npm - @flusys/nestjs-iam - Versions diffs - 0.1.0-alpha.1 - Mend

@flusys/nestjs-iam 0.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

package/cjs/config-index.js +1 -0
package/cjs/controllers-index.js +1 -0
package/cjs/docs-index.js +79 -0
package/cjs/dtos-index.js +1 -0
package/cjs/entities-index.js +1 -0
package/cjs/enums-index.js +1 -0
package/cjs/helpers-index.js +1 -0
package/cjs/index.js +79 -0
package/cjs/interfaces-index.js +1 -0
package/cjs/modules-index.js +1 -0
package/cjs/services-index.js +1 -0
package/cjs/types-index.js +1 -0
package/config/iam.constants.d.ts +1 -0
package/config/index.d.ts +1 -0
package/controllers/action.controller.d.ts +20 -0
package/controllers/company-action-permission.controller.d.ts +9 -0
package/controllers/index.d.ts +6 -0
package/controllers/my-permission.controller.d.ts +8 -0
package/controllers/role-permission.controller.d.ts +11 -0
package/controllers/role.controller.d.ts +17 -0
package/controllers/user-action-permission.controller.d.ts +9 -0
package/docs/iam-swagger.config.d.ts +3 -0
package/docs/index.d.ts +1 -0
package/dtos/action.dto.d.ts +52 -0
package/dtos/index.d.ts +3 -0
package/dtos/permission.dto.d.ts +92 -0
package/dtos/role.dto.d.ts +36 -0
package/entities/action-base.entity.d.ts +17 -0
package/entities/action.entity.d.ts +3 -0
package/entities/index.d.ts +16 -0
package/entities/permission-base.entity.d.ts +30 -0
package/entities/permission-with-company.entity.d.ts +5 -0
package/entities/role-base.entity.d.ts +9 -0
package/entities/role-with-company.entity.d.ts +4 -0
package/entities/role.entity.d.ts +3 -0
package/entities/user-iam-permission.entity.d.ts +4 -0
package/enums/action-type.enum.d.ts +5 -0
package/enums/index.d.ts +2 -0
package/enums/permission-type.enum.d.ts +5 -0
package/fesm/config-index.js +1 -0
package/fesm/controllers-index.js +1 -0
package/fesm/docs-index.js +79 -0
package/fesm/dtos-index.js +1 -0
package/fesm/entities-index.js +1 -0
package/fesm/enums-index.js +1 -0
package/fesm/helpers-index.js +1 -0
package/fesm/index.js +79 -0
package/fesm/interfaces-index.js +0 -0
package/fesm/modules-index.js +1 -0
package/fesm/services-index.js +1 -0
package/fesm/types-index.js +1 -0
package/helpers/index.d.ts +2 -0
package/helpers/permission-evaluator.helper.d.ts +26 -0
package/helpers/permission-mode.helper.d.ts +5 -0
package/index.d.ts +11 -0
package/interfaces/action.interface.d.ts +24 -0
package/interfaces/iam-module-async-options.interface.d.ts +11 -0
package/interfaces/iam-module-options.interface.d.ts +12 -0
package/interfaces/index.d.ts +4 -0
package/interfaces/role.interface.d.ts +16 -0
package/modules/iam.module.d.ts +13 -0
package/modules/index.d.ts +1 -0
package/package.json +95 -0
package/services/action.service.d.ts +35 -0
package/services/iam-config.service.d.ts +15 -0
package/services/iam-datasource.provider.d.ts +25 -0
package/services/index.d.ts +6 -0
package/services/permission-cache.service.d.ts +41 -0
package/services/permission.service.d.ts +37 -0
package/services/role.service.d.ts +35 -0
package/types/index.d.ts +1 -0
package/types/logic-node.type.d.ts +15 -0

package/cjs/config-index.js ADDED Viewed

@@ -0,0 +1 @@

package/cjs/controllers-index.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __hasOwnProp=Object.prototype.hasOwnProperty;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from==="object"||typeof from==="function"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toCommonJS=mod=>__copyProps(__defProp({},"__esModule",{value:true}),mod);var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};var __decorateParam=(index,decorator)=>(target,key)=>decorator(target,key,index);var index_exports={};__export(index_exports,{ActionController:()=>ActionController,CompanyActionPermissionController:()=>CompanyActionPermissionController,MyPermissionController:()=>MyPermissionController,RoleController:()=>RoleController,RolePermissionController:()=>RolePermissionController,UserActionPermissionController:()=>UserActionPermissionController});module.exports=__toCommonJS(index_exports);var import_guards=require("@flusys/nestjs-shared/guards");var import_nestjs_shared2=require("@flusys/nestjs-shared");var import_common2=require("@nestjs/common");var import_swagger2=require("@nestjs/swagger");var import_swagger=require("@nestjs/swagger");var import_class_validator=require("class-validator");var ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{});var CreateActionDto=class{static{__name(this,"CreateActionDto")}name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata};__decorateClass([(0,import_swagger.ApiProperty)({description:"Action name",example:"View Users"}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsNotEmpty)(),(0,import_class_validator.MaxLength)(255)],CreateActionDto.prototype,"name",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Action description",example:"Permission to view user