@fiado/type-kit 3.123.0 → 3.125.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_test_/unit/platformRbac/enums/__snapshots__/permissionBits.test.ts.snap +37 -1
- package/bin/platformRbac/dtos/CreateTenantRequest.d.ts +4 -1
- package/bin/platformRbac/dtos/CreateTenantResponse.d.ts +14 -3
- package/bin/platformRbac/dtos/ResendOtpRequest.d.ts +22 -0
- package/bin/{walletFunding/dtos/CancelFundingRequest.js → platformRbac/dtos/ResendOtpRequest.js} +16 -13
- package/bin/platformRbac/dtos/ResendSelfRegisterOtpRequest.d.ts +11 -0
- package/bin/{walletFunding/dtos/CancelFundingReferenceRequest.js → platformRbac/dtos/ResendSelfRegisterOtpRequest.js} +18 -13
- package/bin/platformRbac/dtos/TenantDetailResponse.d.ts +19 -0
- package/bin/platformRbac/dtos/TenantDetailResponse.js +2 -0
- package/bin/platformRbac/dtos/TenantStatus.d.ts +12 -0
- package/bin/platformRbac/dtos/TenantStatus.js +2 -0
- package/bin/platformRbac/dtos/VerifyTenantInfraResponse.d.ts +15 -0
- package/bin/platformRbac/dtos/VerifyTenantInfraResponse.js +2 -0
- package/bin/platformRbac/enums/Permission.d.ts +42 -1
- package/bin/platformRbac/enums/Permission.js +84 -0
- package/bin/platformRbac/enums/PermissionCategory.d.ts +6 -1
- package/bin/platformRbac/enums/PermissionCategory.js +7 -0
- package/bin/platformRbac/index.d.ts +3 -0
- package/bin/platformRbac/tenantTypes.d.ts +6 -0
- package/bin/platformRbac/tenantTypes.js +6 -0
- package/package.json +1 -1
- package/src/platformRbac/dtos/CreateTenantRequest.ts +4 -1
- package/src/platformRbac/dtos/CreateTenantResponse.ts +15 -3
- package/src/platformRbac/dtos/TenantDetailResponse.ts +20 -0
- package/src/platformRbac/dtos/TenantStatus.ts +12 -0
- package/src/platformRbac/dtos/VerifyTenantInfraResponse.ts +16 -0
- package/src/platformRbac/enums/Permission.ts +85 -0
- package/src/platformRbac/enums/PermissionCategory.ts +7 -0
- package/src/platformRbac/index.ts +4 -0
- package/src/platformRbac/tenantTypes.ts +6 -0
- package/bin/walletFunding/dtos/CancelFundingReferenceRequest.d.ts +0 -6
- package/bin/walletFunding/dtos/CancelFundingReferenceResponse.d.ts +0 -7
- package/bin/walletFunding/dtos/CancelFundingReferenceResponse.js +0 -6
- package/bin/walletFunding/dtos/CancelFundingRequest.d.ts +0 -11
- package/bin/walletFunding/dtos/CancelFundingResponse.d.ts +0 -14
- package/bin/walletFunding/dtos/CancelFundingResponse.js +0 -12
- package/bin/walletFunding/dtos/CancelWalletFundingRequest.d.ts +0 -3
- package/bin/walletFunding/dtos/CancelWalletFundingRequest.js +0 -21
- package/bin/walletFunding/dtos/CancelWalletFundingResponse.d.ts +0 -7
- package/bin/walletFunding/dtos/CancelWalletFundingResponse.js +0 -6
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
// Jest Snapshot v1, https://jestjs.io/docs/snapshot-testing
|
|
2
2
|
|
|
3
|
-
exports[`PERMISSION_BIT_ORDER PERMS_VERSION es número estable 1`] = `
|
|
3
|
+
exports[`PERMISSION_BIT_ORDER PERMS_VERSION es número estable 1`] = `1703336986`;
|
|
4
4
|
|
|
5
5
|
exports[`PERMISSION_BIT_ORDER append-only: snapshot del ORDEN COMPLETO (rompe ante cualquier reorden/inserción) 1`] = `
|
|
6
6
|
[
|
|
@@ -126,5 +126,41 @@ exports[`PERMISSION_BIT_ORDER append-only: snapshot del ORDEN COMPLETO (rompe an
|
|
|
126
126
|
"platform.application.manage",
|
|
127
127
|
"tenant.level.manage",
|
|
128
128
|
"platform.tenant.autoregister.manage",
|
|
129
|
+
"level1.user.create",
|
|
130
|
+
"level1.user.read",
|
|
131
|
+
"level1.user.update",
|
|
132
|
+
"level1.user.delete",
|
|
133
|
+
"level1.role.create",
|
|
134
|
+
"level1.role.list",
|
|
135
|
+
"level1.role.view",
|
|
136
|
+
"level1.role.update",
|
|
137
|
+
"level1.role.delete",
|
|
138
|
+
"level1.role.assign",
|
|
139
|
+
"level1.role.revoke",
|
|
140
|
+
"level1.audit.view",
|
|
141
|
+
"level2.user.create",
|
|
142
|
+
"level2.user.read",
|
|
143
|
+
"level2.user.update",
|
|
144
|
+
"level2.user.delete",
|
|
145
|
+
"level2.role.create",
|
|
146
|
+
"level2.role.list",
|
|
147
|
+
"level2.role.view",
|
|
148
|
+
"level2.role.update",
|
|
149
|
+
"level2.role.delete",
|
|
150
|
+
"level2.role.assign",
|
|
151
|
+
"level2.role.revoke",
|
|
152
|
+
"level2.audit.view",
|
|
153
|
+
"level3.user.create",
|
|
154
|
+
"level3.user.read",
|
|
155
|
+
"level3.user.update",
|
|
156
|
+
"level3.user.delete",
|
|
157
|
+
"level3.role.create",
|
|
158
|
+
"level3.role.list",
|
|
159
|
+
"level3.role.view",
|
|
160
|
+
"level3.role.update",
|
|
161
|
+
"level3.role.delete",
|
|
162
|
+
"level3.role.assign",
|
|
163
|
+
"level3.role.revoke",
|
|
164
|
+
"level3.audit.view",
|
|
129
165
|
]
|
|
130
166
|
`;
|
|
@@ -15,7 +15,10 @@ export declare class CreateTenantRequest {
|
|
|
15
15
|
adminName: string;
|
|
16
16
|
region: string;
|
|
17
17
|
tokenValidationMode?: TokenValidationMode;
|
|
18
|
-
/**
|
|
18
|
+
/**
|
|
19
|
+
* Tipo de tenant a crear. Si se omite, el onboarding aplica su default (hoy: retail).
|
|
20
|
+
* @deprecated DEC-RBAC-062/063: el alta se hace por `applicationId`; `tenantType` se elimina al consolidar niveles. Migración pendiente; no usar en código nuevo.
|
|
21
|
+
*/
|
|
19
22
|
tenantType?: TenantType;
|
|
20
23
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
21
24
|
applicationId?: string;
|
|
@@ -1,12 +1,23 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
1
2
|
/**
|
|
2
3
|
* Output del POST backoffice de creación de tenant (F-11). Response plain sin validators
|
|
3
4
|
* (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
5
|
+
*
|
|
6
|
+
* DEC-RBAC-058 (aditivo): el response expone el `status` resultante; si quedó `pending-infra`,
|
|
7
|
+
* viaja `infraRequirements` con las tablas del silo faltantes. `adminCognitoSub`/`temporaryPassword`
|
|
8
|
+
* pasan a OPCIONALES (no se quitan): el alta clásica con admin los setea; el alta sin admin
|
|
9
|
+
* (DEC-RBAC-057) no. `status`/`infraRequirements` son opcionales para back-compat con el alta clásica.
|
|
4
10
|
*/
|
|
5
11
|
export interface CreateTenantResponse {
|
|
6
12
|
tenantId: string;
|
|
7
13
|
userPoolId: string;
|
|
8
14
|
appClientId: string;
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
15
|
+
/** Presente en el alta CON admin (flujo clásico F-11). Opcional: el alta sin admin (DEC-RBAC-057) no lo setea. */
|
|
16
|
+
adminCognitoSub?: string;
|
|
17
|
+
/** Fallback out-of-band mientras el correo de invitación no entrega (F-11). Opcional (ver adminCognitoSub). */
|
|
18
|
+
temporaryPassword?: string;
|
|
19
|
+
/** Estado resultante del onboarding (DEC-RBAC-058). Opcional para back-compat; `active` o `pending-infra` en el happy path. */
|
|
20
|
+
status?: TenantStatus;
|
|
21
|
+
/** Nombres de tablas del silo faltantes. Presente solo cuando `status === 'pending-infra'` (DEC-RBAC-058). */
|
|
22
|
+
infraRequirements?: string[];
|
|
12
23
|
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { MfaMethodEnum } from '../enums/MfaMethodEnum';
|
|
2
|
+
/**
|
|
3
|
+
* Body del POST /auth/resend-otp (público, anónimo). DEC-RBAC-054.
