@etohq/rbac 1.5.1-alpha.4

package/dist/models/rbac-role.js

@@ -0,0 +1,30 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@etohq/framework/utils");
+const rbac_role_parent_1 = __importDefault(require("./rbac-role-parent"));
+const rbac_role_policy_1 = __importDefault(require("./rbac-role-policy"));
+const RbacRole = utils_1.model
+    .define("rbac_role", {
+    id: utils_1.model.id({ prefix: "role" }).primaryKey(),
+    name: utils_1.model.text().searchable(),
+    description: utils_1.model.text().nullable(),
+    metadata: utils_1.model.json().nullable(),
+    policies: utils_1.model.hasMany(() => rbac_role_policy_1.default, {
+        mappedBy: "role",
+    }),
+    parents: utils_1.model.hasMany(() => rbac_role_parent_1.default, {
+        mappedBy: "role",
+    }),
+})
+    .indexes([
+    {
+        on: ["name"],
+        unique: true,
+        where: "deleted_at IS NULL",
+    },
+]);
+exports.default = RbacRole;
+//# sourceMappingURL=rbac-role.js.map

package/dist/models/rbac-role.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-role.js","sourceRoot":"","sources":["../../src/models/rbac-role.ts"],"names":[],"mappings":";;;;;AAAA,kDAA8C;AAC9C,0EAA+C;AAC/C,0EAA+C;AAE/C,MAAM,QAAQ,GAAG,aAAK;KACnB,MAAM,CAAC,WAAW,EAAE;IACnB,EAAE,EAAE,aAAK,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,EAAE;IAC7C,IAAI,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,UAAU,EAAE;IAC/B,WAAW,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,aAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,aAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,0BAAc,EAAE;QAC5C,QAAQ,EAAE,MAAM;KACjB,CAAC;IACF,OAAO,EAAE,aAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,0BAAc,EAAE;QAC3C,QAAQ,EAAE,MAAM;KACjB,CAAC;CACH,CAAC;KACD,OAAO,CAAC;IACP;QACE,EAAE,EAAE,CAAC,MAAM,CAAC;QACZ,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,oBAAoB;KAC5B;CACF,CAAC,CAAA;AAEJ,kBAAe,QAAQ,CAAA"}

package/dist/repositories/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./rbac";
+//# sourceMappingURL=index.d.ts.map

package/dist/repositories/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/repositories/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA"}

package/dist/repositories/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./rbac"), exports);
+//# sourceMappingURL=index.js.map

package/dist/repositories/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/repositories/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAsB"}

package/dist/repositories/rbac.d.ts

@@ -0,0 +1,9 @@
+import { Context } from "@etohq/framework/types";
+import { MikroOrmBase } from "@etohq/framework/utils";
+export declare class RbacRepository extends MikroOrmBase {
+    constructor();
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listPoliciesForRoles(roleIds: string[], sharedContext?: Context): Promise<Map<string, any[]>>;
+    checkForCycle(roleId: string, parentId: string, sharedContext?: Context): Promise<boolean>;
+}
+//# sourceMappingURL=rbac.d.ts.map

package/dist/repositories/rbac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAA;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAErD,qBAAa,cAAe,SAAQ,YAAY;;IAOxC,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,EAAE,CAAC;IAQX,oBAAoB,CACxB,OAAO,EAAE,MAAM,EAAE,EACjB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAiExB,aAAa,CACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,aAAa,GAAE,OAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;CA+BpB"}