list",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)(),(0,import_class_validator.MaxLength)(500)],CreateActionDto.prototype,"description",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Unique code for programmatic reference",example:"user.view",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)(),(0,import_class_validator.MaxLength)(255)],CreateActionDto.prototype,"code",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Action type (backend for API endpoints, frontend for UI features)",enum:ActionType,example:"backend",default:"backend",required:false}),(0,import_class_validator.IsEnum)(ActionType),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"actionType",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Permission logic (AND/OR rules)",required:false}),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"permissionLogic",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Parent action ID for hierarchy",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"parentId",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Display order",required:false}),(0,import_class_validator.IsInt)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"serial",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Active status",default:true,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Additional metadata",required:false}),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"metadata",2);var UpdateActionDto=class extends(0,import_swagger.PartialType)(CreateActionDto){static{__name(this,"UpdateActionDto")}id};__decorateClass([(0,import_swagger.ApiProperty)({description:"Action ID",example:"123e4567-e89b-12d3-a456-426614174000"}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsNotEmpty)()],UpdateActionDto.prototype,"id",2);var ActionResponseDto=class{static{__name(this,"ActionResponseDto")}id;readOnly;name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"readOnly",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"name",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"description",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"code",2);__decorateClass([(0,import_swagger.ApiProperty)({enum:ActionType})],ActionResponseDto.prototype,"actionType",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"permissionLogic",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"parentId",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"serial",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"metadata",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"createdAt",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"updatedAt",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"deletedAt",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"createdById",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"updatedById",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"deletedById",2);var _ActionTreeDto=class _ActionTreeDto extends ActionResponseDto{static{__name(this,"ActionTreeDto")}children};__decorateClass([(0,import_swagger.ApiProperty)({type:__name(()=>[_ActionTreeDto],"type")})],_ActionTreeDto.prototype,"children",2);var ActionTreeDto=_ActionTreeDto;var ActionQueryDto=class{static{__name(this,"ActionQueryDto")}isActive;parentId};__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by active status",required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionQueryDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by parent ID",required:false}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsOptional)()],ActionQueryDto.prototype,"parentId",2);var ActionTreeQueryDto=class{static{__name(this,"ActionTreeQueryDto")}search;isActive;withDeleted};__decorateClass([(0,import_swagger.ApiProperty)({description:"Search by name or code",example:"user",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"search",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by active status",example:true,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Include deleted actions",default:false,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"withDeleted",2);var import_classes=require("@flusys/nestjs-shared/classes");var import_common=require("@nestjs/common");var import_typeorm3=require("typeorm");var import_typeorm2=require("typeorm");var import_nestjs_shared=require("@flusys/nestjs-shared");var import_typeorm=require("typeorm");var ActionBase=class extends