|
|
4
|
+
* Reenvía el OTP del login re-disparando el challenge real CUSTOM_AUTH (EMAIL_OTP) para la
|
|
5
|
+
* identidad SIN password. `tenantId` obligatorio (DEC-064 — el picker ya lo resolvió, NO "solo email").
|
|
6
|
+
* El email se normaliza lowercase server-side. Postura anti-enumeración: respuesta 200 genérica
|
|
7
|
+
* siempre, sin filtrar existencia (ver AuthLoginManager.resendChallengeOtp).
|
|
8
|
+
*/
|
|
9
|
+
export declare class ResendOtpRequest {
|
|
10
|
+
email: string;
|
|
11
|
+
tenantId: string;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Respuesta del resend-otp. `session`/`mfaMethod` frescos del nuevo challenge CUSTOM_AUTH.
|
|
15
|
+
* Plain sin validators (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
16
|
+
* Ambos opcionales: en los caminos de rechazo silencioso (anti-enumeración) o ramas sin CUSTOM_AUTH
|
|
17
|
+
* el server responde 200 genérico sin session ni método.
|
|
18
|
+
*/
|
|
19
|
+
export interface ResendOtpResponse {
|
|
20
|
+
session?: string;
|
|
21
|
+
mfaMethod?: MfaMethodEnum;
|
|
22
|
+
}
|
package/bin/{walletFunding/dtos/CancelFundingRequest.js → platformRbac/dtos/ResendOtpRequest.js}
RENAMED
|
@@ -9,25 +9,28 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
12
|
+
exports.ResendOtpRequest = void 0;
|
|
13
|
+
const class_transformer_1 = require("class-transformer");
|
|
13
14
|
const class_validator_1 = require("class-validator");
|
|
14
15
|
/**
|
|
15
|
-
*
|
|
16
|
-
*
|
|
17
|
-
* `
|
|
18
|
-
*
|
|
19
|
-
*
|
|
16
|
+
* Body del POST /auth/resend-otp (público, anónimo). DEC-RBAC-054.
|
|
17
|
+
* Reenvía el OTP del login re-disparando el challenge real CUSTOM_AUTH (EMAIL_OTP) para la
|
|
18
|
+
* identidad SIN password. `tenantId` obligatorio (DEC-064 — el picker ya lo resolvió, NO "solo email").
|
|
19
|
+
* El email se normaliza lowercase server-side. Postura anti-enumeración: respuesta 200 genérica
|
|
20
|
+
* siempre, sin filtrar existencia (ver AuthLoginManager.resendChallengeOtp).
|
|
20
21
|
*/
|
|
21
|
-
class
|
|
22
|
+
class ResendOtpRequest {
|
|
22
23
|
}
|
|
23
|
-
exports.
|
|
24
|
+
exports.ResendOtpRequest = ResendOtpRequest;
|
|
24
25
|
__decorate([
|
|
25
|
-
(0,
|
|
26
|
-
(0, class_validator_1.
|
|
26
|
+
(0, class_transformer_1.Expose)(),
|
|
27
|
+
(0, class_validator_1.IsEmail)(),
|
|
28
|
+
(0, class_validator_1.IsNotEmpty)(),
|
|
27
29
|
__metadata("design:type", String)
|
|
28
|
-
],
|
|
30
|
+
], ResendOtpRequest.prototype, "email", void 0);
|
|
29
31
|
__decorate([
|
|
32
|
+
(0, class_transformer_1.Expose)(),
|
|
30
33
|
(0, class_validator_1.IsString)(),
|
|
31
|
-
(0, class_validator_1.
|
|
34
|
+
(0, class_validator_1.IsNotEmpty)(),
|
|
32
35
|
__metadata("design:type", String)
|
|
33
|
-
],
|
|
36
|
+
], ResendOtpRequest.prototype, "tenantId", void 0);
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Body del POST /self-register/resend-otp (público, anónimo). DEC-RBAC-054.
|
|
3
|
+
* Re-envía el OTP del autoregistro (mecanismo messages-business, NO Cognito) tras validar un
|
|
4
|
+
* `pending` existente. Misma postura anti-enumeración del start. El email se normaliza lowercase
|
|
5
|
+
* server-side. DTO propio por endpoint (NO reusa SelfRegisterStartRequest, que exige roleId/scope/
|
|
6
|
+
* scopeRef, ni SelfRegisterVerifyOtpRequest, que exige otp).
|
|
7
|
+
*/
|
|
8
|
+
export declare class ResendSelfRegisterOtpRequest {
|
|
9
|
+
tenantId: string;
|
|
10
|
+
email: string;
|
|
11
|
+
}
|
|
@@ -9,23 +9,28 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.
|
|
12
|
+
exports.ResendSelfRegisterOtpRequest = void 0;
|
|
13
|
+
const class_transformer_1 = require("class-transformer");
|
|
13
14
|
const class_validator_1 = require("class-validator");
|
|
14
|
-
|
|
15
|
+
/**
|
|
16
|
+
* Body del POST /self-register/resend-otp (público, anónimo). DEC-RBAC-054.
|
|
17
|
+
* Re-envía el OTP del autoregistro (mecanismo messages-business, NO Cognito) tras validar un
|
|
18
|
+
* `pending` existente. Misma postura anti-enumeración del start. El email se normaliza lowercase
|
|
19
|
+
* server-side. DTO propio por endpoint (NO reusa SelfRegisterStartRequest, que exige roleId/scope/
|
|
20
|
+
* scopeRef, ni SelfRegisterVerifyOtpRequest, que exige otp).
|
|
21
|
+
*/
|
|
22
|
+
class ResendSelfRegisterOtpRequest {
|
|
15
23
|
}
|
|
16
|
-
exports.
|
|
24
|
+
exports.ResendSelfRegisterOtpRequest = ResendSelfRegisterOtpRequest;
|
|
17
25
|
__decorate([
|
|
26
|
+
(0, class_transformer_1.Expose)(),
|
|
18
27
|
(0, class_validator_1.IsString)(),
|
|
19
|
-
(0, class_validator_1.
|
|
28
|
+
(0, class_validator_1.IsNotEmpty)(),
|
|
20
29
|
__metadata("design:type", String)
|
|
21
|
-
],
|
|
30
|
+
], ResendSelfRegisterOtpRequest.prototype, "tenantId", void 0);
|
|
22
31
|
__decorate([
|
|
23
|
-
(0,
|
|
24
|
-
(0, class_validator_1.
|
|
25
|
-
|
|
26
|
-
], CancelFundingReferenceRequest.prototype, "directoryId", void 0);
|
|
27
|
-
__decorate([
|
|
28
|
-
(0, class_validator_1.IsString)(),
|
|
29
|
-
(0, class_validator_1.MaxLength)(64),
|
|
32
|
+
(0, class_transformer_1.Expose)(),
|
|
33
|
+
(0, class_validator_1.IsEmail)(),
|
|
34
|
+
(0, class_validator_1.IsNotEmpty)(),
|
|
30
35
|
__metadata("design:type", String)
|
|
31
|
-
],
|
|
36
|
+
], ResendSelfRegisterOtpRequest.prototype, "email", void 0);
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
2
|
+
/**
|
|
3
|
+
* Output del GET backoffice de detalle de tenant (F-11). Response plain sin validators
|
|
4
|
+
* (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
5
|
+
*
|
|
6
|
+
* Superficie de contrato que el frontend consume para la feature de infra (DEC-RBAC-058/059):
|
|
7
|
+
* `status` (que ahora incluye `pending-infra`) e `infraRequirements` (tablas del silo faltantes,
|
|
8
|
+
* presente solo en `pending-infra`). El detalle completo del tenant (cognitoPool, branding,
|
|
9
|
+
* securityPolicy, etc.) lo arma el manager a partir del Row; este DTO declara los campos del
|
|
10
|
+
* contrato relevantes a la feature sin duplicar el shape interno del Row.
|
|
11
|
+
*/
|
|
12
|
+
export interface TenantDetailResponse {
|
|
13
|
+
tenantId: string;
|
|
14
|
+
displayName: string;
|
|
15
|
+
tablePrefix: string;
|
|
16
|
+
status: TenantStatus;
|
|
17
|
+
/** Nombres de tablas del silo faltantes. Presente solo cuando `status === 'pending-infra'`. */
|
|
18
|
+
infraRequirements?: string[];
|
|
19
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Estado de un tenant del platform-rbac-business (F-11 — onboarding de tenant).