package/dist/repositories/rbac.js

@@ -0,0 +1,101 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacRepository = void 0;
+const utils_1 = require("@etohq/framework/utils");
+class RbacRepository extends utils_1.MikroOrmBase {
+    constructor() {
+        // @ts-ignore
+        // eslint-disable-next-line prefer-rest-params
+        super(...arguments);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        const policiesByRole = await this.listPoliciesForRoles([roleId], sharedContext);
+        return policiesByRole.get(roleId) || [];
+    }
+    async listPoliciesForRoles(roleIds, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        if (!roleIds?.length) {
+            return new Map();
+        }
+        const placeholders = roleIds.map(() => "?").join(",");
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, name, id as original_role_id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id IN (${placeholders}) AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, r.name, rh.original_role_id, rh.path || r.id
+        FROM rbac_role r
+        INNER JOIN rbac_role_parent ri ON ri.parent_id = r.id
+        INNER JOIN role_hierarchy rh ON rh.id = ri.role_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT DISTINCT
+        rh.original_role_id,
+        p.id,
+        p.key,
+        p.resource,
+        p.operation,
+        p.name,
+        p.description,
+        p.metadata,
+        p.created_at,
+        p.updated_at,
+        CASE WHEN rp.role_id = rh.original_role_id THEN NULL ELSE rp.role_id END as inherited_from_role_id
+      FROM rbac_policy p
+      INNER JOIN rbac_role_policy rp ON rp.policy_id = p.id
+      INNER JOIN role_hierarchy rh ON rh.id = rp.role_id
+      WHERE p.deleted_at IS NULL AND rp.deleted_at IS NULL
+      ORDER BY rh.original_role_id, p.resource, p.operation, p.key
+    `;
+        const result = await knex.raw(query, roleIds);
+        const rows = result.rows || [];
+        // Group policies by role_id
+        const policiesByRole = new Map();
+        for (const row of rows) {
+            const roleId = row.original_role_id;
+            delete row.original_role_id;
+            if (!policiesByRole.has(roleId)) {
+                policiesByRole.set(roleId, []);
+            }
+            policiesByRole.get(roleId).push(row);
+        }
+        return policiesByRole;
+    }
+    async checkForCycle(roleId, parentId, sharedContext = {}) {
+        const manager = this.getActiveManager(sharedContext);
+        const knex = manager.getKnex();
+        // Check if adding this parent would create a circular dependency
+        // A cycle exists if role_id is already an ancestor of parent_id
+        // (i.e., if we traverse up from parent_id, we reach role_id)
+        const query = `
+      WITH RECURSIVE role_hierarchy AS (
+        SELECT id, ARRAY[id] as path
+        FROM rbac_role
+        WHERE id = ? AND deleted_at IS NULL
+        
+        UNION ALL
+        
+        SELECT r.id, rh.path || r.id
+        FROM role_hierarchy rh
+        INNER JOIN rbac_role_parent ri ON ri.role_id = rh.id
+        INNER JOIN rbac_role r ON r.id = ri.parent_id
+        WHERE r.deleted_at IS NULL 
+          AND ri.deleted_at IS NULL
+          AND NOT (r.id = ANY(rh.path))
+      )
+      SELECT EXISTS(
+        SELECT 1 FROM role_hierarchy WHERE id = ?
+      ) as has_cycle
+    `;
+        const result = await knex.raw(query, [parentId, roleId]);
+        return result.rows[0]?.has_cycle || false;
+    }
+}
+exports.RbacRepository = RbacRepository;
+//# sourceMappingURL=rbac.js.map