import_nestjs_shared.Identity{static{__name(this,"ActionBase")}readOnly;name;description;code;actionType;permissionLogic;serial;isActive;parent;parentId;children;metadata};__decorateClass([(0,import_typeorm.Column)({type:"boolean",nullable:false,default:false,name:"read_only"})],ActionBase.prototype,"readOnly",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:255,nullable:false})],ActionBase.prototype,"name",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:500,nullable:true})],ActionBase.prototype,"description",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:255,nullable:true,unique:true})],ActionBase.prototype,"code",2);__decorateClass([(0,import_typeorm.Column)({type:"enum",enum:ActionType,nullable:false,default:"backend",name:"action_type"})],ActionBase.prototype,"actionType",2);__decorateClass([(0,import_typeorm.Column)("simple-json",{nullable:true,name:"permission_logic"})],ActionBase.prototype,"permissionLogic",2);__decorateClass([(0,import_typeorm.Column)({type:"int",nullable:true})],ActionBase.prototype,"serial",2);__decorateClass([(0,import_typeorm.Column)({type:"boolean",nullable:false,default:true,name:"is_active"})],ActionBase.prototype,"isActive",2);__decorateClass([(0,import_typeorm.ManyToOne)("Action","children",{nullable:true,onDelete:"CASCADE"}),(0,import_typeorm.JoinColumn)({name:"parent_id"})],ActionBase.prototype,"parent",2);__decorateClass([(0,import_typeorm.Column)({type:"uuid",nullable:true,name:"parent_id"})],ActionBase.prototype,"parentId",2);__decorateClass([(0,import_typeorm.OneToMany)("Action","parent")],ActionBase.prototype,"children",2);__decorateClass([(0,import_typeorm.Column)("simple-json",{nullable:true})],ActionBase.prototype,"metadata",2);var Action=class extends ActionBase{};__name(Action,"Action");Action=__decorateClass([(0,import_typeorm2.Entity)({name:"action"}),(0,import_typeorm2.Index)(["parentId"])],Action);var ActionService=class extends import_classes.RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider,permissionService){super("action",null,cacheManager,utilsService,ActionService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider;this.permissionService=permissionService}logger=new import_common.Logger(ActionService.name);resolveEntity(){return Action}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,_user){if(!("id"in dto)||!dto.id){return dto}const existingAction=await this.repository.findOne({where:{id:dto.id}});if(!existingAction){throw new import_common.NotFoundException(`Action with ID ${dto.id} not found`)}return{...existingAction,...dto}}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","code","description","actionType","permissionLogic","isActive","parentId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,code:entity.code,actionType:entity.actionType,permissionLogic:entity.permissionLogic,serial:entity.serial,isActive:entity.isActive,parentId:entity.parentId,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}async getActionsForPermission(user){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionsForPermission")}const selectFields=["id","code","name","description","actionType","permissionLogic","isActive","parentId","serial"];const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user.companyId){const companyActionIds=await this.permissionService.getCompanyActionIds(user.companyId);if(companyActionIds.length===0){return[]}const actions2=await this.repository.find({where:{id:(0,import_typeorm3.In)(companyActionIds)},select:selectFields});return actions2.map(action=>this.convertEntityToResponseDto(action,false))}const actions=await this.repository.find({select:selectFields});return actions.map(action=>this.convertEntityToResponseDto(action,false))}async getActionTree(user,search,isActive,withDeleted=false){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionTree")}const query=this.repository.createQueryBuilder("action");if(!withDeleted){query.andWhere("action.deletedAt IS NULL")}if(isActive!==void 0){query.andWhere("action.isActive = :isActive",{isActive})}if(search?.trim()){query.andWhere("(action.name LIKE :search OR action.code LIKE :search)",{search:`%${search.trim()}%`})}const actions=await query.orderBy("action.serial","ASC").getMany();return this.buildActionTree(actions)}buildActionTree(actions){if(!actions?.length){return[]}const map=new Map;const rootNodes=[];for(const action of actions){const treeNode={...this.convertEntityToResponseDto(action,false),children:[]};map.set(action.id,treeNode)}for(const action of actions){const node=map.get(action.id);if(!node){continue}if(action.parentId&&map.has(action.parentId)){const parent=map.get(action.parentId);if(parent?.children){parent.children.push(node)}}else{rootNodes.push(node)}}return rootNodes}};__name(ActionService,"ActionService");ActionService=__decorateClass([(0,import_common.Injectable)(),__decorateParam(0,(0,import_common.Inject)("CACHE_INSTANCE"))],ActionService);var ActionController=class extends(0,import_nestjs_shared2.createApiController)(CreateActionDto,UpdateActionDto,ActionResponseDto){constructor(actionService){super(actionService);this.actionService=actionService}async getActionsForPermission(user){const actions=await this.actionService.getActionsForPermission(user);return{success:true,message:"Actions retrieved successfully",data:actions}}async getActionTree(query,user){const tree=await this.actionService.getActionTree(user,query.search,query.isActive,query.withDeleted);return{success:true,message:"Action tree retrieved successfully",data:tree}}};__name(ActionController,"ActionController");__decorateClass([(0,import_common2.Get)("tree-for-permission"),(0,import_common2.UseGuards)(import_guards.JwtAuthGuard),(0,import_swagger2.ApiBearerAuth)(),(0,import_swagger2.ApiOperation)({summary:"Get actions for permission assignment",description:"Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist."}),(0,import_swagger2.ApiResponse)({status:200,type:import_nestjs_shared2.SingleResponseDto}),__decorateParam(0,(0,import_nestjs_shared2.CurrentUser)())],ActionController.prototype,"getActionsForPermission",1);__decorateClass([(0,import_common2.Post)("tree"),(0,import_common2.UseGuards)(import_guards.JwtAuthGuard),(0,import_swagger2.ApiBearerAuth)(),(0,import_swagger2.ApiOperation)({summary:"Get actions in hierarchical tree structure",description:"Returns all actions organized in a parent-child tree structure. Supports optional search and filtering."}),(0,import_swagger2.ApiResponse)({status:200,description:"Actions tree retrieved successfully",type:import_nestjs_shared2.SingleResponseDto}),__decorateParam(0,(0,import_common2.Body)()),__decorateParam(1,(0,import_nestjs_shared2.CurrentUser)())],ActionController.prototype,"getActionTree",1);ActionController=__decorateClass([(0,import_swagger2.ApiTags)("IAM - Actions"),(0,import_common2.Controller)("iam/actions"),__decorateParam(0,(0,import_common2.Inject)(ActionService))],ActionController);var import_classes3=require("@flusys/nestjs-shared/classes");var import_common4=require("@nestjs/common");var import_swagger4=require("@nestjs/swagger");var import_swagger3=require("@nestjs/swagger");var import_class_validator2=require("class-validator");var CreateRoleDto=class{static{__name(this,"CreateRoleDto")}name;description;companyId;isActive;serial;metadata};__decorateClass([(0,import_swagger3.ApiProperty)({description:"Role name",example:"Manager"}),(0,import_class_validator2.IsString)(),(0,import_class_validator2.IsNotEmpty)(),(0,import_class_validator2.MaxLength)(255)],CreateRoleDto.prototype,"name",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Role description",example:"Management level access",required:false}),(0,import_class_validator2.IsString)(),(0,import_class_validator2.IsOptional)(),(0,import_class_validator2.MaxLength)(500)],CreateRoleDto.prototype,"description",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Company ID (scope role to specific company) - Only available when company feature is enabled",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],CreateRoleDto.prototype,"companyId",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Active status",default:true,required:false}),(0,import_class_validator2.IsBoolean)(),(0,import_class_validator2.IsOptional)()],CreateRoleDto.prototype,"isActive",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Display order",required:false}),(0,import_class_validator2.IsInt)(),(0,import_class_validator2.IsOptional)()],CreateRoleDto.prototype,"serial",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Additional metadata",required:false}),(0,import_class_validator2.IsOptional)()],CreateRoleDto.prototype,"metadata",2);var UpdateRoleDto=class extends(0,import_swagger3.PartialType)(CreateRoleDto){static{__name(this,"UpdateRoleDto")}id};__decorateClass([(0,import_swagger3.ApiProperty)({description:"Role ID",example:"123e4567-e89b-12d3-a456-426614174000"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsNotEmpty)()],UpdateRoleDto.prototype,"id",2);var RoleQueryDto=class{static{__name(this,"RoleQueryDto")}companyId;isActive};__decorateClass([(0,import_swagger3.ApiProperty)({description:"Filter by company ID - Only available when company feature is enabled",required:false}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],RoleQueryDto.prototype,"companyId",2);__decorateClass([(0,import_swagger3.ApiProperty)({description:"Filter by active status",required:false}),(0,import_class_validator2.IsBoolean)(),(0,import_class_validator2.IsOptional)()],RoleQueryDto.prototype,"isActive",2);var RoleResponseDto=class{static{__name(this,"RoleResponseDto")}id;readOnly;name;description;companyId;isActive;serial;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"readOnly",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"name",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"description",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"companyId",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"isActive",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"serial",2);__decorateClass([(0,import_swagger3.ApiProperty)({required:false})],RoleResponseDto.prototype,"metadata",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"createdAt",2);__decorateClass([(0,import_swagger3.ApiProperty)()],RoleResponseDto.prototype,"updatedAt",2);__decorateClass([(0,import_swagger3.ApiProperty)({required:false})],RoleResponseDto.prototype,"deletedAt",2);__decorateClass([(0,import_swagger3.ApiProperty)({required:false})],RoleResponseDto.prototype,"createdById",2);__decorateClass([(0,import_swagger3.ApiProperty)({required:false})],RoleResponseDto.prototype,"updatedById",2);__decorateClass([(0,import_swagger3.ApiProperty)({required:false})],RoleResponseDto.prototype,"deletedById",2);var