|
|
3
|
+
*
|
|
4
|
+
* - `provisioning`: saga de onboarding en curso (estado transitorio).
|
|
5
|
+
* - `active`: tenant operativo (config + pool + roles sembrados).
|
|
6
|
+
* - `suspended`: tenant deshabilitado (saga abortada y compensada, o suspensión manual).
|
|
7
|
+
* - `pending-infra` (DEC-RBAC-058): el pre-check de infra encontró tablas del silo faltantes.
|
|
8
|
+
* El tenant quedó creado pero inutilizable hasta que infra cree las tablas; los nombres
|
|
9
|
+
* faltantes viajan en `infraRequirements`. No se sembraron roles. Re-verificable vía
|
|
10
|
+
* `POST /platform/tenants/{tenantId}/verify-infra` (DEC-RBAC-059).
|
|
11
|
+
*/
|
|
12
|
+
export type TenantStatus = 'provisioning' | 'active' | 'suspended' | 'pending-infra';
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
2
|
+
/**
|
|
3
|
+
* Output del POST backoffice `verify-infra` (DEC-RBAC-059) — re-verificación de la infra del silo
|
|
4
|
+
* de un tenant `pending-infra`. Response plain sin validators (fiado-validation-and-dtos § 7).
|
|
5
|
+
* El `tenantId` viaja en el path, no hay request DTO.
|
|
6
|
+
*
|
|
7
|
+
* - Si ya están todas las tablas → siembra roles diferida → `status === 'active'` (sin `infraRequirements`).
|
|
8
|
+
* - Si aún faltan → `status === 'pending-infra'` + `infraRequirements` con los faltantes actuales.
|
|
9
|
+
* - Si el tenant no estaba `pending-infra` → no-op idempotente: devuelve el status actual.
|
|
10
|
+
*/
|
|
11
|
+
export interface VerifyTenantInfraResponse {
|
|
12
|
+
status: TenantStatus;
|
|
13
|
+
/** Nombres de tablas del silo aún faltantes. Presente solo cuando `status === 'pending-infra'`. */
|
|
14
|
+
infraRequirements?: string[];
|
|
15
|
+
}
|
|
@@ -92,6 +92,7 @@ export declare enum Permission {
|
|
|
92
92
|
RETAIL_PRODUCT_VIEW = "retail.product.view",
|
|
93
93
|
RETAIL_PRODUCT_UPDATE = "retail.product.update",
|
|
94
94
|
RETAIL_PRODUCT_DELETE = "retail.product.delete",
|
|
95
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'retail.product.mdm.config' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
95
96
|
RETAIL_PRODUCT_MDM_CONFIG = "retail.product.mdm_config",
|
|
96
97
|
RETAIL_INVENTORY_LIST = "retail.inventory.list",
|
|
97
98
|
RETAIL_INVENTORY_VIEW = "retail.inventory.view",
|
|
@@ -117,16 +118,20 @@ export declare enum Permission {
|
|
|
117
118
|
MDM_DEVICE_DEACTIVATE = "mdm.device.deactivate",
|
|
118
119
|
MDM_DEVICE_LOCK_MANUAL = "mdm.device.lock.manual",
|
|
119
120
|
MDM_DEVICE_UNLOCK_MANUAL = "mdm.device.unlock.manual",
|
|
121
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.pin.unlock' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
120
122
|
MDM_DEVICE_PIN_UNLOCK = "mdm.device.pin_unlock",
|
|
123
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.extend.validity' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
121
124
|
MDM_DEVICE_EXTEND_VALIDITY = "mdm.device.extend_validity",
|
|
122
125
|
MDM_DEVICE_NOTIFY = "mdm.device.notify",
|
|
123
126
|
MDM_DEVICE_STATUS_VIEW = "mdm.device.status.view",
|
|
127
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.operation.log.view' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
124
128
|
MDM_OPERATION_LOG_VIEW = "mdm.operation_log.view",
|
|
125
129
|
MDM_TEST = "mdm.test",
|
|
126
130
|
PAY_TRANSACTION_VIEW = "pay.transaction.view",
|
|
127
131
|
AGENTS_APP_ACCESS = "agents.app.access",
|
|
128
132
|
AGENTS_AGENT_LIST = "agents.agent.list",
|
|
129
133
|
AGENTS_AGENT_CREATE = "agents.agent.create",
|
|
134
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'agents.agent.create.bulk' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
130
135
|
AGENTS_AGENT_CREATE_BULK = "agents.agent.create_bulk",
|
|
131
136
|
AGENTS_AGENT_MOVE = "agents.agent.move",
|
|
132
137
|
AGENTS_AGENT_DELETE = "agents.agent.delete",
|
|
@@ -150,7 +155,43 @@ export declare enum Permission {
|
|
|
150
155
|
AGENTS_EXPORT_RUN = "agents.export.run",
|
|
151
156
|
AGENTS_CATALOG_VIEW = "agents.catalog.view",
|
|
152
157
|
AGENTS_GROUP_MANAGE = "agents.group.manage",
|
|
153
|
-
AGENTS_GROUP_USER_MANAGE = "agents.group.user.manage"
|
|
158
|
+
AGENTS_GROUP_USER_MANAGE = "agents.group.user.manage",
|
|
159
|
+
LEVEL1_USER_CREATE = "level1.user.create",
|
|
160
|
+
LEVEL1_USER_READ = "level1.user.read",
|
|
161
|
+
LEVEL1_USER_UPDATE = "level1.user.update",
|
|
162
|
+
LEVEL1_USER_DELETE = "level1.user.delete",
|
|
163
|
+
LEVEL1_ROLE_CREATE = "level1.role.create",
|
|
164
|
+
LEVEL1_ROLE_LIST = "level1.role.list",
|
|
165
|
+
LEVEL1_ROLE_VIEW = "level1.role.view",
|
|
166
|
+
LEVEL1_ROLE_UPDATE = "level1.role.update",
|
|
167
|
+
LEVEL1_ROLE_DELETE = "level1.role.delete",
|
|
168
|
+
LEVEL1_ROLE_ASSIGN = "level1.role.assign",
|
|
169
|
+
LEVEL1_ROLE_REVOKE = "level1.role.revoke",
|
|
170
|
+
LEVEL1_AUDIT_VIEW = "level1.audit.view",
|
|
171
|
+
LEVEL2_USER_CREATE = "level2.user.create",
|
|
172
|
+
LEVEL2_USER_READ = "level2.user.read",
|
|
173
|
+
LEVEL2_USER_UPDATE = "level2.user.update",
|
|
174
|
+
LEVEL2_USER_DELETE = "level2.user.delete",
|
|
175
|
+
LEVEL2_ROLE_CREATE = "level2.role.create",
|
|
176
|
+
LEVEL2_ROLE_LIST = "level2.role.list",
|
|
177
|
+
LEVEL2_ROLE_VIEW = "level2.role.view",
|
|
178
|
+
LEVEL2_ROLE_UPDATE = "level2.role.update",
|
|
179
|
+
LEVEL2_ROLE_DELETE = "level2.role.delete",
|
|
180
|
+
LEVEL2_ROLE_ASSIGN = "level2.role.assign",
|
|
181
|
+
LEVEL2_ROLE_REVOKE = "level2.role.revoke",
|
|
182
|
+
LEVEL2_AUDIT_VIEW = "level2.audit.view",
|
|
183
|
+
LEVEL3_USER_CREATE = "level3.user.create",
|
|
184
|
+
LEVEL3_USER_READ = "level3.user.read",
|
|
185
|
+
LEVEL3_USER_UPDATE = "level3.user.update",
|
|
186
|
+
LEVEL3_USER_DELETE = "level3.user.delete",
|
|
187
|
+
LEVEL3_ROLE_CREATE = "level3.role.create",
|
|
188
|
+
LEVEL3_ROLE_LIST = "level3.role.list",
|
|
189
|
+
LEVEL3_ROLE_VIEW = "level3.role.view",
|
|
190
|
+
LEVEL3_ROLE_UPDATE = "level3.role.update",
|
|
191
|
+
LEVEL3_ROLE_DELETE = "level3.role.delete",
|
|
192
|
+
LEVEL3_ROLE_ASSIGN = "level3.role.assign",
|
|
193
|
+
LEVEL3_ROLE_REVOKE = "level3.role.revoke",
|
|
194
|
+
LEVEL3_AUDIT_VIEW = "level3.audit.view"
|
|
154
195
|
}
|
|
155
196
|
/**
|
|
156
197
|
* Orden CANÓNICO y APPEND-ONLY de los permisos para el bitset del token.