package/dist/repositories/rbac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../src/repositories/rbac.ts"],"names":[],"mappings":";;;AAEA,kDAAqD;AAErD,MAAa,cAAe,SAAQ,oBAAY;IAC9C;QACE,aAAa;QACb,8CAA8C;QAC9C,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACd,gBAAyB,EAAE;QAE3B,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACpD,CAAC,MAAM,CAAC,EACR,aAAa,CACd,CAAA;QACD,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,OAAiB,EACjB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACrB,OAAO,IAAI,GAAG,EAAE,CAAA;QAClB,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QAErD,MAAM,KAAK,GAAG;;;;uBAIK,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA6B9B,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAA;QAE9B,4BAA4B;QAC5B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAiB,CAAA;QAE/C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,GAAG,CAAC,gBAAgB,CAAA;YACnC,OAAO,GAAG,CAAC,gBAAgB,CAAA;YAE3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;YAChC,CAAC;YAED,cAAc,CAAC,GAAG,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACvC,CAAC;QAED,OAAO,cAAc,CAAA;IACvB,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAc,EACd,QAAgB,EAChB,gBAAyB,EAAE;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAmB,aAAa,CAAC,CAAA;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,EAAE,CAAA;QAE9B,iEAAiE;QACjE,gEAAgE;QAChE,6DAA6D;QAC7D,MAAM,KAAK,GAAG;;;;;;;;;;;;;;;;;;;KAmBb,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAA;QACxD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,SAAS,IAAI,KAAK,CAAA;IAC3C,CAAC;CACF;AAzHD,wCAyHC"}

package/dist/services/index.d.ts

@@ -0,0 +1,2 @@
+export { default as RbacModuleService } from "./rbac-module-service";
+//# sourceMappingURL=index.d.ts.map

package/dist/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,iBAAiB,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/services/index.js

@@ -0,0 +1,9 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RbacModuleService = void 0;
+var rbac_module_service_1 = require("./rbac-module-service");
+Object.defineProperty(exports, "RbacModuleService", { enumerable: true, get: function () { return __importDefault(rbac_module_service_1).default; } });
+//# sourceMappingURL=index.js.map

package/dist/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;AAAA,6DAAoE;AAA3D,yIAAA,OAAO,OAAqB"}

