EAAE;AACzD,YAAA,OAAO,EAAE;QACV;QAEA,MAAM,gBAAgB,GAA+I,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAA+I;QAElW,MAAM,YAAY,GAA2D,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC;AAE9G,QAAA,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,YAAY,CAAC;IACpD;IAEQ,OAAO,mBAAmB,CAA8B,MAAyD,EAAA;AACxH,QAAA,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AAC1B,YAAA,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAoE,KAA0D,IAAI,IAAI,IAAI,CAAC;QAClK;QAEA,OAAO,MAAM,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;IAC9B;IAEQ,OAAO,gBAAgB,CAAC,MAAc,EAAA;QAC7C,MAAM,UAAU,GAAkB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAkB;AAE/E,QAAA,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAiB,KAAK,SAAS,KAAK,MAAM,CAA8B;IACjG;AACA;;;;"}

package/dist/esm/class/api/authorization/policy/index.d.ts

@@ -0,0 +1,4 @@
+export { ApiAuthorizationPolicyBase } from './base.class';
+export { ApiAuthorizationPolicyDiscoveryService } from './discovery-service.class';
+export { ApiAuthorizationPolicyExecutor } from './executor.class';
+export { ApiAuthorizationPolicyRegistry } from './registry.class';

package/dist/esm/class/api/authorization/policy/registry.class.d.ts

@@ -0,0 +1,26 @@
+import type { IApiBaseEntity } from '../../../../interface/api-base-entity.interface';
+import type { IApiAuthorizationPolicy, IApiAuthorizationPolicyRegistry, IApiAuthorizationPolicySubscriberRegistration } from '../../../../interface/authorization/index';
+import type { TApiAuthorizationPolicyHookResult } from '../../../../type/class/api/authorization/policy/hook/index';
+type TEntityConstructor<E extends IApiBaseEntity> = new () => E;
+export declare class ApiAuthorizationPolicyRegistry implements IApiAuthorizationPolicyRegistry {
+    private readonly LEGACY_POLICIES;
+    private readonly POLICY_CACHE;
+    private readonly POLICY_REGISTRATIONS_BY_ENTITY;
+    private readonly POLICY_REGISTRATIONS_BY_ID;
+    constructor();
+    buildAggregatedPolicy<E extends IApiBaseEntity, TAction extends string>(entity: TEntityConstructor<E>, action: TAction): Promise<IApiAuthorizationPolicy<E, TApiAuthorizationPolicyHookResult<TAction, E>> | undefined>;
+    clear(): void;
+    registerPolicy<E extends IApiBaseEntity, R>(policy: IApiAuthorizationPolicy<E, R>): void;
+    registerSubscriber<E extends IApiBaseEntity>(registration: IApiAuthorizationPolicySubscriberRegistration<E>): void;
+    private cachePolicy;
+    private createCacheKey;
+    private getEntityName;
+    private invalidateCacheForEntity;
+    private normalizeRule;
+    private resolvePolicyId;
+    private resolveRouteType;
+    private setLegacyPolicy;
+    private toBasePolicy;
+}
+export declare const apiAuthorizationPolicyRegistry: ApiAuthorizationPolicyRegistry;
+export {};