|
|
@@ -125,6 +125,7 @@ var Permission;
|
|
|
125
125
|
Permission["RETAIL_PRODUCT_VIEW"] = "retail.product.view";
|
|
126
126
|
Permission["RETAIL_PRODUCT_UPDATE"] = "retail.product.update";
|
|
127
127
|
Permission["RETAIL_PRODUCT_DELETE"] = "retail.product.delete";
|
|
128
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'retail.product.mdm.config' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
128
129
|
Permission["RETAIL_PRODUCT_MDM_CONFIG"] = "retail.product.mdm_config";
|
|
129
130
|
Permission["RETAIL_INVENTORY_LIST"] = "retail.inventory.list";
|
|
130
131
|
Permission["RETAIL_INVENTORY_VIEW"] = "retail.inventory.view";
|
|
@@ -156,10 +157,13 @@ var Permission;
|
|
|
156
157
|
Permission["MDM_DEVICE_DEACTIVATE"] = "mdm.device.deactivate";
|
|
157
158
|
Permission["MDM_DEVICE_LOCK_MANUAL"] = "mdm.device.lock.manual";
|
|
158
159
|
Permission["MDM_DEVICE_UNLOCK_MANUAL"] = "mdm.device.unlock.manual";
|
|
160
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.pin.unlock' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
159
161
|
Permission["MDM_DEVICE_PIN_UNLOCK"] = "mdm.device.pin_unlock";
|
|
162
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.extend.validity' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
160
163
|
Permission["MDM_DEVICE_EXTEND_VALIDITY"] = "mdm.device.extend_validity";
|
|
161
164
|
Permission["MDM_DEVICE_NOTIFY"] = "mdm.device.notify";
|
|
162
165
|
Permission["MDM_DEVICE_STATUS_VIEW"] = "mdm.device.status.view";
|
|
166
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.operation.log.view' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
163
167
|
Permission["MDM_OPERATION_LOG_VIEW"] = "mdm.operation_log.view";
|
|
164
168
|
Permission["MDM_TEST"] = "mdm.test";
|
|
165
169
|
// ====================================================
|
|
@@ -177,6 +181,7 @@ var Permission;
|
|
|
177
181
|
Permission["AGENTS_APP_ACCESS"] = "agents.app.access";
|
|
178
182
|
Permission["AGENTS_AGENT_LIST"] = "agents.agent.list";
|
|
179
183
|
Permission["AGENTS_AGENT_CREATE"] = "agents.agent.create";
|
|
184
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'agents.agent.create.bulk' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
180
185
|
Permission["AGENTS_AGENT_CREATE_BULK"] = "agents.agent.create_bulk";
|
|
181
186
|
Permission["AGENTS_AGENT_MOVE"] = "agents.agent.move";
|
|
182
187
|
Permission["AGENTS_AGENT_DELETE"] = "agents.agent.delete";
|
|
@@ -204,6 +209,47 @@ var Permission;
|
|
|
204
209
|
// Gestión de usuarios DENTRO de un grupo (scope GROUP — el group_owner/admin sobre su grupo; el
|
|
205
210
|
// operador la cubre por TENANT). Crea usuarios + asigna roles group_* acotado al groupId. DEC-102.
|
|
206
211
|
Permission["AGENTS_GROUP_USER_MANAGE"] = "agents.group.user.manage";
|
|
212
|
+
// ====================================================
|
|
213
|
+
// LEVEL{1,2,3} — primitivas RBAC genéricas por nivel (DEC-RBAC-063, ADITIVO)
|
|
214
|
+
// Permisos básicos auto-sembrables por nivel genérico (data-driven). Coexisten con los
|
|
215
|
+
// legacy retail.*/agents.* (categorías @deprecated), NO los reemplazan en la línea 3.x.
|
|
216
|
+
// ====================================================
|
|
217
|
+
Permission["LEVEL1_USER_CREATE"] = "level1.user.create";
|
|
218
|
+
Permission["LEVEL1_USER_READ"] = "level1.user.read";
|
|
219
|
+
Permission["LEVEL1_USER_UPDATE"] = "level1.user.update";
|
|
220
|
+
Permission["LEVEL1_USER_DELETE"] = "level1.user.delete";
|
|
221
|
+
Permission["LEVEL1_ROLE_CREATE"] = "level1.role.create";
|
|
222
|
+
Permission["LEVEL1_ROLE_LIST"] = "level1.role.list";
|
|
223
|
+
Permission["LEVEL1_ROLE_VIEW"] = "level1.role.view";
|
|
224
|
+
Permission["LEVEL1_ROLE_UPDATE"] = "level1.role.update";
|
|
225
|
+
Permission["LEVEL1_ROLE_DELETE"] = "level1.role.delete";
|
|
226
|
+
Permission["LEVEL1_ROLE_ASSIGN"] = "level1.role.assign";
|
|
227
|
+
Permission["LEVEL1_ROLE_REVOKE"] = "level1.role.revoke";
|
|
228
|
+
Permission["LEVEL1_AUDIT_VIEW"] = "level1.audit.view";
|
|
229
|
+
Permission["LEVEL2_USER_CREATE"] = "level2.user.create";
|
|
230
|
+
Permission["LEVEL2_USER_READ"] = "level2.user.read";
|
|
231
|
+
Permission["LEVEL2_USER_UPDATE"] = "level2.user.update";
|
|
232
|
+
Permission["LEVEL2_USER_DELETE"] = "level2.user.delete";
|
|
233
|
+
Permission["LEVEL2_ROLE_CREATE"] = "level2.role.create";
|
|
234
|
+
Permission["LEVEL2_ROLE_LIST"] = "level2.role.list";
|
|
235
|
+
Permission["LEVEL2_ROLE_VIEW"] = "level2.role.view";
|
|
236
|
+
Permission["LEVEL2_ROLE_UPDATE"] = "level2.role.update";
|
|
237
|
+
Permission["LEVEL2_ROLE_DELETE"] = "level2.role.delete";
|
|
238
|
+
Permission["LEVEL2_ROLE_ASSIGN"] = "level2.role.assign";
|
|
239
|
+
Permission["LEVEL2_ROLE_REVOKE"] = "level2.role.revoke";
|
|
240
|
+
Permission["LEVEL2_AUDIT_VIEW"] = "level2.audit.view";
|
|
241
|
+
Permission["LEVEL3_USER_CREATE"] = "level3.user.create";
|
|
242
|
+
Permission["LEVEL3_USER_READ"] = "level3.user.read";
|
|
243
|
+
Permission["LEVEL3_USER_UPDATE"] = "level3.user.update";
|
|
244
|
+
Permission["LEVEL3_USER_DELETE"] = "level3.user.delete";
|
|
245
|
+
Permission["LEVEL3_ROLE_CREATE"] = "level3.role.create";
|
|
246
|
+
Permission["LEVEL3_ROLE_LIST"] = "level3.role.list";
|
|
247
|
+
Permission["LEVEL3_ROLE_VIEW"] = "level3.role.view";
|
|
248
|
+
Permission["LEVEL3_ROLE_UPDATE"] = "level3.role.update";
|
|
249
|
+
Permission["LEVEL3_ROLE_DELETE"] = "level3.role.delete";
|
|
250
|
+
Permission["LEVEL3_ROLE_ASSIGN"] = "level3.role.assign";
|
|
251
|
+
Permission["LEVEL3_ROLE_REVOKE"] = "level3.role.revoke";
|
|
252
|
+
Permission["LEVEL3_AUDIT_VIEW"] = "level3.audit.view";
|
|
207
253
|
})(Permission || (exports.Permission = Permission = {}));
|
|
208
254
|
/**
|
|
209
255
|
* Orden CANÓNICO y APPEND-ONLY de los permisos para el bitset del token.
