@feedmepos/mf-hrm-portal 1.1.3-dev → 1.1.3-dev.10

package/dist/app.js

@@ -1,6 +1,6 @@
-import { d as a, i as o, e as p } from "./app-CcbYGJ22.js";
+import { b as e, i as r, r as o } from "./app-C04LPGZa.js";
 export {
-  a as FmApp,
-  o as i18nMessages,
-  p as routes
+  e as FmApp,
+  r as i18nMessages,
+  o as routes
 };

package/dist/composables/useReportPermissions.d.ts

@@ -0,0 +1,14 @@
+export declare function useReportPermissions(): {
+    fetchReportPermissions: () => Promise<void>;
+    allReportPermissions: import("vue").ComputedRef<{
+        reason?: string | null | undefined;
+        conditions?: any;
+        fields?: string[] | null | undefined;
+        inverted?: boolean | null | undefined;
+        label: string;
+        subject: string;
+        actions: ("update" | "create" | "read" | "delete" | "manage")[];
+    }[]>;
+    availableReportKeys: import("vue").ComputedRef<Set<string>>;
+    isLoading: import("vue").ComputedRef<boolean>;
+};

package/dist/{dayjs.min-CgN1oBQf.js → dayjs.min-CKv07Hiu.js}

@@ -1,4 +1,4 @@
-import { g as Q, c as K } from "./app-CcbYGJ22.js";
+import { g as Q, c as K } from "./app-C04LPGZa.js";
 var E = { exports: {} };
 (function(V, X) {
   (function(W, k) {

package/dist/employee-DyW4lRCb.js

@@ -0,0 +1,144 @@
+import { d as T } from "./dayjs.min-CKv07Hiu.js";
+import { defineStore as _, storeToRefs as U } from "pinia";
+import { ref as I } from "vue";
+import { useCoreStore as $ } from "@feedmepos/mf-common";
+import { b as r, g as o, t as b, k as S, s as v } from "./index-CIz_Nsy5.js";
+import { u as x } from "./useAppStore-CWtHdJdl.js";
+const n = {
+  async readEmployees() {
+    return o(await r().get("/pos-users"));
+  },
+  async createEmployee(e) {
+    return o(await r().post("/pos-users", e));
+  },
+  async createMasterEmployee(e) {
+    return o(await r().post("/pos-users/master-user", e));
+  },
+  async migrateToMasterEmployee(e, t) {
+    return o(await r().put(`/pos-users/migrate/${e}`, t));
+  },
+  async updateEmployee(e, t) {
+    return o(await r().put(`/pos-users/${e}`, t));
+  },
+  async updateMasterEmployee(e, t) {
+    return o(await r().put(`/pos-users/master-user/${e}`, t));
+  },
+  async deleteEmployee(e) {
+    return o(
+      await r().put(`/pos-users/${e._id}`, {
+        user: e,
+        roles: []
+      })
+    );
+  },
+  async deleteMasterEmployee(e) {
+    return o(
+      await r().put(`/pos-users/master-user/${e._id}`, {
+        user: e,
+        roles: []
+      })
+    );
+  },
+  async generateEmployeePasscode() {
+    return `${o(await r().get("/pos-users/generate-passcode"))}`;
+  },
+  async syncUsersMeta() {
+    await r().post("/pos-users/create-users-meta");
+  }
+};
+async function i(e) {
+  const t = x().roles.value, { restaurants: d } = $(), M = e.reduce((u, l) => {
+    var w;
+    const { _id: E, restaurantId: m } = l, p = u.findIndex((s) => s._id === E), g = ((w = d.value.find((s) => s._id === m)) == null ? void 0 : w.profile.name) || "", c = t.find((s) => s._id === l.role), f = {
+      restaurantId: m,
+      restaurantName: g,
+      roleId: (c == null ? void 0 : c._id) || "",
+      roleName: (c == null ? void 0 : c.name) || ""
+    };
+    return p < 0 ? u.push({
+      ...l,
+      since: T(S(E)).format("DD/MM/YYYY"),
+      restaurants: [f]
+    }) : u[p].restaurants.some((s) => s.restaurantId === m) || (u[p].restaurants = v([...u[p].restaurants, f], {
+      selector: "restaurantName"
+    })), u;
+  }, []);
+  return v(M, { selector: "name" });
+}
+const D = _("employee", () => {
+  const e = I([]), t = I(!1), d = I([]);
+  async function M() {
+    try {
+      t.value = !0;
+      const s = await n.readEmployees();
+      e.value = await i(s);
+    } catch (s) {
+      console.log("Error reading employees:", s);
+    } finally {
+      t.value = !1;
+    }
+  }
+  async function u(s) {
+    const a = await n.createEmployee(s);
+    e.value = await i(a);
+  }
+  async function l(s, a) {
+    const y = await n.updateEmployee(s, a);
+    e.value = await i(y);
+  }
+  async function E(s) {
+    const a = await n.deleteEmployee(s);
+    e.value = await i(a);
+  }
+  async function m(s) {
+    const a = await n.deleteMasterEmployee(s);
+    e.value = await i(a);
+  }
+  async function p(s) {
+    const a = await n.createMasterEmployee(s);
+    e.value = await i(a);
+  }
+  async function g(s, a) {
+    const y = await n.updateMasterEmployee(s, a);
+    e.value = await i(y);
+  }
+  async function c(s, a) {
+    const y = await n.migrateToMasterEmployee(s, a);
+    e.value = await i(y);
+  }
+  async function f() {
+    try {
+      d.value = await b.readTeamMemberPosUserIds();
+    } catch (s) {
+      console.log("Error reading team member pos user ids:", s);
+    }
+  }
+  async function w() {
+    await n.syncUsersMeta();
+  }
+  return {
+    employees: e,
+    restrictEmployeeIds: d,
+    isLoading: t,
+    readEmployees: M,
+    createEmployee: u,
+    updateEmployee: l,
+    deleteEmployee: E,
+    createMasterEmployee: p,
+    updateMasterEmployee: g,
+    deleteMasterEmployee: m,
+    migrateToMasterUser: c,
+    readTeamMemberPosUserIds: f,
+    syncUsersMeta: w
+  };
+}), R = () => {
+  const e = D();
+  return {
+    ...e,
+    ...U(e)
+  };
+};
+export {
+  n as E,
+  R as u
+};