package/dist/esm/class/api/authorization/policy/registry.class.js

@@ -0,0 +1,148 @@
+import { AUTHORIZATION_POLICY_DECORATOR_CONSTANT } from '../../../../constant/authorization/policy/decorator.constant.js';
+import { EApiRouteType } from '../../../../enum/decorator/api/route-type.enum.js';
+import { GenerateEntityInformation } from '../../../../utility/generate-entity-information.utility.js';
+import { LoggerUtility } from '../../../../utility/logger.utility.js';
+import { ApiAuthorizationPolicyExecutor } from './executor.class.js';
+
+const policyRegistryLogger = LoggerUtility.getLogger("ApiAuthorizationPolicyRegistry");
+class ApiAuthorizationPolicyRegistry {
+    LEGACY_POLICIES;
+    POLICY_CACHE;
+    POLICY_REGISTRATIONS_BY_ENTITY;
+    POLICY_REGISTRATIONS_BY_ID;
+    constructor() {
+        this.LEGACY_POLICIES = new Map();
+        this.POLICY_CACHE = new Map();
+        this.POLICY_REGISTRATIONS_BY_ENTITY = new Map();
+        this.POLICY_REGISTRATIONS_BY_ID = new Map();
+    }
+    async buildAggregatedPolicy(entity, action) {
+        const entityName = this.getEntityName(entity);
+        const cacheKey = this.createCacheKey(entity, action);
+        policyRegistryLogger.debug(`Building aggregated policy for entity "${entityName}" action "${action}" (cache key: ${cacheKey})`);
+        const cachedPolicy = this.POLICY_CACHE.get(cacheKey);
+        if (cachedPolicy) {
+            policyRegistryLogger.debug(`Returning cached policy for "${cacheKey}"`);
+            return cachedPolicy;
+        }
+        const legacyPolicy = this.LEGACY_POLICIES.get(cacheKey);
+        if (legacyPolicy) {
+            policyRegistryLogger.debug(`Returning legacy policy for "${cacheKey}"`);
+            this.cachePolicy(cacheKey, legacyPolicy);
+            return legacyPolicy;
+        }
+        const registrations = this.POLICY_REGISTRATIONS_BY_ENTITY.get(entityName);
+        policyRegistryLogger.debug(`Found ${registrations?.length ?? 0} registration(s) for entity "${entityName}"`);
+        policyRegistryLogger.debug(`All registered entities: [${[...this.POLICY_REGISTRATIONS_BY_ENTITY.keys()].join(", ")}]`);
+        if (!registrations?.length) {
+            return undefined;
+        }
+        const entityMetadata = GenerateEntityInformation(entity);
+        const routeType = this.resolveRouteType(action);
+        const aggregatedRules = [];
+        for (const registration of registrations) {
+            const context = {
+                action,
+                entity,
+                entityMetadata,
+                routeType,
+            };
+            const rules = await ApiAuthorizationPolicyExecutor.execute(registration.subscriber, action, context);
+            if (rules.length === 0) {
+                continue;
+            }
+            const normalizedRules = rules.map((rule) => this.normalizeRule(registration.policyId, registration.priority ?? 0, rule, action));
+            aggregatedRules.push(...normalizedRules);
+        }
+        if (aggregatedRules.length === 0) {
+            return undefined;
+        }
+        aggregatedRules.sort((a, b) => b.priority - a.priority);
+        const policyDescription = registrations.find((registration) => Boolean(registration.description))?.description;
+        const policy = {
+            action,
+            description: policyDescription,
+            entity,
+            policyId: this.resolvePolicyId(entity),
+            rules: aggregatedRules,
+        };
+        this.cachePolicy(cacheKey, policy);
+        return policy;
+    }
+    clear() {
+        this.LEGACY_POLICIES.clear();
+        this.POLICY_CACHE.clear();
+        this.POLICY_REGISTRATIONS_BY_ENTITY.clear();
+        this.POLICY_REGISTRATIONS_BY_ID.clear();
+    }
+    registerPolicy(policy) {
+        const cacheKey = this.createCacheKey(policy.entity, policy.action);
+        this.setLegacyPolicy(cacheKey, policy);
+    }
+    registerSubscriber(registration) {
+        const normalizedRegistration = {
+            description: registration.description,
+            entity: registration.entity,
+            policyId: registration.policyId,
+            priority: registration.priority ?? 0,
+            subscriber: registration.subscriber,
+        };
+        const entityName = this.getEntityName(normalizedRegistration.entity);
+        policyRegistryLogger.verbose(`Registering policy subscriber for entity "${entityName}" with policyId "${normalizedRegistration.policyId}" and priority ${normalizedRegistration.priority}`);
+        this.POLICY_REGISTRATIONS_BY_ID.set(normalizedRegistration.policyId, normalizedRegistration);
+        const entityRegistrations = this.POLICY_REGISTRATIONS_BY_ENTITY.get(entityName) ?? [];
+        entityRegistrations.push(normalizedRegistration);
+        entityRegistrations.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+        this.POLICY_REGISTRATIONS_BY_ENTITY.set(entityName, entityRegistrations);
+        policyRegistryLogger.debug(`Total registrations for entity "${entityName}": ${entityRegistrations.length}`);
+        this.invalidateCacheForEntity(entityName);
+    }
+    cachePolicy(cacheKey, policy) {
+        this.POLICY_CACHE.set(cacheKey, this.toBasePolicy(policy));
+    }
+    createCacheKey(entity, action) {
+        return `${this.getEntityName(entity)}::${action.toLowerCase()}`;
+    }
+    getEntityName(entity) {
+        return (entity.name ?? "UnknownResource").toLowerCase();
+    }
+    invalidateCacheForEntity(entityName) {
+        for (const cacheKey of this.POLICY_CACHE.keys()) {
+            if (cacheKey.startsWith(`${entityName}::`)) {
+                this.POLICY_CACHE.delete(cacheKey);
+            }
+        }
+    }
+    normalizeRule(policyId, subscriberPriority, rule, action) {
+        const rulePriority = rule.priority ?? 0;
+        return {
+            action,
+            condition: rule.condition,
+            description: rule.description,
+            effect: rule.effect,
+            policyId,
+            priority: subscriberPriority + rulePriority,
+            resultTransform: rule.resultTransform,
+            scope: rule.scope,
+        };
+    }
+    resolvePolicyId(entity) {
+        return `${this.getEntityName(entity)}${AUTHORIZATION_POLICY_DECORATOR_CONSTANT.DEFAULT_POLICY_ID_SUFFIX}`;
+    }
+    resolveRouteType(action) {
+        const routeTypes = Object.values(EApiRouteType);
+        return routeTypes.find((routeType) => routeType === action);
+    }
+    setLegacyPolicy(cacheKey, policy) {
+        const normalizedPolicy = this.toBasePolicy(policy);
+        this.LEGACY_POLICIES.set(cacheKey, normalizedPolicy);
+        this.POLICY_CACHE.set(cacheKey, normalizedPolicy);
+    }
+    toBasePolicy(policy) {
+        return policy;
+    }
+}
+const apiAuthorizationPolicyRegistry = new ApiAuthorizationPolicyRegistry();
+
+export { ApiAuthorizationPolicyRegistry, apiAuthorizationPolicyRegistry };
+//# sourceMappingURL=registry.class.js.map