|
|
@@ -355,6 +401,44 @@ exports.PERMISSION_BIT_ORDER = [
|
|
|
355
401
|
// Append-only 2026-06-25 (DEC-RBAC-050): edición del autoregistro self-service del tenant (allowlist
|
|
356
402
|
// anti-escalación). Al FINAL para no correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
357
403
|
Permission.PLATFORM_TENANT_AUTOREGISTER_MANAGE,
|
|
404
|
+
// Append-only 2026-06-28 (DEC-RBAC-063): 36 primitivas RBAC por nivel genérico. Al FINAL para no
|
|
405
|
+
// correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
406
|
+
Permission.LEVEL1_USER_CREATE,
|
|
407
|
+
Permission.LEVEL1_USER_READ,
|
|
408
|
+
Permission.LEVEL1_USER_UPDATE,
|
|
409
|
+
Permission.LEVEL1_USER_DELETE,
|
|
410
|
+
Permission.LEVEL1_ROLE_CREATE,
|
|
411
|
+
Permission.LEVEL1_ROLE_LIST,
|
|
412
|
+
Permission.LEVEL1_ROLE_VIEW,
|
|
413
|
+
Permission.LEVEL1_ROLE_UPDATE,
|
|
414
|
+
Permission.LEVEL1_ROLE_DELETE,
|
|
415
|
+
Permission.LEVEL1_ROLE_ASSIGN,
|
|
416
|
+
Permission.LEVEL1_ROLE_REVOKE,
|
|
417
|
+
Permission.LEVEL1_AUDIT_VIEW,
|
|
418
|
+
Permission.LEVEL2_USER_CREATE,
|
|
419
|
+
Permission.LEVEL2_USER_READ,
|
|
420
|
+
Permission.LEVEL2_USER_UPDATE,
|
|
421
|
+
Permission.LEVEL2_USER_DELETE,
|
|
422
|
+
Permission.LEVEL2_ROLE_CREATE,
|
|
423
|
+
Permission.LEVEL2_ROLE_LIST,
|
|
424
|
+
Permission.LEVEL2_ROLE_VIEW,
|
|
425
|
+
Permission.LEVEL2_ROLE_UPDATE,
|
|
426
|
+
Permission.LEVEL2_ROLE_DELETE,
|
|
427
|
+
Permission.LEVEL2_ROLE_ASSIGN,
|
|
428
|
+
Permission.LEVEL2_ROLE_REVOKE,
|
|
429
|
+
Permission.LEVEL2_AUDIT_VIEW,
|
|
430
|
+
Permission.LEVEL3_USER_CREATE,
|
|
431
|
+
Permission.LEVEL3_USER_READ,
|
|
432
|
+
Permission.LEVEL3_USER_UPDATE,
|
|
433
|
+
Permission.LEVEL3_USER_DELETE,
|
|
434
|
+
Permission.LEVEL3_ROLE_CREATE,
|
|
435
|
+
Permission.LEVEL3_ROLE_LIST,
|
|
436
|
+
Permission.LEVEL3_ROLE_VIEW,
|
|
437
|
+
Permission.LEVEL3_ROLE_UPDATE,
|
|
438
|
+
Permission.LEVEL3_ROLE_DELETE,
|
|
439
|
+
Permission.LEVEL3_ROLE_ASSIGN,
|
|
440
|
+
Permission.LEVEL3_ROLE_REVOKE,
|
|
441
|
+
Permission.LEVEL3_AUDIT_VIEW,
|
|
358
442
|
];
|
|
359
443
|
function djb2(input) {
|
|
360
444
|
let h = 5381;
|
|
@@ -6,10 +6,15 @@ export declare enum PermissionCategory {
|
|
|
6
6
|
RBAC = "rbac",
|
|
7
7
|
PLATFORM = "platform",
|
|
8
8
|
TENANT = "tenant",
|
|
9
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
9
10
|
RETAIL = "retail",
|
|
10
11
|
LEND = "lend",
|
|
11
12
|
MDM = "mdm",
|
|
12
13
|
AUDIT = "audit",
|
|
13
14
|
PAY = "pay",
|
|
14
|
-
|
|
15
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
16
|
+
AGENTS = "agents",
|
|
17
|
+
LEVEL1 = "level1",
|
|
18
|
+
LEVEL2 = "level2",
|
|
19
|
+
LEVEL3 = "level3"
|
|
15
20
|
}
|
|
@@ -10,10 +10,17 @@ var PermissionCategory;
|
|
|
10
10
|
PermissionCategory["RBAC"] = "rbac";
|
|
11
11
|
PermissionCategory["PLATFORM"] = "platform";
|
|
12
12
|
PermissionCategory["TENANT"] = "tenant";
|
|
13
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
13
14
|
PermissionCategory["RETAIL"] = "retail";
|
|
14
15
|
PermissionCategory["LEND"] = "lend";
|
|
15
16
|
PermissionCategory["MDM"] = "mdm";
|
|
16
17
|
PermissionCategory["AUDIT"] = "audit";
|
|
17
18
|
PermissionCategory["PAY"] = "pay";
|
|
19
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
18
20
|
PermissionCategory["AGENTS"] = "agents";
|
|
21
|
+
// DEC-RBAC-063 (aditivo): categorías de las primitivas RBAC por nivel genérico.
|
|
22
|
+
// Coexisten con RETAIL/AGENTS (@deprecated), no los reemplazan en la línea 3.x.
|
|
23
|
+
PermissionCategory["LEVEL1"] = "level1";
|
|
24
|
+
PermissionCategory["LEVEL2"] = "level2";
|
|
25
|
+
PermissionCategory["LEVEL3"] = "level3";
|
|
19
26
|
})(PermissionCategory || (exports.PermissionCategory = PermissionCategory = {}));
|
|
@@ -26,6 +26,9 @@ export * from './dtos/AuthorizeRequest';
|
|
|
26
26
|
export * from './dtos/AuthorizeResponse';
|
|
27
27
|
export * from './dtos/CreateTenantRequest';
|
|
28
28
|
export type { CreateTenantResponse } from './dtos/CreateTenantResponse';
|
|
29
|
+
export type { TenantStatus } from './dtos/TenantStatus';
|
|
30
|
+
export type { VerifyTenantInfraResponse } from './dtos/VerifyTenantInfraResponse';
|
|
31
|
+
export type { TenantDetailResponse } from './dtos/TenantDetailResponse';
|
|
29
32
|
export * from './dtos/UpdateTenantSecurityPolicyRequest';
|
|
30
33
|
export type { TenantSecurityPolicyResponse } from './dtos/TenantSecurityPolicyResponse';
|
|
31
34
|
export * from './dtos/UpdateTenantAutoregisterRequest';
|
|
@@ -2,6 +2,9 @@ import { PermissionScope } from './enums/PermissionScope';
|
|
|
2
2
|
/**
|
|
3
3
|
* Tipos de tenant soportados por el rbac-business. Cada tipo define su propia
|
|
4
4
|
* jerarquía de niveles DEBAJO de TENANT (data-driven). Hoy solo existe `retail`.
|
|
5
|
+
*
|
|
6
|
+
* @deprecated DEC-RBAC-062/063: el modelo de tipos de tenant se consolida en niveles genéricos
|
|
7
|
+
* (LEVEL_1..n) data-driven. Migración de tenants pendiente; no usar en código nuevo.
|
|
5
8
|
*/
|
|
6
9
|
export declare enum TenantType {
|
|
7
10
|
RETAIL = "retail",
|
|
@@ -14,8 +17,11 @@ interface TenantTypeDef {
|
|
|
14
17
|
/** Sufijo de tabla DDB por nivel (el prefix del tenant se antepone en runtime). */
|
|
15
18
|
tableSuffix: Partial<Record<PermissionScope, string>>;
|
|
16
19
|
}
|
|
20
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
17
21
|
export declare const TENANT_TYPES: Record<TenantType, TenantTypeDef>;
|
|
22
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
18
23
|
export declare function levelsOf(type: TenantType): PermissionScope[];
|
|
24
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
19
25
|
export declare function tableSuffixForLevel(type: TenantType, level: PermissionScope): string | undefined;
|
|
20
26
|
/**
|
|
21
27
|
* Orden global de scopes para ORDENAR (ej. UI): PLATFORM, TENANT + niveles de cada tipo.
|
|
@@ -8,12 +8,16 @@ const PermissionScope_1 = require("./enums/PermissionScope");
|
|
|
8
8
|
/**
|
|
9
9
|
* Tipos de tenant soportados por el rbac-business. Cada tipo define su propia
|
|
10
10
|
* jerarquía de niveles DEBAJO de TENANT (data-driven). Hoy solo existe `retail`.
|
|
11
|
+
*
|
|
12
|
+
* @deprecated DEC-RBAC-062/063: el modelo de tipos de tenant se consolida en niveles genéricos
|
|
13
|
+
* (LEVEL_1..n) data-driven. Migración de tenants pendiente; no usar en código nuevo.