package/dist/helpers/permission-set.d.ts

@@ -1,5 +1,21 @@
 import type { InheritedPermission, IFdtoPermissionSet } from '@/types/permission-set';
 import type { FdoPermissionRule } from '@feedmepos/core/entity';
+/**
+ * Recursively collect all permission sets following permissionSetIds links.
+ * Returns a flat, deduplicated list in depth-first order (parent before children).
+ * Cycle-safe via the visited set.
+ */
+export declare function collectAllPermissionSets(setIds: string[], allSets: IFdtoPermissionSet[], visited?: Set<string>): IFdtoPermissionSet[];
+/**
+ * Compute the effective permissions from a list of permission sets.
+ *
+ * Unlike a raw `mergePermissionSet().map(...)`, this correctly handles sets that store
+ * override diffs (inverted rules): it first merges all grants and denials from the sets,
+ * then applies the denials on top of the grants via `getEffectivePermissions`, producing a
+ * clean list of effective grants only. This ensures that subjects removed by a child set's
+ * inversion are not incorrectly shown as granted.
+ */
+export declare function mergeToEffectivePermissions(sets: IFdtoPermissionSet[]): FdoPermissionRule[];
 /**
  * Transform permission sets by grouping role names by collection IDs for a specific field
  * @param permissionSets - Array of permission sets with their permissions
@@ -23,6 +39,13 @@ export declare function transformByCollection(permissionSets: IFdtoPermissionSet
  * - If user has conditions and base doesn't, return user's rule (user added)
  */
 export declare function getOverridePermissions(basePermissions: FdoPermissionRule[], overridePermissions: FdoPermissionRule[]): FdoPermissionRule[];
+export declare function materializeSystemPermissionSetOverrides(overridePermissions: FdoPermissionRule[]): FdoPermissionRule[];
+/**
+ * Strip positive rules whose subject would be re-injected by system permission set expansion.
+ * These need not be persisted to DB — expansion re-adds them at runtime.
+ * Inverted rules (explicit user denials) are always preserved.
+ */
+export declare function stripSystemExpandedPositives(permissions: FdoPermissionRule[]): FdoPermissionRule[];
 /**
  * Combine base permissions with override permissions to get effective permissions
  * @param basePermissions - Base permissions from permission sets
@@ -30,3 +53,17 @@ export declare function getOverridePermissions(basePermissions: FdoPermissionRul
  * @returns - Combined effective permissions
  */
 export declare function getEffectivePermissions(basePermissions: FdoPermissionRule[], overridePermissions: FdoPermissionRule[]): FdoPermissionRule[];
+/**
+ * Compute the initial permissions for the permission editor.
+ *
+ * Like `getEffectivePermissions`, but also preserves "orphaned" inverted rules — denials whose
+ * subject is NOT present in any base permission set (i.e. they target system-expanded subjects,
+ * not permission-set-inherited subjects). These denials seed `visitedSetIds` in
+ * `expandWithSystemPermissionSets` to block runtime re-expansion of system sets that the user
+ * explicitly unchecked. Without them the editor would initialise without the denial guard and
+ * those subjects would reappear as checked the next time the form opens.
+ *
+ * Inverted rules whose subject IS in base are handled correctly by `getEffectivePermissions`
+ * already (they cancel the inherited grant) and do not need special treatment here.
+ */
+export declare function getEditorPermissions(basePermissions: FdoPermissionRule[], customPermissions: FdoPermissionRule[]): FdoPermissionRule[];

package/dist/helpers/rule.d.ts

@@ -1,7 +1,7 @@
 import type { RawRule } from '@casl/ability';
 import { F_RULE_SUBJECT, type FdoPermissionRule } from '@feedmepos/core/entity';
 import type { Rule } from '../types/role';
-export declare function filterPermissions(permissions: FdoPermissionRule[], subject: F_RULE_SUBJECT): string;
+export declare function filterPermissions(permissions: FdoPermissionRule[], subject: F_RULE_SUBJECT, availablePermissions?: FdoPermissionRule[]): string;
 export declare function ruleExtension(rule: FdoPermissionRule): {
     conditions: any;
     isDiscountOperation: boolean;