@fiado/type-kit 3.118.0 → 3.120.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_test_/unit/platformRbac/dtos/CreateTenantRequest.test.ts +4 -11
- package/_test_/unit/platformRbac/dtos/UpdateTenantAutoregisterRequest.test.ts +71 -0
- package/_test_/unit/platformRbac/enums/__snapshots__/permissionBits.test.ts.snap +2 -1
- package/_test_/unit/platformRbac/enums/autoregisterPermission.test.ts +15 -0
- package/bin/index.d.ts +2 -0
- package/bin/index.js +4 -2
- package/bin/offices/dtos/CreateOfficeRequest.d.ts +15 -0
- package/bin/offices/dtos/CreateOfficeRequest.js +58 -0
- package/bin/offices/dtos/OfficeDto.d.ts +16 -0
- package/bin/offices/dtos/OfficeDto.js +10 -0
- package/bin/offices/dtos/UpdateOfficeRequest.d.ts +15 -0
- package/bin/offices/dtos/UpdateOfficeRequest.js +60 -0
- package/bin/offices/enums/OfficeStatusEnum.d.ts +4 -0
- package/bin/offices/enums/OfficeStatusEnum.js +8 -0
- package/bin/offices/index.d.ts +4 -0
- package/bin/offices/index.js +22 -0
- package/bin/places/dtos/EstablishmentDto.d.ts +20 -0
- package/bin/places/dtos/EstablishmentDto.js +10 -0
- package/bin/places/dtos/GetNearbyPlacesRequest.d.ts +10 -0
- package/bin/places/dtos/GetNearbyPlacesRequest.js +39 -0
- package/bin/places/dtos/GetNearbyPlacesResponse.d.ts +9 -0
- package/bin/places/dtos/GetNearbyPlacesResponse.js +9 -0
- package/bin/places/dtos/ReportPlaceRequest.d.ts +12 -0
- package/bin/places/dtos/ReportPlaceRequest.js +44 -0
- package/bin/places/dtos/ReportedPlaceDto.d.ts +14 -0
- package/bin/places/dtos/ReportedPlaceDto.js +10 -0
- package/bin/places/dtos/ResolveReportedPlaceRequest.d.ts +10 -0
- package/bin/places/dtos/ResolveReportedPlaceRequest.js +35 -0
- package/bin/places/enums/EstablishmentBrandEnum.d.ts +6 -0
- package/bin/places/enums/EstablishmentBrandEnum.js +11 -0
- package/bin/places/enums/PlaceTypeEnum.d.ts +4 -0
- package/bin/places/enums/PlaceTypeEnum.js +8 -0
- package/bin/places/enums/ReportReasonEnum.d.ts +5 -0
- package/bin/places/enums/ReportReasonEnum.js +9 -0
- package/bin/places/enums/ResolveReportedActionEnum.d.ts +4 -0
- package/bin/places/enums/ResolveReportedActionEnum.js +8 -0
- package/bin/places/index.d.ts +10 -0
- package/bin/places/index.js +28 -0
- package/bin/platformRbac/application/Application.d.ts +0 -10
- package/bin/platformRbac/dtos/CreateTenantRequest.d.ts +0 -2
- package/bin/platformRbac/dtos/CreateTenantRequest.js +0 -13
- package/bin/platformRbac/dtos/UpdateTenantAutoregisterRequest.d.ts +26 -0
- package/bin/platformRbac/dtos/UpdateTenantAutoregisterRequest.js +73 -0
- package/bin/platformRbac/enums/Permission.d.ts +1 -0
- package/bin/platformRbac/enums/Permission.js +6 -0
- package/bin/platformRbac/index.d.ts +1 -0
- package/bin/platformRbac/index.js +4 -0
- package/package.json +1 -1
- package/src/index.ts +2 -0
- package/src/offices/dtos/CreateOfficeRequest.ts +39 -0
- package/src/offices/dtos/OfficeDto.ts +17 -0
- package/src/offices/dtos/UpdateOfficeRequest.ts +41 -0
- package/src/offices/enums/OfficeStatusEnum.ts +4 -0
- package/src/offices/index.ts +7 -0
- package/src/places/dtos/EstablishmentDto.ts +21 -0
- package/src/places/dtos/GetNearbyPlacesRequest.ts +23 -0
- package/src/places/dtos/GetNearbyPlacesResponse.ts +10 -0
- package/src/places/dtos/ReportPlaceRequest.ts +27 -0
- package/src/places/dtos/ReportedPlaceDto.ts +14 -0
- package/src/places/dtos/ResolveReportedPlaceRequest.ts +19 -0