|
|
11
14
|
*/
|
|
12
15
|
var TenantType;
|
|
13
16
|
(function (TenantType) {
|
|
14
17
|
TenantType["RETAIL"] = "retail";
|
|
15
18
|
TenantType["AGENTS"] = "agents";
|
|
16
19
|
})(TenantType || (exports.TenantType = TenantType = {}));
|
|
20
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
17
21
|
exports.TENANT_TYPES = {
|
|
18
22
|
[TenantType.RETAIL]: {
|
|
19
23
|
displayName: 'Retail',
|
|
@@ -30,9 +34,11 @@ exports.TENANT_TYPES = {
|
|
|
30
34
|
tableSuffix: { [PermissionScope_1.PermissionScope.GROUP]: 'SharedGroup' },
|
|
31
35
|
},
|
|
32
36
|
};
|
|
37
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
33
38
|
function levelsOf(type) {
|
|
34
39
|
return exports.TENANT_TYPES[type].levels;
|
|
35
40
|
}
|
|
41
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
36
42
|
function tableSuffixForLevel(type, level) {
|
|
37
43
|
return exports.TENANT_TYPES[type].tableSuffix[level];
|
|
38
44
|
}
|
package/package.json
CHANGED
|
@@ -21,7 +21,10 @@ export class CreateTenantRequest {
|
|
|
21
21
|
// DEC-RBAC-052: passwordMinLength purgado — la política de password es global (env vars) y la
|
|
22
22
|
// enforce Cognito (política nativa del pool), ya no es per-tenant en el create.
|
|
23
23
|
@Expose() @IsOptional() @IsEnum(TokenValidationMode) tokenValidationMode?: TokenValidationMode;
|
|
24
|
-
/**
|
|
24
|
+
/**
|
|
25
|
+
* Tipo de tenant a crear. Si se omite, el onboarding aplica su default (hoy: retail).
|
|
26
|
+
* @deprecated DEC-RBAC-062/063: el alta se hace por `applicationId`; `tenantType` se elimina al consolidar niveles. Migración pendiente; no usar en código nuevo.
|
|
27
|
+
*/
|
|
25
28
|
@Expose() @IsOptional() @IsEnum(TenantType) tenantType?: TenantType;
|
|
26
29
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
27
30
|
@Expose() @IsOptional() @IsString() applicationId?: string;
|
|
@@ -1,12 +1,24 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
2
|
+
|
|
1
3
|
/**
|
|
2
4
|
* Output del POST backoffice de creación de tenant (F-11). Response plain sin validators
|
|
3
5
|
* (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
6
|
+
*
|
|
7
|
+
* DEC-RBAC-058 (aditivo): el response expone el `status` resultante; si quedó `pending-infra`,
|
|
8
|
+
* viaja `infraRequirements` con las tablas del silo faltantes. `adminCognitoSub`/`temporaryPassword`
|
|
9
|
+
* pasan a OPCIONALES (no se quitan): el alta clásica con admin los setea; el alta sin admin
|
|
10
|
+
* (DEC-RBAC-057) no. `status`/`infraRequirements` son opcionales para back-compat con el alta clásica.
|
|
4
11
|
*/
|
|
5
12
|
export interface CreateTenantResponse {
|
|
6
13
|
tenantId: string;
|
|
7
14
|
userPoolId: string;
|
|
8
15
|
appClientId: string;
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
16
|
+
/** Presente en el alta CON admin (flujo clásico F-11). Opcional: el alta sin admin (DEC-RBAC-057) no lo setea. */
|
|
17
|
+
adminCognitoSub?: string;
|
|
18
|
+
/** Fallback out-of-band mientras el correo de invitación no entrega (F-11). Opcional (ver adminCognitoSub). */
|
|
19
|
+
temporaryPassword?: string;
|
|
20
|
+
/** Estado resultante del onboarding (DEC-RBAC-058). Opcional para back-compat; `active` o `pending-infra` en el happy path. */
|
|
21
|
+
status?: TenantStatus;
|
|
22
|
+
/** Nombres de tablas del silo faltantes. Presente solo cuando `status === 'pending-infra'` (DEC-RBAC-058). */
|
|
23
|
+
infraRequirements?: string[];
|
|
12
24
|
}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Output del GET backoffice de detalle de tenant (F-11). Response plain sin validators
|
|
5
|
+
* (no validamos lo que mandamos al cliente — fiado-validation-and-dtos § 7).
|
|
6
|
+
*
|
|
7
|
+
* Superficie de contrato que el frontend consume para la feature de infra (DEC-RBAC-058/059):
|
|
8
|
+
* `status` (que ahora incluye `pending-infra`) e `infraRequirements` (tablas del silo faltantes,
|
|
9
|
+
* presente solo en `pending-infra`). El detalle completo del tenant (cognitoPool, branding,
|
|
10
|
+
* securityPolicy, etc.) lo arma el manager a partir del Row; este DTO declara los campos del
|
|
11
|
+
* contrato relevantes a la feature sin duplicar el shape interno del Row.
|
|
12
|
+
*/
|
|
13
|
+
export interface TenantDetailResponse {
|
|
14
|
+
tenantId: string;
|
|
15
|
+
displayName: string;
|
|
16
|
+
tablePrefix: string;
|
|
17
|
+
status: TenantStatus;
|
|
18
|
+
/** Nombres de tablas del silo faltantes. Presente solo cuando `status === 'pending-infra'`. */
|
|
19
|
+
infraRequirements?: string[];
|
|
20
|
+
}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Estado de un tenant del platform-rbac-business (F-11 — onboarding de tenant).
|
|
3
|
+
*
|
|
4
|
+
* - `provisioning`: saga de onboarding en curso (estado transitorio).
|
|
5
|
+
* - `active`: tenant operativo (config + pool + roles sembrados).
|
|
6
|
+
* - `suspended`: tenant deshabilitado (saga abortada y compensada, o suspensión manual).
|
|
7
|
+
* - `pending-infra` (DEC-RBAC-058): el pre-check de infra encontró tablas del silo faltantes.
|
|
8
|
+
* El tenant quedó creado pero inutilizable hasta que infra cree las tablas; los nombres
|
|
9
|
+
* faltantes viajan en `infraRequirements`. No se sembraron roles. Re-verificable vía
|
|
10
|
+
* `POST /platform/tenants/{tenantId}/verify-infra` (DEC-RBAC-059).
|
|
11
|
+
*/
|
|
12
|
+
export type TenantStatus = 'provisioning' | 'active' | 'suspended' | 'pending-infra';
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { TenantStatus } from './TenantStatus';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Output del POST backoffice `verify-infra` (DEC-RBAC-059) — re-verificación de la infra del silo
|
|
5
|
+
* de un tenant `pending-infra`. Response plain sin validators (fiado-validation-and-dtos § 7).
|
|
6
|
+
* El `tenantId` viaja en el path, no hay request DTO.
|
|
7
|
+
*
|
|
8
|
+
* - Si ya están todas las tablas → siembra roles diferida → `status === 'active'` (sin `infraRequirements`).
|
|
9
|
+
* - Si aún faltan → `status === 'pending-infra'` + `infraRequirements` con los faltantes actuales.
|
|
10
|
+
* - Si el tenant no estaba `pending-infra` → no-op idempotente: devuelve el status actual.
|
|
11
|
+
*/
|
|
12
|
+
export interface VerifyTenantInfraResponse {
|
|
13
|
+
status: TenantStatus;
|
|
14
|
+
/** Nombres de tablas del silo aún faltantes. Presente solo cuando `status === 'pending-infra'`. */
|
|
15
|
+
infraRequirements?: string[];
|
|
16
|
+
}
|
|
@@ -122,6 +122,7 @@ export enum Permission {
|
|
|
122
122
|
RETAIL_PRODUCT_VIEW = 'retail.product.view',
|
|
123
123
|
RETAIL_PRODUCT_UPDATE = 'retail.product.update',
|
|
124
124
|
RETAIL_PRODUCT_DELETE = 'retail.product.delete',
|
|
125
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'retail.product.mdm.config' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
125
126
|
RETAIL_PRODUCT_MDM_CONFIG = 'retail.product.mdm_config',
|
|
126
127
|
RETAIL_INVENTORY_LIST = 'retail.inventory.list',
|
|
127
128
|
RETAIL_INVENTORY_VIEW = 'retail.inventory.view',
|
|
@@ -155,10 +156,13 @@ export enum Permission {
|
|
|
155
156
|
MDM_DEVICE_DEACTIVATE = 'mdm.device.deactivate',
|
|
156
157
|
MDM_DEVICE_LOCK_MANUAL = 'mdm.device.lock.manual',
|
|
157
158
|
MDM_DEVICE_UNLOCK_MANUAL = 'mdm.device.unlock.manual',
|
|
159
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.pin.unlock' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
158
160
|
MDM_DEVICE_PIN_UNLOCK = 'mdm.device.pin_unlock',
|
|
161
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.device.extend.validity' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
159
162
|
MDM_DEVICE_EXTEND_VALIDITY = 'mdm.device.extend_validity',
|
|
160
163
|
MDM_DEVICE_NOTIFY = 'mdm.device.notify',
|
|
161
164
|
MDM_DEVICE_STATUS_VIEW = 'mdm.device.status.view',
|
|
165
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'mdm.operation.log.view' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
162
166
|
MDM_OPERATION_LOG_VIEW = 'mdm.operation_log.view',
|
|
163
167
|
MDM_TEST = 'mdm.test',
|
|
164
168
|
|
|
@@ -178,6 +182,7 @@ export enum Permission {
|
|
|
178
182
|
AGENTS_APP_ACCESS = 'agents.app.access',
|
|
179
183
|
AGENTS_AGENT_LIST = 'agents.agent.list',
|
|
180
184
|
AGENTS_AGENT_CREATE = 'agents.agent.create',
|
|
185
|
+
/** @deprecated DEC-RBAC-061: se renombrará a 'agents.agent.create.bulk' (naming con puntos). Migración de datos coordinada por backend pendiente; no usar en código nuevo. */
|
|
181
186
|
AGENTS_AGENT_CREATE_BULK = 'agents.agent.create_bulk',
|
|
182
187
|
AGENTS_AGENT_MOVE = 'agents.agent.move',
|
|
183
188
|
AGENTS_AGENT_DELETE = 'agents.agent.delete',
|
|
@@ -205,6 +210,48 @@ export enum Permission {
|
|
|
205
210
|
// Gestión de usuarios DENTRO de un grupo (scope GROUP — el group_owner/admin sobre su grupo; el
|
|
206
211
|
// operador la cubre por TENANT). Crea usuarios + asigna roles group_* acotado al groupId. DEC-102.
