@feedmepos/mf-hrm-portal 2.0.10-dev → 2.0.10

package/dist/{lodash-CfsS7nDC.js → lodash-CrQQQutG.js}

@@ -1,4 +1,4 @@
-import { c as jt } from "./app-DHFWqcG2.js";
+import { c as jt } from "./app-CvSQBSNk.js";
 var Jr = { exports: {} };
 /**
  * @license

package/dist/src/api/audit-log/index.d.ts

@@ -7,6 +7,7 @@ declare const AuditLogAPI: {
         to?: string;
         userIds?: string[];
         subjects?: string[];
+        subjectPrefixes?: string[];
         actions?: string[];
         outcomes?: string[];
     }): Promise<AuditLogEntry[]>;

package/dist/src/api/grant-user/index.d.ts

@@ -0,0 +1,8 @@
+import type { IFdtoGrantUser, IFdtoCreateGrantUserReq, IFdtoGrantValidationRes } from '@/types/grant-user';
+declare const GrantUserAPI: {
+    getGrantUsers(): Promise<IFdtoGrantUser[]>;
+    createGrantUser(dto: IFdtoCreateGrantUserReq): Promise<IFdtoGrantUser>;
+    revokeGrantUser(id: string, restaurantId: string): Promise<IFdtoGrantUser>;
+    validatePasscode(passcode: string, restaurantId: string): Promise<IFdtoGrantValidationRes>;
+};
+export default GrantUserAPI;

package/dist/src/api/index.d.ts

@@ -3,6 +3,8 @@ export declare class ApiError extends Error {
     readonly status: number;
     constructor(message: string, status: number);
 }
-export declare const businessClientInstance: () => AxiosInstance;
+export declare const businessClientInstance: (subPath?: string) => AxiosInstance;
 export declare const queryEngineClientInstance: () => AxiosInstance;
+export declare const grantClientInstance: () => AxiosInstance;
+export declare const grantValidateClientInstance: () => AxiosInstance;
 export declare function getAxiosData<T>(response: AxiosResponse<T>): T;

package/dist/src/composables/useBasePermission.d.ts

@@ -0,0 +1,37 @@
+import { type ComputedRef, type Ref } from 'vue';
+import { type IFdtoPortalPermissionsWithVisibilityCondition } from '@feedmepos/hrm-permission';
+import type { FdoPermissionRule } from '@feedmepos/core/entity';
+export type CategoryGroup = {
+    category: string;
+    options: {
+        label: string;
+        value: string;
+    }[];
+    selectedSubjects: string[];
+    isMultiAction: boolean;
+    actionColumns: string[];
+    permissionActionsMap: Map<string, string[]>;
+    selectedActionsMap: Map<string, Set<string>>;
+    coverSubject: string | null;
+    coverSelectedActions: Set<string>;
+    coverCoversAll: boolean;
+};
+export declare function useBasePermission(modelValue: Readonly<Ref<FdoPermissionRule[]>>, allPermissions: ComputedRef<IFdtoPortalPermissionsWithVisibilityCondition[]>, excludedSubjects: Readonly<Ref<string[]>>, emit: (event: 'update:model-value', value: FdoPermissionRule[]) => void): {
+    categoryGroups: ComputedRef<CategoryGroup[]>;
+    toggleCategory: (category: string, subjects: unknown[]) => void;
+    isAllManageChecked: (group: CategoryGroup) => boolean;
+    toggleAllManage: (group: CategoryGroup) => void;
+    isManageChecked: (group: CategoryGroup, subject: string) => boolean;
+    isManageIndeterminate: (group: CategoryGroup, subject: string) => boolean;
+    toggleManage: (_group: CategoryGroup, subject: string, checked: boolean) => void;
+    hasNonManageActions: (group: CategoryGroup, subject: string) => boolean;
+    isActionChecked: (group: CategoryGroup, subject: string, action: string) => boolean;
+    isRowFullyCoveredByCover: (group: CategoryGroup, subject: string) => boolean;
+    isActionCoveredByCover: (group: CategoryGroup, subject: string, action: string) => boolean;
+    permissionDefinesAction: (group: CategoryGroup, subject: string, action: string) => boolean;
+    toggleAction: (subject: string, action: string, checked: boolean) => void;
+    isAllActionChecked: (group: CategoryGroup, action: string) => boolean;
+    isAllActionIndeterminate: (group: CategoryGroup, action: string) => boolean;
+    toggleAllAction: (group: CategoryGroup, action: string, checked: boolean) => void;
+    actionLabel: (action: string) => string;
+};