package/dist/esm/class/api/authorization/policy/registry.class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.class.js","sources":["../../../../../../../src/class/api/authorization/policy/registry.class.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;AAYA,MAAM,oBAAoB,GAAkB,aAAa,CAAC,SAAS,CAAC,gCAAgC,CAAC;MAIxF,8BAA8B,CAAA;AACzB,IAAA,eAAe;AAEf,IAAA,YAAY;AAEZ,IAAA,8BAA8B;AAE9B,IAAA,0BAA0B;AAE3C,IAAA,WAAA,GAAA;AACC,QAAA,IAAI,CAAC,eAAe,GAAG,IAAI,GAAG,EAAE;AAChC,QAAA,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE;AAC7B,QAAA,IAAI,CAAC,8BAA8B,GAAG,IAAI,GAAG,EAAE;AAC/C,QAAA,IAAI,CAAC,0BAA0B,GAAG,IAAI,GAAG,EAAE;IAC5C;AAEO,IAAA,MAAM,qBAAqB,CAAmD,MAA6B,EAAE,MAAe,EAAA;QAClI,MAAM,UAAU,GAAW,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC;QACrD,MAAM,QAAQ,GAAW,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC;QAC5D,oBAAoB,CAAC,KAAK,CAAC,CAAA,uCAAA,EAA0C,UAAU,CAAA,UAAA,EAAa,MAAM,CAAA,cAAA,EAAiB,QAAQ,CAAA,CAAA,CAAG,CAAC;QAE/H,MAAM,YAAY,GAA0F,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAA0F;QAEpO,IAAI,YAAY,EAAE;AACjB,YAAA,oBAAoB,CAAC,KAAK,CAAC,gCAAgC,QAAQ,CAAA,CAAA,CAAG,CAAC;AAEvE,YAAA,OAAO,YAAY;QACpB;QAEA,MAAM,YAAY,GAA0F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAA0F;QAEvO,IAAI,YAAY,EAAE;AACjB,YAAA,oBAAoB,CAAC,KAAK,CAAC,gCAAgC,QAAQ,CAAA,CAAA,CAAG,CAAC;AACvE,YAAA,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,YAAY,CAAC;AAExC,YAAA,OAAO,YAAY;QACpB;QAEA,MAAM,aAAa,GAAqF,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,UAAU,CAAC;AAE3J,QAAA,oBAAoB,CAAC,KAAK,CAAC,CAAA,MAAA,EAAS,aAAa,EAAE,MAAM,IAAI,CAAC,CAAA,6BAAA,EAAgC,UAAU,CAAA,CAAA,CAAG,CAAC;QAC5G,oBAAoB,CAAC,KAAK,CAAC,CAAA,0BAAA,EAA6B,CAAC,GAAG,IAAI,CAAC,8BAA8B,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA,CAAA,CAAG,CAAC;AAEtH,QAAA,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE;AAC3B,YAAA,OAAO,SAAS;QACjB;AAEA,QAAA,MAAM,cAAc,GAAkB,yBAAyB,CAAI,MAAM,CAAC;QAC1E,MAAM,SAAS,GAA8B,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC;QAC1E,MAAM,eAAe,GAAmF,EAAE;AAE1G,QAAA,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;AACzC,YAAA,MAAM,OAAO,GAAgD;gBAC5D,MAAM;gBACN,MAAM;gBACN,cAAc;gBACd,SAAS;aACT;AAED,YAAA,MAAM,KAAK,GAAmG,MAAM,8BAA8B,CAAC,OAAO,CAAC,YAAY,CAAC,UAA6D,EAAE,MAAM,EAAE,OAAO,CAAC;AAEvP,YAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;gBACvB;YACD;AAEA,YAAA,MAAM,eAAe,GAAmF,KAAK,CAAC,GAAG,CAAC,CAAC,IAA6F,KAAK,IAAI,CAAC,aAAa,CAAa,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AAErT,YAAA,eAAe,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC;QACzC;AAEA,QAAA,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;AACjC,YAAA,OAAO,SAAS;QACjB;AAEA,QAAA,eAAe,CAAC,IAAI,CAAC,CAAC,CAA0E,EAAE,CAA0E,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;QAEzM,MAAM,iBAAiB,GAAuB,aAAa,CAAC,IAAI,CAAC,CAAC,YAA2E,KAAK,OAAO,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,EAAE,WAAW;AAEjM,QAAA,MAAM,MAAM,GAA8E;YACzF,MAAM;AACN,YAAA,WAAW,EAAE,iBAAiB;YAC9B,MAAM;AACN,YAAA,QAAQ,EAAE,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;AACtC,YAAA,KAAK,EAAE,eAAe;SACtB;AAED,QAAA,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC;AAElC,QAAA,OAAO,MAAM;IACd;IAEO,KAAK,GAAA;AACX,QAAA,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE;AAC5B,QAAA,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE;AACzB,QAAA,IAAI,CAAC,8BAA8B,CAAC,KAAK,EAAE;AAC3C,QAAA,IAAI,CAAC,0BAA0B,CAAC,KAAK,EAAE;IACxC;AAEO,IAAA,cAAc,CAA8B,MAAqC,EAAA;AACvF,QAAA,MAAM,QAAQ,GAAW,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;AAC1E,QAAA,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC;IACvC;AAEO,IAAA,kBAAkB,CAA2B,YAA8D,EAAA;AACjH,QAAA,MAAM,sBAAsB,GAAkE;YAC7F,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,MAAM,EAAE,YAAY,CAAC,MAA4C;YACjE,QAAQ,EAAE,YAAY,CAAC,QAAQ;AAC/B,YAAA,QAAQ,EAAE,YAAY,CAAC,QAAQ,IAAI,CAAC;YACpC,UAAU,EAAE,YAAY,CAAC,UAAmB;SAC5C;QAED,MAAM,UAAU,GAAW,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,CAAC;AAE5E,QAAA,oBAAoB,CAAC,OAAO,CAAC,CAAA,0CAAA,EAA6C,UAAU,CAAA,iBAAA,EAAoB,sBAAsB,CAAC,QAAQ,kBAAkB,sBAAsB,CAAC,QAAQ,CAAA,CAAE,CAAC;QAE3L,IAAI,CAAC,0BAA0B,CAAC,GAAG,CAAC,sBAAsB,CAAC,QAAQ,EAAE,sBAAsB,CAAC;AAE5F,QAAA,MAAM,mBAAmB,GAAyE,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;AAE3J,QAAA,mBAAmB,CAAC,IAAI,CAAC,sBAAsB,CAAC;QAChD,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAgE,EAAE,CAAgE,KAAK,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;QAEvM,IAAI,CAAC,8BAA8B,CAAC,GAAG,CAAC,UAAU,EAAE,mBAAmB,CAAC;QACxE,oBAAoB,CAAC,KAAK,CAAC,CAAA,gCAAA,EAAmC,UAAU,CAAA,GAAA,EAAM,mBAAmB,CAAC,MAAM,CAAA,CAAE,CAAC;AAE3G,QAAA,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC;IAC1C;IAEQ,WAAW,CAA8B,QAAgB,EAAE,MAAqC,EAAA;AACvG,QAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC3D;IAEQ,cAAc,CAA2B,MAA6B,EAAE,MAAc,EAAA;AAC7F,QAAA,OAAO,CAAA,EAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA,EAAA,EAAK,MAAM,CAAC,WAAW,EAAE,EAAE;IAChE;AAEQ,IAAA,aAAa,CAA2B,MAA6B,EAAA;QAC5E,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,iBAAiB,EAAE,WAAW,EAAE;IACxD;AAEQ,IAAA,wBAAwB,CAAC,UAAkB,EAAA;QAClD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE;YAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,UAAU,CAAA,EAAA,CAAI,CAAC,EAAE;AAC3C,gBAAA,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC;YACnC;QACD;IACD;AAEQ,IAAA,aAAa,CAAmD,QAAgB,EAAE,kBAA0B,EAAE,IAA6F,EAAE,MAAe,EAAA;AACnO,QAAA,MAAM,YAAY,GAAW,IAAI,CAAC,QAAQ,IAAI,CAAC;QAE/C,OAAO;YACN,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,QAAQ;YACR,QAAQ,EAAE,kBAAkB,GAAG,YAAY;YAC3C,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,KAAK,EAAE,IAAI,CAAC,KAAK;SACjB;IACF;AAEQ,IAAA,eAAe,CAA2B,MAA6B,EAAA;AAC9E,QAAA,OAAO,CAAA,EAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAA,EAAG,uCAAuC,CAAC,wBAAwB,CAAA,CAAE;IAC1G;AAEQ,IAAA,gBAAgB,CAAC,MAAc,EAAA;QACtC,MAAM,UAAU,GAAkB,MAAM,CAAC,MAAM,CAAC,aAAa,CAAkB;AAE/E,QAAA,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAiB,KAAK,SAAS,KAAK,MAAM,CAA8B;IACjG;IAEQ,eAAe,CAA8B,QAAgB,EAAE,MAAqC,EAAA;QAC3G,MAAM,gBAAgB,GAAqD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC;QAEpG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC;QACpD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IAClD;AAEQ,IAAA,YAAY,CAA8B,MAAqC,EAAA;AACtF,QAAA,OAAO,MAAqE;IAC7E;AACA;AAEM,MAAM,8BAA8B,GAAmC,IAAI,8BAA8B;;;;"}