|
|
207
212
|
AGENTS_GROUP_USER_MANAGE = 'agents.group.user.manage',
|
|
213
|
+
|
|
214
|
+
// ====================================================
|
|
215
|
+
// LEVEL{1,2,3} — primitivas RBAC genéricas por nivel (DEC-RBAC-063, ADITIVO)
|
|
216
|
+
// Permisos básicos auto-sembrables por nivel genérico (data-driven). Coexisten con los
|
|
217
|
+
// legacy retail.*/agents.* (categorías @deprecated), NO los reemplazan en la línea 3.x.
|
|
218
|
+
// ====================================================
|
|
219
|
+
LEVEL1_USER_CREATE = 'level1.user.create',
|
|
220
|
+
LEVEL1_USER_READ = 'level1.user.read',
|
|
221
|
+
LEVEL1_USER_UPDATE = 'level1.user.update',
|
|
222
|
+
LEVEL1_USER_DELETE = 'level1.user.delete',
|
|
223
|
+
LEVEL1_ROLE_CREATE = 'level1.role.create',
|
|
224
|
+
LEVEL1_ROLE_LIST = 'level1.role.list',
|
|
225
|
+
LEVEL1_ROLE_VIEW = 'level1.role.view',
|
|
226
|
+
LEVEL1_ROLE_UPDATE = 'level1.role.update',
|
|
227
|
+
LEVEL1_ROLE_DELETE = 'level1.role.delete',
|
|
228
|
+
LEVEL1_ROLE_ASSIGN = 'level1.role.assign',
|
|
229
|
+
LEVEL1_ROLE_REVOKE = 'level1.role.revoke',
|
|
230
|
+
LEVEL1_AUDIT_VIEW = 'level1.audit.view',
|
|
231
|
+
LEVEL2_USER_CREATE = 'level2.user.create',
|
|
232
|
+
LEVEL2_USER_READ = 'level2.user.read',
|
|
233
|
+
LEVEL2_USER_UPDATE = 'level2.user.update',
|
|
234
|
+
LEVEL2_USER_DELETE = 'level2.user.delete',
|
|
235
|
+
LEVEL2_ROLE_CREATE = 'level2.role.create',
|
|
236
|
+
LEVEL2_ROLE_LIST = 'level2.role.list',
|
|
237
|
+
LEVEL2_ROLE_VIEW = 'level2.role.view',
|
|
238
|
+
LEVEL2_ROLE_UPDATE = 'level2.role.update',
|
|
239
|
+
LEVEL2_ROLE_DELETE = 'level2.role.delete',
|
|
240
|
+
LEVEL2_ROLE_ASSIGN = 'level2.role.assign',
|
|
241
|
+
LEVEL2_ROLE_REVOKE = 'level2.role.revoke',
|
|
242
|
+
LEVEL2_AUDIT_VIEW = 'level2.audit.view',
|
|
243
|
+
LEVEL3_USER_CREATE = 'level3.user.create',
|
|
244
|
+
LEVEL3_USER_READ = 'level3.user.read',
|
|
245
|
+
LEVEL3_USER_UPDATE = 'level3.user.update',
|
|
246
|
+
LEVEL3_USER_DELETE = 'level3.user.delete',
|
|
247
|
+
LEVEL3_ROLE_CREATE = 'level3.role.create',
|
|
248
|
+
LEVEL3_ROLE_LIST = 'level3.role.list',
|
|
249
|
+
LEVEL3_ROLE_VIEW = 'level3.role.view',
|
|
250
|
+
LEVEL3_ROLE_UPDATE = 'level3.role.update',
|
|
251
|
+
LEVEL3_ROLE_DELETE = 'level3.role.delete',
|
|
252
|
+
LEVEL3_ROLE_ASSIGN = 'level3.role.assign',
|
|
253
|
+
LEVEL3_ROLE_REVOKE = 'level3.role.revoke',
|
|
254
|
+
LEVEL3_AUDIT_VIEW = 'level3.audit.view',
|
|
208
255
|
}
|
|
209
256
|
|
|
210
257
|
/**
|
|
@@ -357,6 +404,44 @@ export const PERMISSION_BIT_ORDER: readonly Permission[] = [
|
|
|
357
404
|
// Append-only 2026-06-25 (DEC-RBAC-050): edición del autoregistro self-service del tenant (allowlist
|
|
358
405
|
// anti-escalación). Al FINAL para no correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
359
406
|
Permission.PLATFORM_TENANT_AUTOREGISTER_MANAGE,
|
|
407
|
+
// Append-only 2026-06-28 (DEC-RBAC-063): 36 primitivas RBAC por nivel genérico. Al FINAL para no
|
|
408
|
+
// correr bits existentes (PERMS_VERSION cambia, índices previos se conservan).
|
|
409
|
+
Permission.LEVEL1_USER_CREATE,
|
|
410
|
+
Permission.LEVEL1_USER_READ,
|
|
411
|
+
Permission.LEVEL1_USER_UPDATE,
|
|
412
|
+
Permission.LEVEL1_USER_DELETE,
|
|
413
|
+
Permission.LEVEL1_ROLE_CREATE,
|
|
414
|
+
Permission.LEVEL1_ROLE_LIST,
|
|
415
|
+
Permission.LEVEL1_ROLE_VIEW,
|
|
416
|
+
Permission.LEVEL1_ROLE_UPDATE,
|
|
417
|
+
Permission.LEVEL1_ROLE_DELETE,
|
|
418
|
+
Permission.LEVEL1_ROLE_ASSIGN,
|
|
419
|
+
Permission.LEVEL1_ROLE_REVOKE,
|
|
420
|
+
Permission.LEVEL1_AUDIT_VIEW,
|
|
421
|
+
Permission.LEVEL2_USER_CREATE,
|
|
422
|
+
Permission.LEVEL2_USER_READ,
|
|
423
|
+
Permission.LEVEL2_USER_UPDATE,
|
|
424
|
+
Permission.LEVEL2_USER_DELETE,
|
|
425
|
+
Permission.LEVEL2_ROLE_CREATE,
|
|
426
|
+
Permission.LEVEL2_ROLE_LIST,
|
|
427
|
+
Permission.LEVEL2_ROLE_VIEW,
|
|
428
|
+
Permission.LEVEL2_ROLE_UPDATE,
|
|
429
|
+
Permission.LEVEL2_ROLE_DELETE,
|
|
430
|
+
Permission.LEVEL2_ROLE_ASSIGN,
|
|
431
|
+
Permission.LEVEL2_ROLE_REVOKE,
|
|
432
|
+
Permission.LEVEL2_AUDIT_VIEW,
|
|
433
|
+
Permission.LEVEL3_USER_CREATE,
|
|
434
|
+
Permission.LEVEL3_USER_READ,
|
|
435
|
+
Permission.LEVEL3_USER_UPDATE,
|
|
436
|
+
Permission.LEVEL3_USER_DELETE,
|
|
437
|
+
Permission.LEVEL3_ROLE_CREATE,
|
|
438
|
+
Permission.LEVEL3_ROLE_LIST,
|
|
439
|
+
Permission.LEVEL3_ROLE_VIEW,
|
|
440
|
+
Permission.LEVEL3_ROLE_UPDATE,
|
|
441
|
+
Permission.LEVEL3_ROLE_DELETE,
|
|
442
|
+
Permission.LEVEL3_ROLE_ASSIGN,
|
|
443
|
+
Permission.LEVEL3_ROLE_REVOKE,
|
|
444
|
+
Permission.LEVEL3_AUDIT_VIEW,
|
|
360
445
|
] as const;
|
|
361
446
|
|
|
362
447
|
function djb2(input: string): number {
|
|
@@ -6,10 +6,17 @@ export enum PermissionCategory {
|
|
|
6
6
|
RBAC = 'rbac',
|
|
7
7
|
PLATFORM = 'platform',
|
|
8
8
|
TENANT = 'tenant',
|
|
9
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
9
10
|
RETAIL = 'retail',
|
|
10
11
|
LEND = 'lend',
|
|
11
12
|
MDM = 'mdm',
|
|
12
13
|
AUDIT = 'audit',
|
|
13
14
|
PAY = 'pay',
|
|
15
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
14
16
|
AGENTS = 'agents',
|
|
17
|
+
// DEC-RBAC-063 (aditivo): categorías de las primitivas RBAC por nivel genérico.