package/dist/src/helpers/permission-set.d.ts

@@ -43,18 +43,47 @@ export declare function materializeSystemPermissionSetOverrides(overridePermissi
 /**
  * Strip positive rules whose subject would be re-injected by system permission set expansion.
  * These need not be persisted to DB — expansion re-adds them at runtime.
- * Inverted rules (explicit user denials) are always preserved.
+ *
+ * Also strips inverted rules for subjects that are ONLY reachable as non-manage via permissions[]
+ * leaf injection. Such inverted rules cannot block permissions[] injection (only visitedSetIds/
+ * permissionSets[] expansion is blockable), are useless, and cause a CASL side-effect where an
+ * inverted `manage` rule inadvertently blocks `read` access.
+ *
+ * Inverted rules targeting subjects reachable as `manage` (via permissionSets[] chaining) are
+ * always preserved — they seed visitedSetIds to block system set re-expansion.
  */
 export declare function stripSystemExpandedPositives(permissions: FdoPermissionRule[]): FdoPermissionRule[];
+export declare const REPORT_SUBJECT_PREFIX = "business::report::";
 /**
- * Filter out permissions whose subject no longer exists in the known permission definitions.
- * Removes both positive and inverted rules for stale subjects.
+ * Filter out stale report permission rules.
+ *
+ * Only rules whose subject starts with `business::report::` are candidates for removal —
+ * any other subject (restaurant, role, warehouse, etc.) passes through untouched.
+ * A report-prefixed subject is kept only if it exists in `knownReportSubjects`.
  *
  * This handles:
  * - Deprecated/renamed subjects (e.g. `business::report::closeup` → `business::report::reports::closeup`)
  * - Deleted dynamic reports that no longer exist
  */
-export declare function filterStalePermissions(permissions: FdoPermissionRule[], knownSubjects: Set<string>): FdoPermissionRule[];
+export declare function filterStalePermissions(permissions: FdoPermissionRule[], knownReportSubjects: Set<string>): FdoPermissionRule[];
+/**
+ * Strip individual-report actions already covered by an `allDefaultReports` or
+ * `allCustomReports` positive grant, preventing redundant data from being saved.
+ *
+ * - If the cover rule has `manage` selected → every individual rule in that bucket is
+ *   fully covered and dropped entirely.
+ * - Otherwise, only covered non-manage actions are stripped from individual rules.
+ *   If `manage` was present and any non-manage action is stripped (breaking the
+ *   "manage = all non-manage selected" invariant), `manage` is also stripped.
+ *   Rules that end up with no remaining actions are dropped.
+ *
+ * Inverted rules and the cover subjects themselves pass through untouched.
+ *
+ * @param defaultReportSubjects  Full set of subjects in the "Default Report" UI category —
+ *   includes static hardcoded subjects AND dynamic reports with `isDefault: true`.
+ *   Built by the caller from `portalTeamPermissions` + `customReportPermissions`.
+ */
+export declare function filterRedundantReportPermissions(permissions: FdoPermissionRule[], defaultReportSubjects: Set<string>): FdoPermissionRule[];
 /**
  * Combine base permissions with override permissions to get effective permissions
  * @param basePermissions - Base permissions from permission sets
@@ -69,7 +98,7 @@ export declare function getEffectivePermissions(basePermissions: FdoPermissionRu
  * subject is NOT present in any base permission set (i.e. they target system-expanded subjects,
  * not permission-set-inherited subjects). These denials seed `visitedSetIds` in
  * `expandWithSystemPermissionSets` to block runtime re-expansion of system sets that the user
- * explicitly unchecked. Without them the editor would initialise without the denial guard and
+ * explicitly unchecked. Without them the editor would initialize without the denial guard and
  * those subjects would reappear as checked the next time the form opens.
  *
  * Inverted rules whose subject IS in base are handled correctly by `getEffectivePermissions`

package/dist/src/helpers/permission-set.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/helpers/permission-sync.d.ts

@@ -0,0 +1,12 @@
+import type { FdoPermissionRule } from '@feedmepos/core/entity';
+/**
+ * Keeps the `manage` action in sync with non-manage actions for a given subject.
+ *
+ * - Adds `manage` when every non-manage action in `definedActions` is selected.
+ * - Removes `manage` (and splices the rule if it becomes empty) when any
+ *   non-manage action is unselected.
+ * - No-op when the subject defines only `manage` (or no non-manage actions).
+ *
+ * Mutates `newRules` in place.
+ */
+export declare function applyManageSync(newRules: FdoPermissionRule[], subject: string, definedActions: string[]): void;

package/dist/src/router/shared.d.ts

@@ -7,7 +7,8 @@ export declare enum RouteName {
     AUDIT_LOG = "audit-log",
     TEAM = "team",
     TEAM_MEMBER = "team-member",
-    TEAM_ROLE = "team-role"
+    TEAM_ROLE = "team-role",
+    POS_GRANT = "pos-grant"
 }
 declare const routes: RouteRecordRaw[];
 export { routes };