package/dist/esm/class/api/service-base.class.d.ts

@@ -8,9 +8,9 @@ import type { EntityManager } from "typeorm";
  */
 export declare class ApiServiceBase<E> {
     create(properties: TApiFunctionCreateProperties<E>, eventManager?: EntityManager): Promise<E>;
-    delete(criteria: TApiFunctionDeleteCriteria<E>, eventManager?: EntityManager): Promise<void>;
+    delete(criteria: Array<TApiFunctionDeleteCriteria<E>> | TApiFunctionDeleteCriteria<E>, eventManager?: EntityManager): Promise<void>;
     get(properties: TApiFunctionGetProperties<E>, eventManager?: EntityManager): Promise<E>;
     getList(properties: TApiFunctionGetListProperties<E>, eventManager?: EntityManager): Promise<IApiGetListResponseResult<E>>;
     getMany(properties: TApiFunctionGetManyProperties<E>, eventManager?: EntityManager): Promise<Array<E>>;
-    update(criteria: TApiFunctionUpdateCriteria<E>, properties: TApiFunctionUpdateProperties<E>, eventManager?: EntityManager): Promise<E>;
+    update(criteria: Array<TApiFunctionUpdateCriteria<E>> | TApiFunctionUpdateCriteria<E>, properties: TApiFunctionUpdateProperties<E>, eventManager?: EntityManager): Promise<E>;
 }

package/dist/esm/class/api/service-base.class.js.map

@@ -1 +1 @@
-{"version":3,"file":"service-base.class.js","sources":["../../../../../src/class/api/service-base.class.ts"],"sourcesContent":[null],"names":[],"mappings":"AAKA;;;;AAIG;MACU,cAAc,CAAA;IAC1B,MAAM,CAAC,UAA2C,EAAE,YAA4B,EAAA;AAI/E,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;IAEA,MAAM,CAAC,QAAuC,EAAE,YAA4B,EAAA;AAI3E,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE;IACzB;;IAGA,GAAG,CAAC,UAAwC,EAAE,YAA4B,EAAA;AAIzE,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;IAEA,OAAO,CAAC,UAA4C,EAAE,YAA4B,EAAA;AAIjF,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAA6C,CAAC;IAC3F;IAEA,OAAO,CAAC,UAA4C,EAAE,YAA4B,EAAA;AAIjF,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3B;AAEA,IAAA,MAAM,CAAC,QAAuC,EAAE,UAA2C,EAAE,YAA4B,EAAA;AAKxH,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;AACA;;;;"}
+{"version":3,"file":"service-base.class.js","sources":["../../../../../src/class/api/service-base.class.ts"],"sourcesContent":[null],"names":[],"mappings":"AAKA;;;;AAIG;MACU,cAAc,CAAA;IAC1B,MAAM,CAAC,UAA2C,EAAE,YAA4B,EAAA;AAI/E,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;IAEA,MAAM,CAAC,QAA8E,EAAE,YAA4B,EAAA;AAIlH,QAAA,OAAO,OAAO,CAAC,OAAO,EAAE;IACzB;;IAGA,GAAG,CAAC,UAAwC,EAAE,YAA4B,EAAA;AAIzE,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;IAEA,OAAO,CAAC,UAA4C,EAAE,YAA4B,EAAA;AAIjF,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAA6C,CAAC;IAC3F;IAEA,OAAO,CAAC,UAA4C,EAAE,YAA4B,EAAA;AAIjF,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3B;AAEA,IAAA,MAAM,CAAC,QAA8E,EAAE,UAA2C,EAAE,YAA4B,EAAA;AAK/J,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,EAAO,CAAC;IAChC;AACA;;;;"}