package/dist/services/rbac-module-service.d.ts

@@ -0,0 +1,142 @@
+import { Context, InferEntityType, ModulesSdkTypes } from "@etohq/framework/types";
+import { RbacPolicy, RbacRole, RbacRolePolicy } from "../models";
+import { RbacRepository } from "../repositories";
+type InjectedDependencies = {
+    rbacRepository: RbacRepository;
+    rbacRolePolicyService: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacRolePolicy>>;
+    rbacRoleService: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacRole>>;
+    rbacPolicyService: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacPolicy>>;
+};
+declare const RbacModuleService_base: import("@etohq/framework/utils").EtoServiceReturnType<import("@etohq/framework/utils").ModelConfigurationsToConfigTemplate<{
+    readonly RbacRole: import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+        name: import("@etohq/framework/utils").TextProperty;
+        description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+        metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+        policies: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            policy: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                key: import("@etohq/framework/utils").TextProperty;
+                resource: import("@etohq/framework/utils").TextProperty;
+                operation: import("@etohq/framework/utils").TextProperty;
+                name: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            }>, "rbac_policy">, undefined>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+        }>, "rbac_role_policy">>;
+        parents: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            parent: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+        }>, "rbac_role_parent">>;
+    }>, "rbac_role">;
+    readonly RbacPolicy: import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+        key: import("@etohq/framework/utils").TextProperty;
+        resource: import("@etohq/framework/utils").TextProperty;
+        operation: import("@etohq/framework/utils").TextProperty;
+        name: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+        description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+        metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+    }>, "rbac_policy">;
+    readonly RbacRoleParent: import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+        role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            name: import("@etohq/framework/utils").TextProperty;
+            description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            policies: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                    key: import("@etohq/framework/utils").TextProperty;
+                    resource: import("@etohq/framework/utils").TextProperty;
+                    operation: import("@etohq/framework/utils").TextProperty;
+                    name: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                    description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                    metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        parent: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            name: import("@etohq/framework/utils").TextProperty;
+            description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            policies: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                policy: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                    id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                    key: import("@etohq/framework/utils").TextProperty;
+                    resource: import("@etohq/framework/utils").TextProperty;
+                    operation: import("@etohq/framework/utils").TextProperty;
+                    name: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                    description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+                    metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+                }>, "rbac_policy">, undefined>;
+                metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            }>, "rbac_role_policy">>;
+            parents: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+    }>, "rbac_role_parent">;
+    readonly RbacRolePolicy: import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+        id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+        role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            name: import("@etohq/framework/utils").TextProperty;
+            description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            policies: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role_policy">>;
+            parents: import("@etohq/framework/utils").HasMany<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+                id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+                role: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                parent: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder</*elided*/ any>, "rbac_role">, undefined>;
+                metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+            }>, "rbac_role_parent">>;
+        }>, "rbac_role">, undefined>;
+        policy: import("@etohq/framework/utils").BelongsTo<() => import("@etohq/framework/utils").DmlEntity<import("@etohq/framework/utils").DMLEntitySchemaBuilder<{
+            id: import("@etohq/framework/utils").PrimaryKeyModifier<string, import("@etohq/framework/utils").IdProperty>;
+            key: import("@etohq/framework/utils").TextProperty;
+            resource: import("@etohq/framework/utils").TextProperty;
+            operation: import("@etohq/framework/utils").TextProperty;
+            name: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+            description: import("@etohq/framework/utils").NullableModifier<string, import("@etohq/framework/utils").TextProperty>;
+            metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+        }>, "rbac_policy">, undefined>;
+        metadata: import("@etohq/framework/utils").NullableModifier<Record<string, unknown>, import("@etohq/framework/utils").JSONProperty>;
+    }>, "rbac_role_policy">;
+}>>;
+export default class RbacModuleService extends RbacModuleService_base {
+    protected readonly rbacRepository_: RbacRepository;
+    protected readonly rbacRolePolicyService_: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacRolePolicy>>;
+    protected readonly rbacRoleService_: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacRole>>;
+    protected readonly rbacPolicyService_: ModulesSdkTypes.IEtoInternalService<InferEntityType<typeof RbacPolicy>>;
+    constructor({ rbacRepository, rbacRoleService, rbacPolicyService, rbacRolePolicyService, }: InjectedDependencies);
+    __hooks: {
+        onApplicationStart: () => Promise<void>;
+    };
+    private syncRegisteredPolicies;
+    listPoliciesForRole(roleId: string, sharedContext?: Context): Promise<any[]>;
+    listRbacRoles(filters?: any, config?: any, sharedContext?: Context): Promise<any[]>;
+    listAndCountRbacRoles(filters?: any, config?: any, sharedContext?: Context): Promise<[any[], number]>;
+    createRbacRoleParents(data: Array<{
+        role_id: string;
+        parent_id: string;
+    }>, sharedContext?: Context): Promise<any>;
+    updateRbacRoleParents(data: Array<{
+        role_id?: string;
+        parent_id?: string;
+    }>, sharedContext?: Context): Promise<any>;
+}
+export {};
+//# sourceMappingURL=rbac-module-service.d.ts.map