|
|
18
|
+
// Coexisten con RETAIL/AGENTS (@deprecated), no los reemplazan en la línea 3.x.
|
|
19
|
+
LEVEL1 = 'level1',
|
|
20
|
+
LEVEL2 = 'level2',
|
|
21
|
+
LEVEL3 = 'level3',
|
|
15
22
|
}
|
|
@@ -51,6 +51,10 @@ export * from './dtos/AuthorizeResponse';
|
|
|
51
51
|
// decoradores class-validator → export de valor; CreateTenantResponse es interface → type-only.
|
|
52
52
|
export * from './dtos/CreateTenantRequest';
|
|
53
53
|
export type { CreateTenantResponse } from './dtos/CreateTenantResponse';
|
|
54
|
+
// DEC-RBAC-058/059 (aditivo) — tenant pending-infra + verify-infra
|
|
55
|
+
export type { TenantStatus } from './dtos/TenantStatus';
|
|
56
|
+
export type { VerifyTenantInfraResponse } from './dtos/VerifyTenantInfraResponse';
|
|
57
|
+
export type { TenantDetailResponse } from './dtos/TenantDetailResponse';
|
|
54
58
|
|
|
55
59
|
// MFA por tenant — methodsAllowed (value-set 'EMAIL'|'TOTP', TD-RBAC-071, DEC-095).
|
|
56
60
|
// UpdateTenantSecurityPolicyRequest lleva decoradores class-validator → export de valor;
|
|
@@ -3,6 +3,9 @@ import { PermissionScope } from './enums/PermissionScope';
|
|
|
3
3
|
/**
|
|
4
4
|
* Tipos de tenant soportados por el rbac-business. Cada tipo define su propia
|
|
5
5
|
* jerarquía de niveles DEBAJO de TENANT (data-driven). Hoy solo existe `retail`.
|
|
6
|
+
*
|
|
7
|
+
* @deprecated DEC-RBAC-062/063: el modelo de tipos de tenant se consolida en niveles genéricos
|
|
8
|
+
* (LEVEL_1..n) data-driven. Migración de tenants pendiente; no usar en código nuevo.
|
|
6
9
|
*/
|
|
7
10
|
export enum TenantType {
|
|
8
11
|
RETAIL = 'retail',
|
|
@@ -17,6 +20,7 @@ interface TenantTypeDef {
|
|
|
17
20
|
tableSuffix: Partial<Record<PermissionScope, string>>;
|
|
18
21
|
}
|
|
19
22
|
|
|
23
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
20
24
|
export const TENANT_TYPES: Record<TenantType, TenantTypeDef> = {
|
|
21
25
|
[TenantType.RETAIL]: {
|
|
22
26
|
displayName: 'Retail',
|
|
@@ -34,10 +38,12 @@ export const TENANT_TYPES: Record<TenantType, TenantTypeDef> = {
|
|
|
34
38
|
},
|
|
35
39
|
};
|
|
36
40
|
|
|
41
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
37
42
|
export function levelsOf(type: TenantType): PermissionScope[] {
|
|
38
43
|
return TENANT_TYPES[type].levels;
|
|
39
44
|
}
|
|
40
45
|
|
|
46
|
+
/** @deprecated DEC-RBAC-062/063: se consolida en niveles genéricos (LEVEL_n) data-driven. Migración de tenants pendiente; no usar en código nuevo. */
|
|
41
47
|
export function tableSuffixForLevel(type: TenantType, level: PermissionScope): string | undefined {
|
|
42
48
|
return TENANT_TYPES[type].tableSuffix[level];
|
|
43
49
|
}
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { BenefitPaymentStatusEnum } from "../../benefitCenter/enums/BenefitPaymentStatusEnum";
|
|
2
|
-
import { WalletFundingErrorCodeEnum } from "../enums/WalletFundingErrorCodeEnum";
|
|
3
|
-
export declare class CancelFundingReferenceResponse {
|
|
4
|
-
reference: string;
|
|
5
|
-
status: BenefitPaymentStatusEnum;
|
|
6
|
-
errorCode?: WalletFundingErrorCodeEnum;
|
|
7
|
-
}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Request del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
3
|
-
* `reference` viaja en el path, `directoryId` se resuelve del JWT.
|
|
4
|
-
* `providerModuleName` permite al marketplace rutear al publisher correcto
|
|
5
|
-
* sin tener que persistir el mapping (el wallet-app sabe el moduleName
|
|
6
|
-
* porque vino en la respuesta del authorize).
|
|
7
|
-
*/
|
|
8
|
-
export declare class CancelFundingRequest {
|
|
9
|
-
idempotencyKey: string;
|
|
10
|
-
providerModuleName: string;
|
|
11
|
-
}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
import { BenefitPaymentStatusEnum } from "../../benefitCenter/enums/BenefitPaymentStatusEnum";
|
|
2
|
-
import { WalletFundingErrorCodeEnum } from "../enums/WalletFundingErrorCodeEnum";
|
|
3
|
-
/**
|
|
4
|
-
* Response del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
5
|
-
* `status` reusa `BenefitPaymentStatusEnum` (APPROVED = cancel aceptado;
|
|
6
|
-
* REJECTED = no se pudo) para consistencia con `CancelFundingReferenceResponse`
|
|
7
|
-
* (marketplace ↔ connector). Idempotente: re-cancelar devuelve APPROVED.
|
|
8
|
-
*/
|
|
9
|
-
export declare class CancelFundingResponse {
|
|
10
|
-
reference: string;
|
|
11
|
-
status: BenefitPaymentStatusEnum;
|
|
12
|
-
errorCode?: WalletFundingErrorCodeEnum;
|
|
13
|
-
message?: string;
|
|
14
|
-
}
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.CancelFundingResponse = void 0;
|
|
4
|
-
/**
|
|
5
|
-
* Response del cancel via Centro de Beneficios (spec 13 v2.0).
|
|
6
|
-
* `status` reusa `BenefitPaymentStatusEnum` (APPROVED = cancel aceptado;
|
|
7
|
-
* REJECTED = no se pudo) para consistencia con `CancelFundingReferenceResponse`
|
|
8
|
-
* (marketplace ↔ connector). Idempotente: re-cancelar devuelve APPROVED.
|
|
9
|
-
*/
|
|
10
|
-
class CancelFundingResponse {
|
|
11
|
-
}
|
|
12
|
-
exports.CancelFundingResponse = CancelFundingResponse;
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
-
};
|
|
8
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.CancelWalletFundingRequest = void 0;
|
|
13
|
-
const class_validator_1 = require("class-validator");
|
|
14
|
-
class CancelWalletFundingRequest {
|
|
15
|
-
}
|
|
16
|
-
exports.CancelWalletFundingRequest = CancelWalletFundingRequest;
|
|
17
|
-
__decorate([
|
|
18
|
-
(0, class_validator_1.IsString)(),
|
|
19
|
-
(0, class_validator_1.MaxLength)(64),
|
|
20
|
-
__metadata("design:type", String)
|
|
21
|
-
], CancelWalletFundingRequest.prototype, "idempotencyKey", void 0);
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { BenefitPaymentStatusEnum } from "../../benefitCenter/enums/BenefitPaymentStatusEnum";
|
|
2
|
-
import { WalletFundingErrorCodeEnum } from "../enums/WalletFundingErrorCodeEnum";
|
|
3
|
-
export declare class CancelWalletFundingResponse {
|
|
4
|
-
status: BenefitPaymentStatusEnum;
|
|
5
|
-
errorCode?: WalletFundingErrorCodeEnum;
|
|
6
|
-
reference?: string;
|
|
7
|
-
}
|