package/dist/esm/class/index.d.ts

@@ -1,4 +1,5 @@
 export * from './api/index';
+export * from './api/authorization/index';
 export { MetadataStorage } from './metadata-storage.class';
 export * from './utility/dto/property/factory/index';
 export * from './utility/dto/strategy/index';

package/dist/esm/constant/authorization/index.d.ts

@@ -0,0 +1,3 @@
+export * from './metadata/index';
+export * from './policy/index';
+export * from './token/index';

package/dist/esm/constant/authorization/metadata/decision.constant.d.ts

@@ -0,0 +1,3 @@
+export declare const AUTHORIZATION_DECISION_METADATA_CONSTANT: {
+    readonly REQUEST_KEY: string;
+};

package/dist/esm/constant/authorization/metadata/decision.constant.js

@@ -0,0 +1,7 @@
+const DECISION_REQUEST_KEY = "API_AUTHORIZATION_DECISION";
+const AUTHORIZATION_DECISION_METADATA_CONSTANT = {
+    REQUEST_KEY: DECISION_REQUEST_KEY,
+};
+
+export { AUTHORIZATION_DECISION_METADATA_CONSTANT };
+//# sourceMappingURL=decision.constant.js.map

package/dist/esm/constant/authorization/metadata/decision.constant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decision.constant.js","sources":["../../../../../../src/constant/authorization/metadata/decision.constant.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,oBAAoB,GAAW,4BAA4B;AAE1D,MAAM,wCAAwC,GAEjD;AACH,IAAA,WAAW,EAAE,oBAAoB;;;;;"}

package/dist/esm/constant/authorization/metadata/index.d.ts

@@ -0,0 +1 @@
+export { AUTHORIZATION_DECISION_METADATA_CONSTANT } from './decision.constant';

package/dist/esm/constant/authorization/policy/decorator.constant.d.ts

@@ -0,0 +1,4 @@
+export declare const AUTHORIZATION_POLICY_DECORATOR_CONSTANT: {
+    readonly DEFAULT_POLICY_ID_SUFFIX: string;
+    readonly METADATA_KEY: string;
+};

package/dist/esm/constant/authorization/policy/decorator.constant.js

@@ -0,0 +1,9 @@
+const POLICY_METADATA_KEY = "API_AUTHORIZATION_POLICY_METADATA_KEY";
+const DEFAULT_POLICY_ID_SUFFIX = ".authorization.policy";
+const AUTHORIZATION_POLICY_DECORATOR_CONSTANT = {
+    DEFAULT_POLICY_ID_SUFFIX,
+    METADATA_KEY: POLICY_METADATA_KEY,
+};
+
+export { AUTHORIZATION_POLICY_DECORATOR_CONSTANT };
+//# sourceMappingURL=decorator.constant.js.map

package/dist/esm/constant/authorization/policy/decorator.constant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decorator.constant.js","sources":["../../../../../../src/constant/authorization/policy/decorator.constant.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,mBAAmB,GAAW,uCAAuC;AAC3E,MAAM,wBAAwB,GAAW,uBAAuB;AAEzD,MAAM,uCAAuC,GAGhD;IACH,wBAAwB;AACxB,IAAA,YAAY,EAAE,mBAAmB;;;;;"}

package/dist/esm/constant/authorization/policy/index.d.ts

@@ -0,0 +1 @@
+export { AUTHORIZATION_POLICY_DECORATOR_CONSTANT } from './decorator.constant';

package/dist/esm/constant/authorization/token/index.d.ts

@@ -0,0 +1 @@
+export { AUTHORIZATION_POLICY_REGISTRY_TOKEN } from './registry.constant';