package/dist/services/rbac-module-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.d.ts","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAQlF,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAkB,cAAc,EAAE,MAAM,SAAS,CAAA;AAC9E,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,KAAK,oBAAoB,GAAG;IAC1B,cAAc,EAAE,cAAc,CAAA;IAC9B,qBAAqB,EAAE,eAAe,CAAC,mBAAmB,CACxD,eAAe,CAAC,OAAO,cAAc,CAAC,CACvC,CAAA;IACD,eAAe,EAAE,eAAe,CAAC,mBAAmB,CAClD,eAAe,CAAC,OAAO,QAAQ,CAAC,CACjC,CAAA;IACD,iBAAiB,EAAE,eAAe,CAAC,mBAAmB,CACpD,eAAe,CAAC,OAAO,UAAU,CAAC,CACnC,CAAA;CACF,CAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWD,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,sBAK7C;IACA,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,cAAc,CAAA;IAClD,SAAS,CAAC,QAAQ,CAAC,sBAAsB,EAAE,eAAe,CAAC,mBAAmB,CAC5E,eAAe,CAAC,OAAO,cAAc,CAAC,CACvC,CAAA;IACD,SAAS,CAAC,QAAQ,CAAC,gBAAgB,EAAE,eAAe,CAAC,mBAAmB,CACtE,eAAe,CAAC,OAAO,QAAQ,CAAC,CACjC,CAAA;IACD,SAAS,CAAC,QAAQ,CAAC,kBAAkB,EAAE,eAAe,CAAC,mBAAmB,CACxE,eAAe,CAAC,OAAO,UAAU,CAAC,CACnC,CAAA;gBAEW,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACtB,EAAE,oBAAoB;IASvB,OAAO;;MAIN;YAGa,sBAAsB;IAqE9B,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACA,aAAa,GAAE,OAAY,GACxC,OAAO,CAAC,GAAG,EAAE,CAAC;IAMX,aAAa,CACjB,OAAO,GAAE,GAAQ,EACjB,MAAM,GAAE,GAAQ,EACF,aAAa,GAAE,OAAY,GACxC,OAAO,CAAC,GAAG,EAAE,CAAC;IAwBX,qBAAqB,CACzB,OAAO,GAAE,GAAQ,EACjB,MAAM,GAAE,GAAQ,EACF,aAAa,GAAE,OAAY,GACxC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;IA4BrB,qBAAqB,CACzB,IAAI,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,EACrC,aAAa,GAAE,OAAY,GACxC,OAAO,CAAC,GAAG,CAAC;IA4BT,qBAAqB,CACzB,IAAI,EAAE,KAAK,CAAC;QAAE,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,EACvC,aAAa,GAAE,OAAY,GACxC,OAAO,CAAC,GAAG,CAAC;CA2BhB"}