- package/src/places/enums/EstablishmentBrandEnum.ts +7 -0
- package/src/places/enums/PlaceTypeEnum.ts +4 -0
- package/src/places/enums/ReportReasonEnum.ts +5 -0
- package/src/places/enums/ResolveReportedActionEnum.ts +4 -0
- package/src/places/index.ts +13 -0
- package/src/platformRbac/application/Application.ts +4 -5
- package/src/platformRbac/dtos/CreateTenantRequest.ts +4 -3
- package/src/platformRbac/dtos/UpdateTenantAutoregisterRequest.ts +46 -0
- package/src/platformRbac/enums/Permission.ts +6 -0
- package/src/platformRbac/index.ts +5 -0
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Expose } from 'class-transformer';
|
|
2
|
-
import {
|
|
2
|
+
import { IsEmail, IsEnum, IsOptional, IsString, Matches } from 'class-validator';
|
|
3
3
|
import { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
4
4
|
import { TenantType } from '../tenantTypes';
|
|
5
5
|
|
|
@@ -17,8 +17,9 @@ export class CreateTenantRequest {
|
|
|
17
17
|
@Expose() @IsEmail() adminEmail!: string;
|
|
18
18
|
@Expose() @IsString() adminName!: string;
|
|
19
19
|
@Expose() @IsString() region!: string;
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
// DEC-RBAC-051: mfaRequired purgado de TODO el repo (write-only sin enforcement).
|
|
21
|
+
// DEC-RBAC-052: passwordMinLength purgado — la política de password es global (env vars) y la
|
|
22
|
+
// enforce Cognito (política nativa del pool), ya no es per-tenant en el create.
|
|
22
23
|
@Expose() @IsOptional() @IsEnum(TokenValidationMode) tokenValidationMode?: TokenValidationMode;
|
|
23
24
|
/** Tipo de tenant a crear. Si se omite, el onboarding aplica su default (hoy: retail). */
|
|
24
25
|
@Expose() @IsOptional() @IsEnum(TenantType) tenantType?: TenantType;
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { Expose, Type } from 'class-transformer';
|
|
2
|
+
import {
|
|
3
|
+
IsArray,
|
|
4
|
+
IsBoolean,
|
|
5
|
+
IsEnum,
|
|
6
|
+
IsInt,
|
|
7
|
+
IsNotEmpty,
|
|
8
|
+
IsOptional,
|
|
9
|
+
IsString,
|
|
10
|
+
Min,
|
|
11
|
+
ValidateNested,
|
|
12
|
+
} from 'class-validator';
|
|
13
|
+
import { PermissionScope } from '../enums/PermissionScope';
|
|
14
|
+
|
|
15
|
+
/**
|
|
16
|
+
* Un rol auto-asignable de la allowlist anti-escalación (DEC-RBAC-038). Espejo validado de
|
|
17
|
+
* `AutoregisterAllowedRole` (interface plain de application/Application), usado como body de un
|
|
18
|
+
* endpoint backoffice → se hidrata con plainToInstance y se valida con class-validator.
|
|
19
|
+
*/
|
|
20
|
+
export class UpdateTenantAutoregisterAllowedRole {
|
|
21
|
+
@Expose() @IsString() @IsNotEmpty() roleId!: string;
|
|
22
|
+
@Expose() @IsEnum(PermissionScope) scope!: PermissionScope;
|
|
23
|
+
@Expose() @IsOptional() @IsArray() @IsString({ each: true }) allowedScopeRefs?: string[];
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
/**
|
|
27
|
+
* Body del PUT /tenants/{tenantId}/autoregister (backoffice, operación solo-platform — DEC-RBAC-050).
|
|
28
|
+
* Edita la config de autoregistro self-service del tenant (DEC-RBAC-038): master switch `enabled`,
|
|
29
|
+
* la allowlist anti-escalación `allowedRoles` (cada rol ⊆ roles del tenant — validado server-side) y
|
|
30
|
+
* el TTL del OTP. El permiso requerido es `platform.tenant.autoregister.manage` (scope PLATFORM): la
|
|
31
|
+
* allowlist es un catálogo centralizado/platform, no una config cosmética per-tenant.
