@fiado/type-kit 3.109.0 → 3.110.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -6,13 +6,16 @@ describe('tenantTypes', () => {
6
6
  expect(levelsOf(TenantType.RETAIL)).toEqual([PermissionScope.RETAILER, PermissionScope.STORE]);
7
7
  });
8
8
 
9
- it('scopeRankOrder = [PLATFORM, TENANT, RETAILER, STORE, GROUP] (retail + agents)', () => {
9
+ it('scopeRankOrder = [PLATFORM, TENANT, RETAILER, STORE, GROUP, LEVEL_1, LEVEL_2, LEVEL_3]', () => {
10
10
  expect(scopeRankOrder()).toEqual([
11
11
  PermissionScope.PLATFORM,
12
12
  PermissionScope.TENANT,
13
13
  PermissionScope.RETAILER,
14
14
  PermissionScope.STORE,
15
15
  PermissionScope.GROUP,
16
+ PermissionScope.LEVEL_1,
17
+ PermissionScope.LEVEL_2,
18
+ PermissionScope.LEVEL_3,
16
19
  ]);
17
20
  });
18
21
 
@@ -40,13 +43,16 @@ describe('tenantTypes', () => {
40
43
  expect(tableSuffixForLevel(TenantType.AGENTS, PermissionScope.GROUP)).toBe('SharedGroup');
41
44
  });
42
45
 
43
- it('scopeRankOrder incluye GROUP al final (vía los levels de agents, después de los de retail)', () => {
46
+ it('scopeRankOrder incluye GROUP (vía los levels de agents) seguido de los niveles genéricos LEVEL_1/2/3', () => {
44
47
  expect(scopeRankOrder()).toEqual([
45
48
  PermissionScope.PLATFORM,
46
49
  PermissionScope.TENANT,
47
50
  PermissionScope.RETAILER,
48
51
  PermissionScope.STORE,
49
52
  PermissionScope.GROUP,
53
+ PermissionScope.LEVEL_1,
54
+ PermissionScope.LEVEL_2,
55
+ PermissionScope.LEVEL_3,
50
56
  ]);
51
57
  });
52
58
  });
@@ -0,0 +1,54 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import { ApplicationStatus } from '../enums/ApplicationStatus';
3
+ import type { UserFieldDef } from '../dtos/UserFieldDef';
4
+ import type { TokenValidationMode } from '../enums/TokenValidationMode';
5
+ export interface LevelDef {
6
+ level: PermissionScope;
7
+ displayName: string;
8
+ }
9
+ export interface ApplicationSecurityPolicyDefault {
10
+ mfaRequired?: boolean;
11
+ methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
12
+ defaultPreferred?: 'TOTP' | 'EMAIL';
13
+ sessionTimeoutMin?: number;
14
+ passwordPolicy?: {
15
+ minLength: number;
16
+ requireSymbol: boolean;
17
+ requireNumber: boolean;
18
+ requireUppercase: boolean;
19
+ };
20
+ }
21
+ export interface ApplicationBrandingDefault {
22
+ logoUrl?: string;
23
+ primaryColor?: string;
24
+ secondaryColor?: string;
25
+ accentColor?: string;
26
+ logoWidth?: number;
27
+ faviconUrl?: string;
28
+ webappBaseUrl?: string;
29
+ }
30
+ export interface ApplicationDefaults {
31
+ externalScopeLevels?: PermissionScope[];
32
+ userFieldDefs?: UserFieldDef[];
33
+ securityPolicy?: ApplicationSecurityPolicyDefault;
34
+ brandingConfig?: ApplicationBrandingDefault;
35
+ tokenValidationMode?: TokenValidationMode;
36
+ }
37
+ export interface SeedRole {
38
+ roleId: string;
39
+ displayName: string;
40
+ description?: string;
41
+ permissions: string[];
42
+ scope: PermissionScope;
43
+ isSystem: boolean;
44
+ }
45
+ export interface Application {
46
+ applicationId: string;
47
+ displayName: string;
48
+ levels: LevelDef[];
49
+ defaults: ApplicationDefaults;
50
+ seedRoles: SeedRole[];
51
+ status: ApplicationStatus;
52
+ createdAt?: number;
53
+ updatedAt?: number;
54
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,13 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import { PermissionKind } from '../enums/PermissionKind';
3
+ export interface ApplicationPermission {
4
+ applicationId: string;
5
+ permissionKey: string;
6
+ displayName: string;
7
+ description: string;
8
+ scope: PermissionScope;
9
+ kind: PermissionKind;
10
+ category?: string;
11
+ createdAt?: number;
12
+ updatedAt?: number;
13
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,22 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import type { LevelDef, ApplicationDefaults, SeedRole } from './Application';
3
+ export interface CreateApplicationRequest {
4
+ applicationId: string;
5
+ displayName: string;
6
+ levels: LevelDef[];
7
+ defaults?: ApplicationDefaults;
8
+ seedRoles?: SeedRole[];
9
+ }
10
+ export interface UpdateApplicationRequest {
11
+ displayName?: string;
12
+ levels?: LevelDef[];
13
+ defaults?: ApplicationDefaults;
14
+ seedRoles?: SeedRole[];
15
+ }
16
+ export interface UpsertApplicationPermissionRequest {
17
+ permissionKey: string;
18
+ displayName: string;
19