package/dist/esm/constant/authorization/token/registry.constant.d.ts

@@ -0,0 +1 @@
+export declare const AUTHORIZATION_POLICY_REGISTRY_TOKEN: string;

package/dist/esm/constant/authorization/token/registry.constant.js

@@ -0,0 +1,5 @@
+const POLICY_REGISTRY_TOKEN = "API_AUTHORIZATION_POLICY_REGISTRY";
+const AUTHORIZATION_POLICY_REGISTRY_TOKEN = POLICY_REGISTRY_TOKEN;
+
+export { AUTHORIZATION_POLICY_REGISTRY_TOKEN };
+//# sourceMappingURL=registry.constant.js.map

package/dist/esm/constant/authorization/token/registry.constant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.constant.js","sources":["../../../../../../src/constant/authorization/token/registry.constant.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,qBAAqB,GAAW,mCAAmC;AAElE,MAAM,mCAAmC,GAAW;;;;"}

package/dist/esm/constant/decorator/api/controller.constant.d.ts

@@ -1,4 +1,6 @@
 export declare const CONTROLLER_API_DECORATOR_CONSTANT: {
+    readonly ENTITY_METADATA_KEY: string;
     readonly OBSERVABLE_METADATA_KEY: string;
     readonly RESERVED_METHOD_PREFIX: string;
+    readonly SECURABLE_METADATA_KEY: string;
 };

package/dist/esm/constant/decorator/api/controller.constant.js

@@ -1,8 +1,12 @@
 const RESERVED_METHOD_PREFIX = "";
 const OBSERVABLE_METADATA_KEY = "API_CONTROLLER_OBSERVABLE_METADATA_KEY";
+const SECURABLE_METADATA_KEY = "API_CONTROLLER_SECURABLE_METADATA_KEY";
+const ENTITY_METADATA_KEY = "API_CONTROLLER_ENTITY_METADATA_KEY";
 const CONTROLLER_API_DECORATOR_CONSTANT = {
+    ENTITY_METADATA_KEY,
     OBSERVABLE_METADATA_KEY,
     RESERVED_METHOD_PREFIX,
+    SECURABLE_METADATA_KEY,
 };
 
 export { CONTROLLER_API_DECORATOR_CONSTANT };

package/dist/esm/constant/decorator/api/controller.constant.js.map

@@ -1 +1 @@
-{"version":3,"file":"controller.constant.js","sources":["../../../../../../src/constant/decorator/api/controller.constant.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,sBAAsB,GAAW,EAAE;AACzC,MAAM,uBAAuB,GAAW,wCAAwC;AAEzE,MAAM,iCAAiC,GAG1C;IACH,uBAAuB;IACvB,sBAAsB;;;;;"}
+{"version":3,"file":"controller.constant.js","sources":["../../../../../../src/constant/decorator/api/controller.constant.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,sBAAsB,GAAW,EAAE;AACzC,MAAM,uBAAuB,GAAW,wCAAwC;AAChF,MAAM,sBAAsB,GAAW,uCAAuC;AAC9E,MAAM,mBAAmB,GAAW,oCAAoC;AAEjE,MAAM,iCAAiC,GAK1C;IACH,mBAAmB;IACnB,uBAAuB;IACvB,sBAAsB;IACtB,sBAAsB;;;;;"}

package/dist/esm/constant/index.d.ts

@@ -1,3 +1,4 @@
+export * from './authorization/index';
 export { DATE_CONSTANT } from './date.constant';
 export * from './decorator/api/index';
 export * from './dto/index';

package/dist/esm/decorator/api/authorization/index.d.ts

@@ -0,0 +1 @@
+export { ApiAuthorizationPolicy } from './policy.decorator';

package/dist/esm/decorator/api/authorization/policy.decorator.d.ts

@@ -0,0 +1,9 @@
+import type { IApiBaseEntity } from '../../../interface/api-base-entity.interface';
+import type { IApiAuthorizationPolicySubscriberProperties } from '../../../interface/authorization/policy/subscriber/properties.interface';
+/**
+ * Decorator that registers a class as an authorization policy for a specific entity.
+ * @template E - Entity type extending IApiBaseEntity
+ * @param {IApiAuthorizationPolicySubscriberProperties<E>} properties - Policy properties.
+ * @returns {ClassDecorator} Class decorator registering metadata for discovery.
+ */
+export declare function ApiAuthorizationPolicy<E extends IApiBaseEntity>(properties: IApiAuthorizationPolicySubscriberProperties<E>): ClassDecorator;

