@fiado/type-kit 3.108.0 → 3.110.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_test_/unit/platformRbac/tenantTypes.test.ts +8 -2
- package/bin/platformRbac/application/Application.d.ts +54 -0
- package/bin/platformRbac/application/Application.js +2 -0
- package/bin/platformRbac/application/ApplicationPermission.d.ts +13 -0
- package/bin/platformRbac/application/ApplicationPermission.js +2 -0
- package/bin/platformRbac/application/requests.d.ts +22 -0
- package/bin/platformRbac/application/requests.js +2 -0
- package/bin/platformRbac/enums/ApplicationStatus.d.ts +5 -0
- package/bin/platformRbac/enums/ApplicationStatus.js +9 -0
- package/bin/platformRbac/enums/PermissionKind.d.ts +9 -0
- package/bin/platformRbac/enums/PermissionKind.js +13 -0
- package/bin/platformRbac/enums/PermissionScope.d.ts +10 -1
- package/bin/platformRbac/enums/PermissionScope.js +9 -0
- package/bin/platformRbac/index.d.ts +5 -0
- package/bin/platformRbac/index.js +5 -0
- package/bin/platformRbac/tenantTypes.js +5 -0
- package/bin/walletFunding/enums/WalletFundingErrorCodeEnum.d.ts +8 -1
- package/bin/walletFunding/enums/WalletFundingErrorCodeEnum.js +7 -0
- package/package.json +1 -1
- package/src/platformRbac/application/Application.ts +41 -0
- package/src/platformRbac/application/ApplicationPermission.ts +8 -0
- package/src/platformRbac/application/requests.ts +13 -0
- package/src/platformRbac/enums/ApplicationStatus.ts +5 -0
- package/src/platformRbac/enums/PermissionKind.ts +9 -0
- package/src/platformRbac/enums/PermissionScope.ts +9 -0
- package/src/platformRbac/index.ts +20 -0
- package/src/platformRbac/tenantTypes.ts +4 -0
- package/src/walletFunding/enums/WalletFundingErrorCodeEnum.ts +7 -0
|
@@ -6,13 +6,16 @@ describe('tenantTypes', () => {
|
|
|
6
6
|
expect(levelsOf(TenantType.RETAIL)).toEqual([PermissionScope.RETAILER, PermissionScope.STORE]);
|
|
7
7
|
});
|
|
8
8
|
|
|
9
|
-
it('scopeRankOrder = [PLATFORM, TENANT, RETAILER, STORE, GROUP
|
|
9
|
+
it('scopeRankOrder = [PLATFORM, TENANT, RETAILER, STORE, GROUP, LEVEL_1, LEVEL_2, LEVEL_3]', () => {
|
|
10
10
|
expect(scopeRankOrder()).toEqual([
|
|
11
11
|
PermissionScope.PLATFORM,
|
|
12
12
|
PermissionScope.TENANT,
|
|
13
13
|
PermissionScope.RETAILER,
|
|
14
14
|
PermissionScope.STORE,
|
|
15
15
|
PermissionScope.GROUP,
|
|
16
|
+
PermissionScope.LEVEL_1,
|
|
17
|
+
PermissionScope.LEVEL_2,
|
|
18
|
+
PermissionScope.LEVEL_3,
|
|
16
19
|
]);
|
|
17
20
|
});
|
|
18
21
|
|
|
@@ -40,13 +43,16 @@ describe('tenantTypes', () => {
|
|
|
40
43
|
expect(tableSuffixForLevel(TenantType.AGENTS, PermissionScope.GROUP)).toBe('SharedGroup');
|
|
41
44
|
});
|
|
42
45
|
|
|
43
|
-
it('scopeRankOrder incluye GROUP
|
|
46
|
+
it('scopeRankOrder incluye GROUP (vía los levels de agents) seguido de los niveles genéricos LEVEL_1/2/3', () => {
|
|
44
47
|
expect(scopeRankOrder()).toEqual([
|
|
45
48
|
PermissionScope.PLATFORM,
|
|
46
49
|
PermissionScope.TENANT,
|
|
47
50
|
PermissionScope.RETAILER,
|
|
48
51
|
PermissionScope.STORE,
|
|
49
52
|
PermissionScope.GROUP,
|
|
53
|
+
PermissionScope.LEVEL_1,
|
|
54
|
+
PermissionScope.LEVEL_2,
|
|
55
|
+
PermissionScope.LEVEL_3,
|
|
50
56
|
]);
|
|
51
57
|
});
|
|
52
58
|
});
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import { ApplicationStatus } from '../enums/ApplicationStatus';
|
|
3
|
+
import type { UserFieldDef } from '../dtos/UserFieldDef';
|
|
4
|
+
import type { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
5
|
+
export interface LevelDef {
|
|
6
|
+
level: PermissionScope;
|