+ description: string;
20
+ scope: PermissionScope;
21
+ category?: string;
22
+ }
@@ -0,0 +1,2 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
@@ -0,0 +1,5 @@
1
+ /** Estado de una aplicación (plantilla). Archivar en vez de borrar si tiene tenants. DEC-RBAC-031. */
2
+ export declare enum ApplicationStatus {
3
+ ACTIVE = "ACTIVE",
4
+ ARCHIVED = "ARCHIVED"
5
+ }
@@ -0,0 +1,9 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.ApplicationStatus = void 0;
4
+ /** Estado de una aplicación (plantilla). Archivar en vez de borrar si tiene tenants. DEC-RBAC-031. */
5
+ var ApplicationStatus;
6
+ (function (ApplicationStatus) {
7
+ ApplicationStatus["ACTIVE"] = "ACTIVE";
8
+ ApplicationStatus["ARCHIVED"] = "ARCHIVED";
9
+ })(ApplicationStatus || (exports.ApplicationStatus = ApplicationStatus = {}));
@@ -0,0 +1,9 @@
1
+ /**
2
+ * Clase de un permiso del catálogo (DEC-RBAC-033).
3
+ * SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
4
+ * CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
5
+ */
6
+ export declare enum PermissionKind {
7
+ SYSTEM = "SYSTEM",
8
+ CUSTOM = "CUSTOM"
9
+ }
@@ -0,0 +1,13 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.PermissionKind = void 0;
4
+ /**
5
+ * Clase de un permiso del catálogo (DEC-RBAC-033).
6
+ * SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
7
+ * CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
8
+ */
9
+ var PermissionKind;
10
+ (function (PermissionKind) {
11
+ PermissionKind["SYSTEM"] = "SYSTEM";
12
+ PermissionKind["CUSTOM"] = "CUSTOM";
13
+ })(PermissionKind || (exports.PermissionKind = PermissionKind = {}));
@@ -2,11 +2,20 @@
2
2
  * Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
3
3
  * Jerarquía agents: PLATFORM > TENANT > GROUP.
4
4
  * Componente 01 spec.
5
+ *
6
+ * Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
7
+ * (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
8
+ * su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
9
+ * cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
10
+ * Los niveles legacy se conservan para no romper retail/agents existentes.
5
11
  */
6
12
  export declare enum PermissionScope {
7
13
  PLATFORM = "PLATFORM",
8
14
  TENANT = "TENANT",
9
15
  RETAILER = "RETAILER",
10
16
  STORE = "STORE",
11
- GROUP = "GROUP"
17
+ GROUP = "GROUP",
18
+ LEVEL_1 = "LEVEL_1",
19
+ LEVEL_2 = "LEVEL_2",
20
+ LEVEL_3 = "LEVEL_3"
12
21
  }
@@ -5,6 +5,12 @@ exports.PermissionScope = void 0;
5
5
  * Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
6
6
  * Jerarquía agents: PLATFORM > TENANT > GROUP.
7
7
  * Componente 01 spec.
8
+ *
9
+ * Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
10
+ * (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
11
+ * su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
12
+ * cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
13
+ * Los niveles legacy se conservan para no romper retail/agents existentes.
8
14
  */
9
15
  var PermissionScope;
10
16
  (function (PermissionScope) {
@@ -13,4 +19,7 @@ var PermissionScope;
13
19
  PermissionScope["RETAILER"] = "RETAILER";
14
20
  PermissionScope["STORE"] = "STORE";
15
21
  PermissionScope["GROUP"] = "GROUP";
22
+ PermissionScope["LEVEL_1"] = "LEVEL_1";
23
+ PermissionScope["LEVEL_2"] = "LEVEL_2";
24
+ PermissionScope["LEVEL_3"] = "LEVEL_3";
16
25
  })(PermissionScope || (exports.PermissionScope = PermissionScope = {}));
@@ -34,3 +34,8 @@ export type { UserFieldDef } from './dtos/UserFieldDef';
34
34
  export * from './dtos/CreateUserFieldRequest';
35
35
  export * from './dtos/UpdateUserFieldRequest';
36
36
  export type { InjectableUserAttributesResponse } from './dtos/InjectableUserAttributesResponse';
37
+ export * from './enums/ApplicationStatus';
38
+ export * from './enums/PermissionKind';
39
+ export type { LevelDef, ApplicationSecurityPolicyDefault, ApplicationBrandingDefault, ApplicationDefaults, SeedRole, Application, } from './application/Application';
40
+ export type { ApplicationPermission } from './application/ApplicationPermission';
41
+ export type { CreateApplicationRequest, UpdateApplicationRequest, UpsertApplicationPermissionRequest, } from './application/requests';
@@ -81,3 +81,8 @@ Object.defineProperty(exports, "UserFieldType", { enumerable: true, get: functio
81
81
  // InjectableUserAttributesResponse es interface plain (consumida por jwt-inyector) → type-only.