|
|
32
|
+
*
|
|
33
|
+
* Se separa de `AutoregisterConfig` (interface plain, sin validators) porque éste es un boundary de
|
|
34
|
+
* entrada del lambda y debe validarse con class-validator (regla entradas tipadas + validadas).
|
|
35
|
+
*/
|
|
36
|
+
export class UpdateTenantAutoregisterRequest {
|
|
37
|
+
@Expose() @IsBoolean() enabled!: boolean;
|
|
38
|
+
|
|
39
|
+
@Expose()
|
|
40
|
+
@IsArray()
|
|
41
|
+
@ValidateNested({ each: true })
|
|
42
|
+
@Type(() => UpdateTenantAutoregisterAllowedRole)
|
|
43
|
+
allowedRoles!: UpdateTenantAutoregisterAllowedRole[];
|
|
44
|
+
|
|
45
|
+
@Expose() @IsOptional() @IsInt() @Min(1) otpTtlSeconds?: number;
|
|
46
|
+
}
|
|
@@ -63,6 +63,9 @@ export enum Permission {
|
|
|
63
63
|
PLATFORM_ROLE_DELETE = 'platform.role.delete',
|
|
64
64
|
PLATFORM_AUDIT_VIEW = 'platform.audit.view',
|
|
65
65
|
PLATFORM_TENANT_USERFIELDS_MANAGE = 'platform.tenant.userfields.manage',
|
|
66
|
+
// DEC-RBAC-050: edición del autoregistro self-service del tenant (allowlist anti-escalación
|
|
67
|
+
// centralizada/platform). Espejo EXACTO de PLATFORM_TENANT_USERFIELDS_MANAGE (scope PLATFORM).
|
|
68
|
+
PLATFORM_TENANT_AUTOREGISTER_MANAGE = 'platform.tenant.autoregister.manage',
|
|
66
69
|
// DEC-RBAC-036: gestión de aplicaciones (plantillas) — reemplaza el reuso de rbac.catalog.manage en /applications.
|
|
67
70
|
PLATFORM_APPLICATION_MANAGE = 'platform.application.manage',
|
|
68
71
|
|
|
@@ -351,6 +354,9 @@ export const PERMISSION_BIT_ORDER: readonly Permission[] = [
|
|
|
351
354
|
// Append-only 2026-06-24 (DEC-RBAC-038): gestión de scope-entities de nivel genérico (scope-bound).
|
|
352
355
|
// Al FINAL para no correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
353
356
|
Permission.TENANT_LEVEL_MANAGE,
|
|
357
|
+
// Append-only 2026-06-25 (DEC-RBAC-050): edición del autoregistro self-service del tenant (allowlist
|
|
358
|
+
// anti-escalación). Al FINAL para no correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
359
|
+
Permission.PLATFORM_TENANT_AUTOREGISTER_MANAGE,
|
|
354
360
|
] as const;
|
|
355
361
|
|
|
356
362
|
function djb2(input: string): number {
|
|
@@ -58,6 +58,11 @@ export type { CreateTenantResponse } from './dtos/CreateTenantResponse';
|
|
|
58
58
|
export * from './dtos/UpdateTenantSecurityPolicyRequest';
|
|
59
59
|
export type { TenantSecurityPolicyResponse } from './dtos/TenantSecurityPolicyResponse';
|
|
60
60
|
|
|
61
|
+
// Autoregistro editable por tenant (DEC-RBAC-050) — body del PUT backoffice /tenants/{id}/autoregister.
|
|
62
|
+
// UpdateTenantAutoregisterRequest + su nested AutoregisterAllowedRole llevan decoradores class-validator
|
|
63
|
+
// → export de valor (se hidratan con plainToInstance en runtime).
|
|
64
|
+
export * from './dtos/UpdateTenantAutoregisterRequest';
|
|
65
|
+
|
|
61
66
|
// A1 — registro data-driven de tenant-types (niveles debajo de TENANT, por tipo).
|
|
62
67
|
// Consumido por ScopeValidationService._rank vía scopeRankOrder() y por los seeds.
|
|
63
68
|
// Accesible bajo el namespace PlatformRbac (el index raíz hace export * as PlatformRbac).
|