|
7
|
+
displayName: string;
|
|
8
|
+
}
|
|
9
|
+
export interface ApplicationSecurityPolicyDefault {
|
|
10
|
+
mfaRequired?: boolean;
|
|
11
|
+
methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
|
|
12
|
+
defaultPreferred?: 'TOTP' | 'EMAIL';
|
|
13
|
+
sessionTimeoutMin?: number;
|
|
14
|
+
passwordPolicy?: {
|
|
15
|
+
minLength: number;
|
|
16
|
+
requireSymbol: boolean;
|
|
17
|
+
requireNumber: boolean;
|
|
18
|
+
requireUppercase: boolean;
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
export interface ApplicationBrandingDefault {
|
|
22
|
+
logoUrl?: string;
|
|
23
|
+
primaryColor?: string;
|
|
24
|
+
secondaryColor?: string;
|
|
25
|
+
accentColor?: string;
|
|
26
|
+
logoWidth?: number;
|
|
27
|
+
faviconUrl?: string;
|
|
28
|
+
webappBaseUrl?: string;
|
|
29
|
+
}
|
|
30
|
+
export interface ApplicationDefaults {
|
|
31
|
+
externalScopeLevels?: PermissionScope[];
|
|
32
|
+
userFieldDefs?: UserFieldDef[];
|
|
33
|
+
securityPolicy?: ApplicationSecurityPolicyDefault;
|
|
34
|
+
brandingConfig?: ApplicationBrandingDefault;
|
|
35
|
+
tokenValidationMode?: TokenValidationMode;
|
|
36
|
+
}
|
|
37
|
+
export interface SeedRole {
|
|
38
|
+
roleId: string;
|
|
39
|
+
displayName: string;
|
|
40
|
+
description?: string;
|
|
41
|
+
permissions: string[];
|
|
42
|
+
scope: PermissionScope;
|
|
43
|
+
isSystem: boolean;
|
|
44
|
+
}
|
|
45
|
+
export interface Application {
|
|
46
|
+
applicationId: string;
|
|
47
|
+
displayName: string;
|
|
48
|
+
levels: LevelDef[];
|
|
49
|
+
defaults: ApplicationDefaults;
|
|
50
|
+
seedRoles: SeedRole[];
|
|
51
|
+
status: ApplicationStatus;
|
|
52
|
+
createdAt?: number;
|
|
53
|
+
updatedAt?: number;
|
|
54
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import { PermissionKind } from '../enums/PermissionKind';
|
|
3
|
+
export interface ApplicationPermission {
|
|
4
|
+
applicationId: string;
|
|
5
|
+
permissionKey: string;
|
|
6
|
+
displayName: string;
|
|
7
|
+
description: string;
|
|
8
|
+
scope: PermissionScope;
|
|
9
|
+
kind: PermissionKind;
|
|
10
|
+
category?: string;
|
|
11
|
+
createdAt?: number;
|
|
12
|
+
updatedAt?: number;
|
|
13
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import type { LevelDef, ApplicationDefaults, SeedRole } from './Application';
|
|
3
|
+
export interface CreateApplicationRequest {
|
|
4
|
+
applicationId: string;
|
|
5
|
+
displayName: string;
|
|
6
|
+
levels: LevelDef[];
|
|
7
|
+
defaults?: ApplicationDefaults;
|
|
8
|
+
seedRoles?: SeedRole[];
|
|
9
|
+
}
|
|
10
|
+
export interface UpdateApplicationRequest {
|
|
11
|
+
displayName?: string;
|
|
12
|
+
levels?: LevelDef[];
|
|
13
|
+
defaults?: ApplicationDefaults;
|
|
14
|
+
seedRoles?: SeedRole[];
|
|
15
|
+
}
|
|
16
|
+
export interface UpsertApplicationPermissionRequest {
|
|
17
|
+
permissionKey: string;
|
|
18
|
+
displayName: string;
|
|
19
|
+
description: string;
|
|
20
|
+
scope: PermissionScope;
|
|
21
|
+
category?: string;
|
|
22
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ApplicationStatus = void 0;
|
|
4
|
+
/** Estado de una aplicación (plantilla). Archivar en vez de borrar si tiene tenants. DEC-RBAC-031. */
|
|
5
|
+
var ApplicationStatus;
|
|
6
|
+
(function (ApplicationStatus) {
|
|
7
|
+
ApplicationStatus["ACTIVE"] = "ACTIVE";
|
|
8
|
+
ApplicationStatus["ARCHIVED"] = "ARCHIVED";
|
|
9
|
+
})(ApplicationStatus || (exports.ApplicationStatus = ApplicationStatus = {}));
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Clase de un permiso del catálogo (DEC-RBAC-033).