82
82
  __exportStar(require("./dtos/CreateUserFieldRequest"), exports);
83
83
  __exportStar(require("./dtos/UpdateUserFieldRequest"), exports);
84
+ // Aplicación + niveles genéricos (sub-proyecto #1 de platform-rbac-business, DEC-RBAC-030/031/033).
85
+ // ApplicationStatus/PermissionKind son enums (export de valor); Application, ApplicationPermission y
86
+ // los requests son interfaces plain (sin decoradores class-validator) → type-only.
87
+ __exportStar(require("./enums/ApplicationStatus"), exports);
88
+ __exportStar(require("./enums/PermissionKind"), exports);
@@ -49,5 +49,10 @@ function scopeRankOrder() {
49
49
  if (!order.includes(lvl))
50
50
  order.push(lvl);
51
51
  }
52
+ // DEC-RBAC-032: niveles genéricos al final del orden total (UI/ranking). Append-only, después de los legacy.
53
+ for (const lvl of [PermissionScope_1.PermissionScope.LEVEL_1, PermissionScope_1.PermissionScope.LEVEL_2, PermissionScope_1.PermissionScope.LEVEL_3]) {
54
+ if (!order.includes(lvl))
55
+ order.push(lvl);
56
+ }
52
57
  return order;
53
58
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@fiado/type-kit",
3
- "version": "3.109.0",
3
+ "version": "3.110.0",
4
4
  "description": "",
5
5
  "main": "bin/index.js",
6
6
  "types": "bin/index.d.ts",
@@ -0,0 +1,41 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import { ApplicationStatus } from '../enums/ApplicationStatus';
3
+ import type { UserFieldDef } from '../dtos/UserFieldDef';
4
+ import type { TokenValidationMode } from '../enums/TokenValidationMode';
5
+
6
+ export interface LevelDef {
7
+ level: PermissionScope; // LEVEL_1 | LEVEL_2 | LEVEL_3
8
+ displayName: string;
9
+ }
10
+
11
+ export interface ApplicationSecurityPolicyDefault {
12
+ mfaRequired?: boolean;
13
+ methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
14
+ defaultPreferred?: 'TOTP' | 'EMAIL';
15
+ sessionTimeoutMin?: number;
16
+ passwordPolicy?: { minLength: number; requireSymbol: boolean; requireNumber: boolean; requireUppercase: boolean };
17
+ }
18
+
19
+ export interface ApplicationBrandingDefault {
20
+ logoUrl?: string; primaryColor?: string; secondaryColor?: string; accentColor?: string;
21
+ logoWidth?: number; faviconUrl?: string; webappBaseUrl?: string;
22
+ }
23
+
24
+ export interface ApplicationDefaults {
25
+ externalScopeLevels?: PermissionScope[];
26
+ userFieldDefs?: UserFieldDef[];
27
+ securityPolicy?: ApplicationSecurityPolicyDefault;
28
+ brandingConfig?: ApplicationBrandingDefault;
29
+ tokenValidationMode?: TokenValidationMode;
30
+ }
31
+
32
+ export interface SeedRole {
33
+ roleId: string; displayName: string; description?: string;
34
+ permissions: string[]; scope: PermissionScope; isSystem: boolean;
35
+ }
36
+
37
+ export interface Application {
38
+ applicationId: string; displayName: string; levels: LevelDef[];
39
+ defaults: ApplicationDefaults; seedRoles: SeedRole[]; status: ApplicationStatus;
40
+ createdAt?: number; updatedAt?: number;
41
+ }
@@ -0,0 +1,8 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import { PermissionKind } from '../enums/PermissionKind';
3
+
4
+ export interface ApplicationPermission {
5
+ applicationId: string; permissionKey: string; displayName: string; description: string;
6
+ scope: PermissionScope; kind: PermissionKind; category?: string;
7
+ createdAt?: number; updatedAt?: number;
8
+ }
@@ -0,0 +1,13 @@
1
+ import { PermissionScope } from '../enums/PermissionScope';
2
+ import type { LevelDef, ApplicationDefaults, SeedRole } from './Application';
3
+
4
+ export interface CreateApplicationRequest {
5
+ applicationId: string; displayName: string; levels: LevelDef[];
6
+ defaults?: ApplicationDefaults; seedRoles?: SeedRole[];
7
+ }
8
+ export interface UpdateApplicationRequest {
9
+ displayName?: string; levels?: LevelDef[]; defaults?: ApplicationDefaults; seedRoles?: SeedRole[];
10
+ }
11
+ export interface UpsertApplicationPermissionRequest {
12
+ permissionKey: string; displayName: string; description: string; scope: PermissionScope; category?: string;
13
+ }
@@ -0,0 +1,5 @@
1
+ /** Estado de una aplicación (plantilla). Archivar en vez de borrar si tiene tenants. DEC-RBAC-031. */
2
+ export enum ApplicationStatus {
3
+ ACTIVE = 'ACTIVE',
4
+ ARCHIVED = 'ARCHIVED',
5
+ }
@@ -0,0 +1,9 @@
1
+ /**
2
+ * Clase de un permiso del catálogo (DEC-RBAC-033).