package/dist/src/stores/grant-user.d.ts

@@ -0,0 +1,86 @@
+import type { IFdtoGrantUser, IFdtoCreateGrantUserReq } from '@/types/grant-user';
+export declare const useGrantUserStore: import("pinia").StoreDefinition<"grantUser", Pick<{
+    grantUsers: import("vue").Ref<{
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[], IFdtoGrantUser[] | {
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[]>;
+    isLoading: import("vue").Ref<boolean, boolean>;
+    readGrantUsers: () => Promise<void>;
+    createGrantUser: (dto: IFdtoCreateGrantUserReq) => Promise<IFdtoGrantUser>;
+    revokeGrantUser: (id: string, restaurantId: string) => Promise<void>;
+}, "isLoading" | "grantUsers">, Pick<{
+    grantUsers: import("vue").Ref<{
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[], IFdtoGrantUser[] | {
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[]>;
+    isLoading: import("vue").Ref<boolean, boolean>;
+    readGrantUsers: () => Promise<void>;
+    createGrantUser: (dto: IFdtoCreateGrantUserReq) => Promise<IFdtoGrantUser>;
+    revokeGrantUser: (id: string, restaurantId: string) => Promise<void>;
+}, never>, Pick<{
+    grantUsers: import("vue").Ref<{
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[], IFdtoGrantUser[] | {
+        _id: string;
+        passcode: string;
+        name: string;
+        restaurantId: string;
+        roleId: string;
+        status: "active" | "used" | "revoked";
+        grantById: string;
+        grantByName: string;
+        createdAt: string;
+        updatedAt: string;
+    }[]>;
+    isLoading: import("vue").Ref<boolean, boolean>;
+    readGrantUsers: () => Promise<void>;
+    createGrantUser: (dto: IFdtoCreateGrantUserReq) => Promise<IFdtoGrantUser>;
+    revokeGrantUser: (id: string, restaurantId: string) => Promise<void>;
+}, "readGrantUsers" | "createGrantUser" | "revokeGrantUser">>;

package/dist/src/types/grant-user.d.ts

@@ -0,0 +1,27 @@
+export interface IFdtoGrantUser {
+    _id: string;
+    passcode: string;
+    name: string;
+    restaurantId: string;
+    roleId: string;
+    status: 'active' | 'used' | 'revoked';
+    grantById: string;
+    grantByName: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface IFdtoCreateGrantUserReq {
+    name: string;
+    restaurantId: string;
+    roleId: string;
+}
+export interface IFdtoBypassUser {
+    id: string;
+    name: string;
+    role: string;
+    passcode: string;
+}
+export interface IFdtoGrantValidationRes {
+    bypass: boolean;
+    user: IFdtoBypassUser;
+}

package/dist/src/views/audit-log/components/AuditLogModuleTabs.vue.d.ts

@@ -0,0 +1,17 @@
+type TabValue = string | number;
+type TabItem = {
+    label: string;
+    value: TabValue;
+    disabled?: boolean;
+    badge?: number;
+};
+type __VLS_Props = {
+    modelValue: TabValue | null;
+    items: TabItem[];
+};
+declare const _default: import("vue").DefineComponent<__VLS_Props, {}, {}, {}, {}, import("vue").ComponentOptionsMixin, import("vue").ComponentOptionsMixin, {
+    "update:modelValue": (value: TabValue) => any;
+}, string, import("vue").PublicProps, Readonly<__VLS_Props> & Readonly<{
+    "onUpdate:modelValue"?: ((value: TabValue) => any) | undefined;
+}>, {}, {}, {}, {}, string, import("vue").ComponentProvideOptions, false, {}, any>;
+export default _default;

package/dist/src/views/audit-log/constants.d.ts

@@ -0,0 +1,30 @@
+export declare const AUDIT_LOG_MODULE_TABS: readonly [{
+    readonly key: "all";
+    readonly label: "All";
+    readonly subjectPrefixes: string[];
+}, {
+    readonly key: "inventory";
+    readonly label: "Inventory";
+    readonly subjectPrefixes: readonly ["business::inventory", "inventory"];
+}, {
+    readonly key: "report";
+    readonly label: "Report";
+    readonly subjectPrefixes: readonly ["business::report", "report"];
+}, {
+    readonly key: "hrm";
+    readonly label: "HRM";
+    readonly subjectPrefixes: readonly ["business::hrm", "hrm"];
+}, {
+    readonly key: "payment";
+    readonly label: "Payment";
+    readonly subjectPrefixes: readonly ["business::payment", "payment"];
+}, {
+    readonly key: "menu";
+    readonly label: "Menu";
+    readonly subjectPrefixes: readonly ["business::menu", "menu"];
+}, {
+    readonly key: "crm";
+    readonly label: "CRM";
+    readonly subjectPrefixes: readonly ["business::crm", "crm"];
+}];
+export type AuditLogModuleTab = (typeof AUDIT_LOG_MODULE_TABS)[number];