|
|
3
|
+
* SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
|
|
4
|
+
* CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
|
|
5
|
+
*/
|
|
6
|
+
export declare enum PermissionKind {
|
|
7
|
+
SYSTEM = "SYSTEM",
|
|
8
|
+
CUSTOM = "CUSTOM"
|
|
9
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PermissionKind = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Clase de un permiso del catálogo (DEC-RBAC-033).
|
|
6
|
+
* SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
|
|
7
|
+
* CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
|
|
8
|
+
*/
|
|
9
|
+
var PermissionKind;
|
|
10
|
+
(function (PermissionKind) {
|
|
11
|
+
PermissionKind["SYSTEM"] = "SYSTEM";
|
|
12
|
+
PermissionKind["CUSTOM"] = "CUSTOM";
|
|
13
|
+
})(PermissionKind || (exports.PermissionKind = PermissionKind = {}));
|
|
@@ -2,11 +2,20 @@
|
|
|
2
2
|
* Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
|
|
3
3
|
* Jerarquía agents: PLATFORM > TENANT > GROUP.
|
|
4
4
|
* Componente 01 spec.
|
|
5
|
+
*
|
|
6
|
+
* Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
|
|
7
|
+
* (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
|
|
8
|
+
* su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
|
|
9
|
+
* cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
|
|
10
|
+
* Los niveles legacy se conservan para no romper retail/agents existentes.
|
|
5
11
|
*/
|
|
6
12
|
export declare enum PermissionScope {
|
|
7
13
|
PLATFORM = "PLATFORM",
|
|
8
14
|
TENANT = "TENANT",
|
|
9
15
|
RETAILER = "RETAILER",
|
|
10
16
|
STORE = "STORE",
|
|
11
|
-
GROUP = "GROUP"
|
|
17
|
+
GROUP = "GROUP",
|
|
18
|
+
LEVEL_1 = "LEVEL_1",
|
|
19
|
+
LEVEL_2 = "LEVEL_2",
|
|
20
|
+
LEVEL_3 = "LEVEL_3"
|
|
12
21
|
}
|
|
@@ -5,6 +5,12 @@ exports.PermissionScope = void 0;
|
|
|
5
5
|
* Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
|
|
6
6
|
* Jerarquía agents: PLATFORM > TENANT > GROUP.
|
|
7
7
|
* Componente 01 spec.
|
|
8
|
+
*
|
|
9
|
+
* Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
|
|
10
|
+
* (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
|
|
11
|
+
* su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
|
|
12
|
+
* cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
|
|
13
|
+
* Los niveles legacy se conservan para no romper retail/agents existentes.
|
|
8
14
|
*/
|
|
9
15
|
var PermissionScope;
|
|
10
16
|
(function (PermissionScope) {
|
|
@@ -13,4 +19,7 @@ var PermissionScope;
|
|
|
13
19
|
PermissionScope["RETAILER"] = "RETAILER";
|
|
14
20
|
PermissionScope["STORE"] = "STORE";
|
|
15
21
|
PermissionScope["GROUP"] = "GROUP";
|
|
22
|
+
PermissionScope["LEVEL_1"] = "LEVEL_1";
|
|
23
|
+
PermissionScope["LEVEL_2"] = "LEVEL_2";
|
|
24
|
+
PermissionScope["LEVEL_3"] = "LEVEL_3";
|
|
16
25
|
})(PermissionScope || (exports.PermissionScope = PermissionScope = {}));
|
|
@@ -34,3 +34,8 @@ export type { UserFieldDef } from './dtos/UserFieldDef';
|
|
|
34
34
|
export * from './dtos/CreateUserFieldRequest';
|
|
35
35
|
export * from './dtos/UpdateUserFieldRequest';
|
|
36
36
|
export type { InjectableUserAttributesResponse } from './dtos/InjectableUserAttributesResponse';
|
|
37
|
+
export * from './enums/ApplicationStatus';
|
|
38
|
+
export * from './enums/PermissionKind';
|
|
39
|
+
export type { LevelDef, ApplicationSecurityPolicyDefault, ApplicationBrandingDefault, ApplicationDefaults, SeedRole, Application, } from './application/Application';
|
|
40
|
+
export type { ApplicationPermission } from './application/ApplicationPermission';
|
|
41
|
+
export type { CreateApplicationRequest, UpdateApplicationRequest, UpsertApplicationPermissionRequest, } from './application/requests';
|
|
@@ -81,3 +81,8 @@ Object.defineProperty(exports, "UserFieldType", { enumerable: true, get: functio
|
|
|
81
81
|
// InjectableUserAttributesResponse es interface plain (consumida por jwt-inyector) → type-only.