package/dist/esm/decorator/api/authorization/policy.decorator.js

@@ -0,0 +1,23 @@
+import { AUTHORIZATION_POLICY_DECORATOR_CONSTANT } from '../../../constant/authorization/policy/decorator.constant.js';
+
+/**
+ * Decorator that registers a class as an authorization policy for a specific entity.
+ * @template E - Entity type extending IApiBaseEntity
+ * @param {IApiAuthorizationPolicySubscriberProperties<E>} properties - Policy properties.
+ * @returns {ClassDecorator} Class decorator registering metadata for discovery.
+ */
+function ApiAuthorizationPolicy(properties) {
+    const normalizedPolicyId = properties.policyId ?? `${properties.entity.name?.toLowerCase() ?? "unknown"}${AUTHORIZATION_POLICY_DECORATOR_CONSTANT.DEFAULT_POLICY_ID_SUFFIX}`;
+    const metadata = {
+        description: properties.description,
+        entity: properties.entity,
+        policyId: normalizedPolicyId,
+        priority: properties.priority ?? 0,
+    };
+    return (target) => {
+        Reflect.defineMetadata(AUTHORIZATION_POLICY_DECORATOR_CONSTANT.METADATA_KEY, metadata, target);
+    };
+}
+
+export { ApiAuthorizationPolicy };
+//# sourceMappingURL=policy.decorator.js.map

package/dist/esm/decorator/api/authorization/policy.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.decorator.js","sources":["../../../../../../src/decorator/api/authorization/policy.decorator.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKA;;;;;AAKG;AACG,SAAU,sBAAsB,CAA2B,UAA0D,EAAA;IAC1H,MAAM,kBAAkB,GAAW,UAAU,CAAC,QAAQ,IAAI,CAAA,EAAG,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,IAAI,SAAS,GAAG,uCAAuC,CAAC,wBAAwB,CAAA,CAAE;AAEpL,IAAA,MAAM,QAAQ,GAAmD;QAChE,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,MAAM,EAAE,UAAU,CAAC,MAAM;AACzB,QAAA,QAAQ,EAAE,kBAAkB;AAC5B,QAAA,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,CAAC;KAClC;IAED,OAAO,CAAC,MAAc,KAAI;QACzB,OAAO,CAAC,cAAc,CAAC,uCAAuC,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC;AAC/F,IAAA,CAAC;AACF;;;;"}

package/dist/esm/decorator/api/controller/index.d.ts

@@ -1,2 +1,3 @@
 export { ApiController } from './decorator';
 export { ApiControllerObservable } from './observable.decorator';
+export { ApiControllerSecurable } from './securable.decorator';

package/dist/esm/decorator/api/controller/securable.decorator.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Decorator that marks a controller as securable, enabling automatic RBAC guard application.
+ * Without this decorator the authorization guard short-circuits and controller methods remain unsecured.
+ * @returns {ClassDecorator} Class decorator that enables authorization for the controller.
+ */
+export declare function ApiControllerSecurable(): ClassDecorator;

package/dist/esm/decorator/api/controller/securable.decorator.js

@@ -0,0 +1,15 @@
+import { CONTROLLER_API_DECORATOR_CONSTANT } from '../../../constant/decorator/api/controller.constant.js';
+
+/**
+ * Decorator that marks a controller as securable, enabling automatic RBAC guard application.
+ * Without this decorator the authorization guard short-circuits and controller methods remain unsecured.
+ * @returns {ClassDecorator} Class decorator that enables authorization for the controller.
+ */
+function ApiControllerSecurable() {
+    return (target) => {
+        Reflect.defineMetadata(CONTROLLER_API_DECORATOR_CONSTANT.SECURABLE_METADATA_KEY, true, target);
+    };
+}
+
+export { ApiControllerSecurable };
+//# sourceMappingURL=securable.decorator.js.map

package/dist/esm/decorator/api/controller/securable.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"securable.decorator.js","sources":["../../../../../../src/decorator/api/controller/securable.decorator.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAEA;;;;AAIG;SACa,sBAAsB,GAAA;IACrC,OAAO,CAAC,MAAc,KAAI;QACzB,OAAO,CAAC,cAAc,CAAC,iCAAiC,CAAC,sBAAsB,EAAE,IAAI,EAAE,MAAM,CAAC;AAC/F,IAAA,CAAC;AACF;;;;"}

package/dist/esm/decorator/api/index.d.ts

@@ -1,3 +1,4 @@
+export * from './authorization/index';
 export * from './controller/index';
 export * from './function/index';
 export * from './method.decorator';