package/dist/services/rbac-module-service.js

@@ -0,0 +1,201 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@etohq/framework/utils");
+const _models_1 = require("../models");
+const SUPER_ADMIN_KEY = "*:*";
+const REGISTERED_POLICIES = [];
+class RbacModuleService extends (0, utils_1.EtoService)({
+    RbacRole: _models_1.RbacRole,
+    RbacPolicy: _models_1.RbacPolicy,
+    RbacRoleParent: _models_1.RbacRoleParent,
+    RbacRolePolicy: _models_1.RbacRolePolicy,
+}) {
+    constructor({ rbacRepository, rbacRoleService, rbacPolicyService, rbacRolePolicyService, }) {
+        // @ts-ignore
+        super(...arguments);
+        this.__hooks = {
+            onApplicationStart: async () => {
+                await this.syncRegisteredPolicies();
+            },
+        };
+        this.rbacRepository_ = rbacRepository;
+        this.rbacRolePolicyService_ = rbacRolePolicyService;
+        this.rbacRoleService_ = rbacRoleService;
+        this.rbacPolicyService_ = rbacPolicyService;
+    }
+    async syncRegisteredPolicies(sharedContext = {}) {
+        const registeredKeys = REGISTERED_POLICIES.map((p) => p.key);
+        const existingPolicies = await this.listRbacPolicies({}, { withDeleted: true }, sharedContext);
+        const existingPoliciesMap = new Map(existingPolicies.map((p) => [p.key, p]));
+        const policiesToCreate = [];
+        const policiesToUpdate = [];
+        const policiesToRestore = [];
+        for (const registeredPolicy of REGISTERED_POLICIES) {
+            const existing = existingPoliciesMap.get(registeredPolicy.key);
+            const hasChanges = existing &&
+                (existing.name !== registeredPolicy.name ||
+                    existing.description !== registeredPolicy.description);
+            if (!existing) {
+                policiesToCreate.push(registeredPolicy);
+            }
+            else if (existing.deleted_at) {
+                policiesToRestore.push(existing.id);
+                if (hasChanges) {
+                    policiesToUpdate.push({
+                        id: existing.id,
+                        name: registeredPolicy.name,
+                        description: registeredPolicy.description,
+                    });
+                }
+            }
+            else if (hasChanges) {
+                policiesToUpdate.push({
+                    id: existing.id,
+                    name: registeredPolicy.name,
+                    description: registeredPolicy.description,
+                });
+            }
+        }
+        const policiesToSoftDelete = existingPolicies
+            .filter((p) => !p.deleted_at &&
+            !registeredKeys.includes(p.key) &&
+            p.key !== SUPER_ADMIN_KEY)
+            .map((p) => p.id);
+        if (policiesToRestore.length > 0) {
+            await this.restoreRbacPolicies(policiesToRestore, {}, sharedContext);
+        }
+        await (0, utils_1.promiseAll)([
+            policiesToCreate.length > 0 &&
+                this.rbacPolicyService_.create(policiesToCreate, sharedContext),
+            policiesToUpdate.length > 0 &&
+                this.rbacPolicyService_.upsert(policiesToUpdate, sharedContext),
+            policiesToSoftDelete.length > 0 &&
+                this.rbacPolicyService_.softDelete(policiesToSoftDelete, sharedContext),
+        ]);
+    }
+    async listPoliciesForRole(roleId, sharedContext = {}) {
+        return await this.rbacRepository_.listPoliciesForRole(roleId, sharedContext);
+    }
+    // @ts-expect-error augment generated method with policy expansion
+    async listRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const roles = await super.listRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return roles;
+    }
+    // @ts-expect-error augment generated method with policy expansion
+    async listAndCountRbacRoles(filters = {}, config = {}, sharedContext = {}) {
+        const [roles, count] = await super.listAndCountRbacRoles(filters, config, sharedContext);
+        const shouldIncludePolicies = config.relations?.includes("policies") ||
+            config.select?.includes("policies");
+        if (shouldIncludePolicies && roles.length > 0) {
+            const roleIds = roles.map((role) => role.id);
+            const policiesByRole = await this.rbacRepository_.listPoliciesForRoles(roleIds, sharedContext);
+            for (const role of roles) {
+                role.policies = policiesByRole.get(role.id) || [];
+            }
+        }
+        return [roles, count];
+    }
+    // @ts-expect-error add cycle validation before create
+    async createRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (role_id === parent_id) {
+                throw new Error(`Cannot create role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+            }
+            const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+            if (wouldCreateCycle) {
+                throw new Error(`Cannot create role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+            }
+        }
+        return await super.createRbacRoleParents(data, sharedContext);
+    }
+    // @ts-expect-error add cycle validation before update
+    async updateRbacRoleParents(data, sharedContext = {}) {
+        for (const parent of data) {
+            const { role_id, parent_id } = parent;
+            if (parent_id) {
+                if (role_id === parent_id) {
+                    throw new Error(`Cannot update role parent relationship: a role cannot be its own parent (role_id: ${role_id})`);
+                }
+                const wouldCreateCycle = await this.rbacRepository_.checkForCycle(role_id, parent_id, sharedContext);
+                if (wouldCreateCycle) {
+                    throw new Error(`Cannot update role parent relationship: this would create a circular dependency (role_id: ${role_id}, parent_id: ${parent_id})`);
+                }
+            }
+        }
+        return await super.updateRbacRoleParents(data, sharedContext);
+    }
+}
+exports.default = RbacModuleService;
+__decorate([
+    (0, utils_1.InjectTransactionManager)(),
+    __param(0, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "syncRegisteredPolicies", null);
+__decorate([
+    (0, utils_1.InjectManager)(),
+    __param(1, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listPoliciesForRole", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error augment generated method with policy expansion
+    ,
+    __param(2, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error augment generated method with policy expansion
+    ,
+    __param(2, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "listAndCountRbacRoles", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error add cycle validation before create
+    ,
+    __param(1, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "createRbacRoleParents", null);
+__decorate([
+    (0, utils_1.InjectManager)()
+    // @ts-expect-error add cycle validation before update
+    ,
+    __param(1, (0, utils_1.EtoContext)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Array, Object]),
+    __metadata("design:returntype", Promise)
+], RbacModuleService.prototype, "updateRbacRoleParents", null);
+//# sourceMappingURL=rbac-module-service.js.map