|
|
82
82
|
__exportStar(require("./dtos/CreateUserFieldRequest"), exports);
|
|
83
83
|
__exportStar(require("./dtos/UpdateUserFieldRequest"), exports);
|
|
84
|
+
// Aplicación + niveles genéricos (sub-proyecto #1 de platform-rbac-business, DEC-RBAC-030/031/033).
|
|
85
|
+
// ApplicationStatus/PermissionKind son enums (export de valor); Application, ApplicationPermission y
|
|
86
|
+
// los requests son interfaces plain (sin decoradores class-validator) → type-only.
|
|
87
|
+
__exportStar(require("./enums/ApplicationStatus"), exports);
|
|
88
|
+
__exportStar(require("./enums/PermissionKind"), exports);
|
|
@@ -49,5 +49,10 @@ function scopeRankOrder() {
|
|
|
49
49
|
if (!order.includes(lvl))
|
|
50
50
|
order.push(lvl);
|
|
51
51
|
}
|
|
52
|
+
// DEC-RBAC-032: niveles genéricos al final del orden total (UI/ranking). Append-only, después de los legacy.
|
|
53
|
+
for (const lvl of [PermissionScope_1.PermissionScope.LEVEL_1, PermissionScope_1.PermissionScope.LEVEL_2, PermissionScope_1.PermissionScope.LEVEL_3]) {
|
|
54
|
+
if (!order.includes(lvl))
|
|
55
|
+
order.push(lvl);
|
|
56
|
+
}
|
|
52
57
|
return order;
|
|
53
58
|
}
|
|
@@ -12,5 +12,12 @@ export declare enum WalletFundingErrorCodeEnum {
|
|
|
12
12
|
REFERENCE_ALREADY_PAID = "REFERENCE_ALREADY_PAID",
|
|
13
13
|
AMOUNT_MISMATCH = "AMOUNT_MISMATCH",
|
|
14
14
|
PROVIDER_REJECTED = "PROVIDER_REJECTED",
|
|
15
|
-
PROVIDER_TIMEOUT = "PROVIDER_TIMEOUT"
|
|
15
|
+
PROVIDER_TIMEOUT = "PROVIDER_TIMEOUT",
|
|
16
|
+
/**
|
|
17
|
+
* Connector (o servicio downstream) está en modo mantenimiento manual.
|
|
18
|
+
* Devuelto en outbound cuando `EQUALITY_MAINTENANCE_MODE=true`. Para el
|
|
19
|
+
* inbound (webhooks), Equality recibe `responseCode 99` directamente
|
|
20
|
+
* (sin pasar por este enum).
|
|
21
|
+
*/
|
|
22
|
+
MAINTENANCE_MODE = "MAINTENANCE_MODE"
|
|
16
23
|
}
|
|
@@ -17,4 +17,11 @@ var WalletFundingErrorCodeEnum;
|
|
|
17
17
|
WalletFundingErrorCodeEnum["AMOUNT_MISMATCH"] = "AMOUNT_MISMATCH";
|
|
18
18
|
WalletFundingErrorCodeEnum["PROVIDER_REJECTED"] = "PROVIDER_REJECTED";
|
|
19
19
|
WalletFundingErrorCodeEnum["PROVIDER_TIMEOUT"] = "PROVIDER_TIMEOUT";
|
|
20
|
+
/**
|
|
21
|
+
* Connector (o servicio downstream) está en modo mantenimiento manual.
|
|
22
|
+
* Devuelto en outbound cuando `EQUALITY_MAINTENANCE_MODE=true`. Para el
|
|
23
|
+
* inbound (webhooks), Equality recibe `responseCode 99` directamente
|
|
24
|
+
* (sin pasar por este enum).