3
+ * SYSTEM: gestión del propio RBAC, key inmutable y no borrable (gatea endpoints del lambda).
4
+ * CUSTOM: negocio de la app protegida, CRUD libre (lo enforza la app de destino).
5
+ */
6
+ export enum PermissionKind {
7
+ SYSTEM = 'SYSTEM',
8
+ CUSTOM = 'CUSTOM',
9
+ }
@@ -2,6 +2,12 @@
2
2
  * Jerarquía retail: PLATFORM > TENANT > RETAILER > STORE.
3
3
  * Jerarquía agents: PLATFORM > TENANT > GROUP.
4
4
  * Componente 01 spec.
5
+ *
6
+ * Modelo genérico de aplicación (DEC-RBAC-032): además de los niveles legacy
7
+ * (RETAILER/STORE/GROUP, atados a tenant-types concretos), una aplicación define
8
+ * su jerarquía DEBAJO de TENANT con niveles genéricos LEVEL_1 > LEVEL_2 > LEVEL_3,
9
+ * cuyo `displayName` lo decide cada aplicación (ver LevelDef en application/Application).
10
+ * Los niveles legacy se conservan para no romper retail/agents existentes.
5
11
  */
6
12
  export enum PermissionScope {
7
13
  PLATFORM = 'PLATFORM',
@@ -9,4 +15,7 @@ export enum PermissionScope {
9
15
  RETAILER = 'RETAILER',
10
16
  STORE = 'STORE',
11
17
  GROUP = 'GROUP',
18
+ LEVEL_1 = 'LEVEL_1',
19
+ LEVEL_2 = 'LEVEL_2',
20
+ LEVEL_3 = 'LEVEL_3',
12
21
  }
@@ -73,3 +73,23 @@ export type { UserFieldDef } from './dtos/UserFieldDef';
73
73
  export * from './dtos/CreateUserFieldRequest';
74
74
  export * from './dtos/UpdateUserFieldRequest';
75
75
  export type { InjectableUserAttributesResponse } from './dtos/InjectableUserAttributesResponse';
76
+
77
+ // Aplicación + niveles genéricos (sub-proyecto #1 de platform-rbac-business, DEC-RBAC-030/031/033).
78
+ // ApplicationStatus/PermissionKind son enums (export de valor); Application, ApplicationPermission y
79
+ // los requests son interfaces plain (sin decoradores class-validator) → type-only.
80
+ export * from './enums/ApplicationStatus';
81
+ export * from './enums/PermissionKind';
82
+ export type {
83
+ LevelDef,
84
+ ApplicationSecurityPolicyDefault,
85
+ ApplicationBrandingDefault,
86
+ ApplicationDefaults,
87
+ SeedRole,
88
+ Application,
89
+ } from './application/Application';
90
+ export type { ApplicationPermission } from './application/ApplicationPermission';
91
+ export type {
92
+ CreateApplicationRequest,
93
+ UpdateApplicationRequest,
94
+ UpsertApplicationPermissionRequest,
95
+ } from './application/requests';
@@ -53,5 +53,9 @@ export function scopeRankOrder(): PermissionScope[] {
53
53
  for (const def of Object.values(TENANT_TYPES)) {
54
54
  for (const lvl of def.levels) if (!order.includes(lvl)) order.push(lvl);
55
55
  }
56
+ // DEC-RBAC-032: niveles genéricos al final del orden total (UI/ranking). Append-only, después de los legacy.
57
+ for (const lvl of [PermissionScope.LEVEL_1, PermissionScope.LEVEL_2, PermissionScope.LEVEL_3]) {
58
+ if (!order.includes(lvl)) order.push(lvl);
59
+ }
56
60
  return order;
57
61
  }