package/dist/services/rbac-module-service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rbac-module-service.js","sourceRoot":"","sources":["../../src/services/rbac-module-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;AACA,kDAM+B;AAC/B,qCAA8E;AAgB9E,MAAM,eAAe,GAAG,KAAK,CAAA;AAC7B,MAAM,mBAAmB,GAMpB,EAAE,CAAA;AAEP,MAAqB,iBAAkB,SAAQ,IAAA,kBAAU,EAAC;IACxD,QAAQ,EAAR,kBAAQ;IACR,UAAU,EAAV,oBAAU;IACV,cAAc,EAAd,wBAAc;IACd,cAAc,EAAd,wBAAc;CACf,CAAC;IAYA,YAAY,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,qBAAqB,GACA;QACrB,aAAa;QACb,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;QAOrB,YAAO,GAAG;YACR,kBAAkB,EAAE,KAAK,IAAI,EAAE;gBAC7B,MAAM,IAAI,CAAC,sBAAsB,EAAE,CAAA;YACrC,CAAC;SACF,CAAA;QAVC,IAAI,CAAC,eAAe,GAAG,cAAc,CAAA;QACrC,IAAI,CAAC,sBAAsB,GAAG,qBAAqB,CAAA;QACnD,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAA;QACvC,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAA;IAC7C,CAAC;IASa,AAAN,KAAK,CAAC,sBAAsB,CACpB,gBAAyB,EAAE;QAEzC,MAAM,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAE5D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAClD,EAAE,EACF,EAAE,WAAW,EAAE,IAAI,EAAE,EACrB,aAAa,CACd,CAAA;QAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;QAEjF,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,gBAAgB,GAAU,EAAE,CAAA;QAClC,MAAM,iBAAiB,GAAa,EAAE,CAAA;QAEtC,KAAK,MAAM,gBAAgB,IAAI,mBAAmB,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAA;YAE9D,MAAM,UAAU,GACd,QAAQ;gBACR,CAAC,QAAQ,CAAC,IAAI,KAAK,gBAAgB,CAAC,IAAI;oBACtC,QAAQ,CAAC,WAAW,KAAK,gBAAgB,CAAC,WAAW,CAAC,CAAA;YAE1D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,gBAAgB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;YACzC,CAAC;iBAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;gBACnC,IAAI,UAAU,EAAE,CAAC;oBACf,gBAAgB,CAAC,IAAI,CAAC;wBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;wBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;wBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;qBAC1C,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;iBAAM,IAAI,UAAU,EAAE,CAAC;gBACtB,gBAAgB,CAAC,IAAI,CAAC;oBACpB,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,IAAI,EAAE,gBAAgB,CAAC,IAAI;oBAC3B,WAAW,EAAE,gBAAgB,CAAC,WAAW;iBAC1C,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,MAAM,oBAAoB,GAAG,gBAAgB;aAC1C,MAAM,CACL,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,CAAC,UAAU;YACb,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/B,CAAC,CAAC,GAAG,KAAK,eAAe,CAC5B;aACA,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;QAExB,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,EAAE,EAAE,aAAa,CAAC,CAAA;QACtE,CAAC;QAED,MAAM,IAAA,kBAAU,EAAC;YACf,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC;YACjE,gBAAgB,CAAC,MAAM,GAAG,CAAC;gBACzB,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC;YACjE,oBAAoB,CAAC,MAAM,GAAG,CAAC;gBAC7B,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,oBAAoB,EAAE,aAAa,CAAC;SAC1E,CAAC,CAAA;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB,CACvB,MAAc,EACA,gBAAyB,EAAE;QAEzC,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,mBAAmB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAA;IAC9E,CAAC;IAIK,AADN,kEAAkE;IAClE,KAAK,CAAC,aAAa,CACjB,UAAe,EAAE,EACjB,SAAc,EAAE,EACF,gBAAyB,EAAE;QAEzC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,MAAa,EAAE,aAAa,CAAC,CAAA;QAE9E,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YACjD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAIK,AADN,kEAAkE;IAClE,KAAK,CAAC,qBAAqB,CACzB,UAAe,EAAE,EACjB,SAAc,EAAE,EACF,gBAAyB,EAAE;QAEzC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,MAAM,KAAK,CAAC,qBAAqB,CACtD,OAAO,EACP,MAAa,EACb,aAAa,CACd,CAAA;QAED,MAAM,qBAAqB,GACzB,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAA;QAErC,IAAI,qBAAqB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YACjD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,oBAAoB,CACpE,OAAO,EACP,aAAa,CACd,CAAA;YAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;YACnD,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IACvB,CAAC;IAIK,AADN,sDAAsD;IACtD,KAAK,CAAC,qBAAqB,CACzB,IAAmD,EACrC,gBAAyB,EAAE;QAEzC,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;YACH,CAAC;YAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAO,EACP,SAAS,EACT,aAAa,CACd,CAAA;YAED,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAW,EAAE,aAAa,CAAC,CAAA;IACtE,CAAC;IAIK,AADN,sDAAsD;IACtD,KAAK,CAAC,qBAAqB,CACzB,IAAqD,EACvC,gBAAyB,EAAE;QAEzC,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;YAC1B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,MAAM,CAAA;YAErC,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;oBAC1B,MAAM,IAAI,KAAK,CACb,qFAAqF,OAAO,GAAG,CAChG,CAAA;gBACH,CAAC;gBAED,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,aAAa,CAC/D,OAAQ,EACR,SAAS,EACT,aAAa,CACd,CAAA;gBAED,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,IAAI,KAAK,CACb,6FAA6F,OAAO,gBAAgB,SAAS,GAAG,CACjI,CAAA;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,KAAK,CAAC,qBAAqB,CAAC,IAAW,EAAE,aAAa,CAAC,CAAA;IACtE,CAAC;CACF;AA7OD,oCA6OC;AAvMe;IADb,IAAA,gCAAwB,GAAE;IAExB,WAAA,IAAA,kBAAU,GAAE,CAAA;;;;+DAiEd;AAGK;IADL,IAAA,qBAAa,GAAE;IAGb,WAAA,IAAA,kBAAU,GAAE,CAAA;;;;4DAGd;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,kEAAkE;;IAI/D,WAAA,IAAA,kBAAU,GAAE,CAAA;;;;sDAqBd;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,kEAAkE;;IAI/D,WAAA,IAAA,kBAAU,GAAE,CAAA;;;;8DAyBd;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,sDAAsD;;IAGnD,WAAA,IAAA,kBAAU,GAAE,CAAA;;qCADP,KAAK;;8DA0BZ;AAIK;IAFL,IAAA,qBAAa,GAAE;IAChB,sDAAsD;;IAGnD,WAAA,IAAA,kBAAU,GAAE,CAAA;;qCADP,KAAK;;8DA4BZ"}

package/dist/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/loaders/initial-data.ts","../src/migrations/migration20251219163509.ts","../src/models/index.ts","../src/models/rbac-policy.ts","../src/models/rbac-role-inheritance.ts","../src/models/rbac-role-parent.ts","../src/models/rbac-role-policy.ts","../src/models/rbac-role.ts","../src/repositories/index.ts","../src/repositories/rbac.ts","../src/services/index.ts","../src/services/rbac-module-service.ts","../src/types/index.ts"],"version":"5.8.3"}

package/dist/types/index.d.ts

@@ -0,0 +1,2 @@
+export type RbacModuleOptions = Record<string, unknown>;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA"}

package/dist/types/index.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":""}