|
|
25
|
+
*/
|
|
26
|
+
WalletFundingErrorCodeEnum["MAINTENANCE_MODE"] = "MAINTENANCE_MODE";
|
|
20
27
|
})(WalletFundingErrorCodeEnum || (exports.WalletFundingErrorCodeEnum = WalletFundingErrorCodeEnum = {}));
|
package/package.json
CHANGED
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import { ApplicationStatus } from '../enums/ApplicationStatus';
|
|
3
|
+
import type { UserFieldDef } from '../dtos/UserFieldDef';
|
|
4
|
+
import type { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
5
|
+
|
|
6
|
+
export interface LevelDef {
|
|
7
|
+
level: PermissionScope; // LEVEL_1 | LEVEL_2 | LEVEL_3
|
|
8
|
+
displayName: string;
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
export interface ApplicationSecurityPolicyDefault {
|
|
12
|
+
mfaRequired?: boolean;
|
|
13
|
+
methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
|
|
14
|
+
defaultPreferred?: 'TOTP' | 'EMAIL';
|
|
15
|
+
sessionTimeoutMin?: number;
|
|
16
|
+
passwordPolicy?: { minLength: number; requireSymbol: boolean; requireNumber: boolean; requireUppercase: boolean };
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
export interface ApplicationBrandingDefault {
|
|
20
|
+
logoUrl?: string; primaryColor?: string; secondaryColor?: string; accentColor?: string;
|
|
21
|
+
logoWidth?: number; faviconUrl?: string; webappBaseUrl?: string;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export interface ApplicationDefaults {
|
|
25
|
+
externalScopeLevels?: PermissionScope[];
|
|
26
|
+
userFieldDefs?: UserFieldDef[];
|
|
27
|
+
securityPolicy?: ApplicationSecurityPolicyDefault;
|
|
28
|
+
brandingConfig?: ApplicationBrandingDefault;
|
|
29
|
+
tokenValidationMode?: TokenValidationMode;
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
export interface SeedRole {
|
|
33
|
+
roleId: string; displayName: string; description?: string;
|
|
34
|
+
permissions: string[]; scope: PermissionScope; isSystem: boolean;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
export interface Application {
|
|
38
|
+
applicationId: string; displayName: string; levels: LevelDef[];
|
|
39
|
+
defaults: ApplicationDefaults; seedRoles: SeedRole[]; status: ApplicationStatus;
|
|
40
|
+
createdAt?: number; updatedAt?: number;
|
|
41
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import { PermissionKind } from '../enums/PermissionKind';
|
|
3
|
+
|
|
4
|
+
export interface ApplicationPermission {
|
|
5
|
+
applicationId: string; permissionKey: string; displayName: string; description: string;
|
|
6
|
+
scope: PermissionScope; kind: PermissionKind; category?: string;
|
|
7
|
+
createdAt?: number; updatedAt?: number;
|
|
8
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
2
|
+
import type { LevelDef, ApplicationDefaults, SeedRole } from './Application';
|
|
3
|
+
|
|
4
|
+
export interface CreateApplicationRequest {
|
|
5
|
+
applicationId: string; displayName: string; levels: LevelDef[];
|
|
6
|
+
defaults?: ApplicationDefaults; seedRoles?: SeedRole[];
|
|
7
|
+
}
|
|
8
|
+
export interface UpdateApplicationRequest {
|
|
9
|
+
displayName?: string; levels?: LevelDef[]; defaults?: ApplicationDefaults; seedRoles?: SeedRole[];
|
|
10
|
+
}
|
|
11
|
+
export interface UpsertApplicationPermissionRequest {
|
|
12
|
+
permissionKey: string; displayName: string; description: string; scope: PermissionScope; category?: string;
|
|
13
|
+
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Clase de un permiso del catálogo (DEC-RBAC-033).
|
|
3
|
+
* SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
|
|
4
|
+
* CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
|
|
5
|
+
*/
|
|
6
|
+
export enum PermissionKind {
|
|
7
|
+
SYSTEM = 'SYSTEM',
|
|
8
|
+
CUSTOM = 'CUSTOM',
|
|
9
|
+
}
|
|
@@ -2,6 +2,12 @@
|
|
|
2
2
|
* Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
|
|
3
3
|
* Jerarquía agents: PLATFORM > TENANT > GROUP.
|
|
4
4
|
* Componente 01 spec.
|
|
5
|
+
*
|
|
6
|
+
* Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
|
|
7
|
+
* (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
|
|
8
|
+
* su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
|
|
9
|
+
* cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
|
|
10
|
+
* Los niveles legacy se conservan para no romper retail/agents existentes.
|
|
5
11
|
*/
|
|
6
12
|
export enum PermissionScope {
|
|
7
13
|
PLATFORM = 'PLATFORM',
|
|
@@ -9,4 +15,7 @@ export enum PermissionScope {
|
|
|
9
15
|
RETAILER = 'RETAILER',
|
|
10
16
|
STORE = 'STORE',
|
|
11
17
|
GROUP = 'GROUP',
|
|
18
|
+
LEVEL_1 = 'LEVEL_1',
|
|
19
|
+
LEVEL_2 = 'LEVEL_2',
|
|
20
|
+
LEVEL_3 = 'LEVEL_3',
|
|
12
21
|
}
|
|
@@ -73,3 +73,23 @@ export type { UserFieldDef } from './dtos/UserFieldDef';
|
|
|
73
73
|
export * from './dtos/CreateUserFieldRequest';
|
|
74
74
|
export * from './dtos/UpdateUserFieldRequest';
|
|
75
75
|
export type { InjectableUserAttributesResponse } from './dtos/InjectableUserAttributesResponse';
|
|
76
|
+
|
|
77
|
+
// Aplicación + niveles genéricos (sub-proyecto #1 de platform-rbac-business, DEC-RBAC-030/031/033).
|
|
78
|
+
// ApplicationStatus/PermissionKind son enums (export de valor); Application, ApplicationPermission y
|
|
79
|
+
// los requests son interfaces plain (sin decoradores class-validator) → type-only.
|
|
80
|
+
export * from './enums/ApplicationStatus';
|
|
81
|
+
export * from './enums/PermissionKind';
|
|
82
|
+
export type {
|
|
83
|
+
LevelDef,
|
|
84
|
+
ApplicationSecurityPolicyDefault,
|
|
85
|
+
ApplicationBrandingDefault,
|
|
86
|
+
ApplicationDefaults,
|
|
87
|
+
SeedRole,
|
|
88
|
+
Application,
|
|
89
|
+
} from './application/Application';
|
|
90
|
+
export type { ApplicationPermission } from './application/ApplicationPermission';
|
|
91
|
+
export type {
|
|
92
|
+
CreateApplicationRequest,
|
|
93
|
+
UpdateApplicationRequest,
|
|
94
|
+
UpsertApplicationPermissionRequest,
|
|
95
|
+
} from './application/requests';
|
|
@@ -53,5 +53,9 @@ export function scopeRankOrder(): PermissionScope[] {
|
|
|
53
53
|
for (const def of Object.values(TENANT_TYPES)) {
|
|
54
54
|
for (const lvl of def.levels) if (!order.includes(lvl)) order.push(lvl);
|
|
55
55
|
}
|
|
56
|
+
// DEC-RBAC-032: niveles genéricos al final del orden total (UI/ranking). Append-only, después de los legacy.
|
|
57
|
+
for (const lvl of [PermissionScope.LEVEL_1, PermissionScope.LEVEL_2, PermissionScope.LEVEL_3]) {
|
|
58
|
+
if (!order.includes(lvl)) order.push(lvl);
|
|
59
|
+
}
|
|
56
60
|
return order;
|
|
57
61
|
}
|
|
@@ -13,4 +13,11 @@ export enum WalletFundingErrorCodeEnum {
|
|
|
13
13
|
AMOUNT_MISMATCH = "AMOUNT_MISMATCH",
|
|
14
14
|
PROVIDER_REJECTED = "PROVIDER_REJECTED",
|
|
15
15
|
PROVIDER_TIMEOUT = "PROVIDER_TIMEOUT",
|
|
16
|
+
/**
|
|
17
|
+
* Connector (o servicio downstream) está en modo mantenimiento manual.
|
|
18
|
+
* Devuelto en outbound cuando `EQUALITY_MAINTENANCE_MODE=true`. Para el
|
|
19
|
+
* inbound (webhooks), Equality recibe `responseCode 99` directamente
|
|
20
|
+
* (sin pasar por este enum).
|
|
21
|
+
*/
|
|
22
|
+
MAINTENANCE_MODE = "MAINTENANCE_MODE",
|
|
16
23
|
}
|