import_classes2=require("@flusys/nestjs-shared/classes");var import_common3=require("@nestjs/common");var import_typeorm5=require("typeorm");var import_nestjs_shared3=require("@flusys/nestjs-shared");var import_typeorm4=require("typeorm");var RoleBase=class extends import_nestjs_shared3.Identity{static{__name(this,"RoleBase")}readOnly;name;description;isActive;serial;metadata};__decorateClass([(0,import_typeorm4.Column)({type:"boolean",nullable:false,default:false,name:"read_only"})],RoleBase.prototype,"readOnly",2);__decorateClass([(0,import_typeorm4.Column)({type:"varchar",length:255,nullable:false})],RoleBase.prototype,"name",2);__decorateClass([(0,import_typeorm4.Column)({type:"varchar",length:500,nullable:true})],RoleBase.prototype,"description",2);__decorateClass([(0,import_typeorm4.Column)({type:"boolean",nullable:false,default:true,name:"is_active"})],RoleBase.prototype,"isActive",2);__decorateClass([(0,import_typeorm4.Column)({type:"int",nullable:true})],RoleBase.prototype,"serial",2);__decorateClass([(0,import_typeorm4.Column)("simple-json",{nullable:true})],RoleBase.prototype,"metadata",2);var RoleWithCompany=class extends RoleBase{companyId};__name(RoleWithCompany,"RoleWithCompany");__decorateClass([(0,import_typeorm5.Column)({type:"uuid",nullable:true,name:"company_id"})],RoleWithCompany.prototype,"companyId",2);RoleWithCompany=__decorateClass([(0,import_typeorm5.Entity)({name:"role"}),(0,import_typeorm5.Index)(["companyId"])],RoleWithCompany);var import_typeorm6=require("typeorm");var Role=class extends RoleBase{};__name(Role,"Role");Role=__decorateClass([(0,import_typeorm6.Entity)({name:"role"})],Role);var RoleService=class extends import_classes2.RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider){super("role",null,cacheManager,utilsService,RoleService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new import_common3.Logger(RoleService.name);resolveEntity(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();return enableCompanyFeature?RoleWithCompany:Role}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,user){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let role={};let isUpdate=false;if("id"in dto&&dto.id&&typeof dto.id==="string"){const dbData=await this.repository.findOne({where:{id:dto.id}});if(!dbData){throw new import_common3.NotFoundException("Role not found")}role=dbData;isUpdate=true}role={...role,...dto};if(enableCompanyFeature){if(isUpdate){if(dto.companyId!==void 0){role.companyId=dto.companyId}if(!("companyId"in role)||role.companyId===void 0){role.companyId=user?.companyId??null}}else{role.companyId=dto.companyId??user?.companyId??null}}return role}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","description","isActive","companyId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(role.name LIKE :search OR role.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}async getExtraManipulateQuery(query,filterDto,user){const result=await super.getExtraManipulateQuery(query,filterDto,user);const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user?.companyId){query.andWhere("role.companyId = :companyId",{companyId:user.companyId})}return result}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,isActive:entity.isActive,serial:entity.serial,companyId:("companyId"in entity?entity.companyId:null)??null,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}};__name(RoleService,"RoleService");RoleService=__decorateClass([(0,import_common3.Injectable)(),__decorateParam(0,(0,import_common3.Inject)("CACHE_INSTANCE"))],RoleService);var RoleController=class extends(0,import_classes3.createApiController)(CreateRoleDto,UpdateRoleDto,RoleResponseDto,{security:"jwt"}){constructor(roleService){super(roleService);this.roleService=roleService}};__name(RoleController,"RoleController");RoleController=__decorateClass([(0,import_swagger4.ApiTags)("IAM - Roles"),(0,import_common4.Controller)("iam/roles"),__decorateParam(0,(0,import_common4.Inject)(RoleService))],RoleController);var import_nestjs_shared4=require("@flusys/nestjs-shared");var import_common5=require("@nestjs/common");var import_swagger6=require("@nestjs/swagger");var import_swagger5=require("@nestjs/swagger");var import_class_transformer=require("class-transformer");var import_class_validator3=require("class-validator");var PermissionAction=(PermissionAction2=>{PermissionAction2["ADD"]="add";PermissionAction2["REMOVE"]="remove";return PermissionAction2})(PermissionAction||{});var PermissionItemDto=class{static{__name(this,"PermissionItemDto")}id;action};__decorateClass([(0,import_swagger5.ApiProperty)({description:"ID of the target (action or role)"}),(0,import_class_validator3.IsUUID)()],PermissionItemDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Action to perform",enum:PermissionAction,example:"add"}),(0,import_class_validator3.IsEnum)(PermissionAction)],PermissionItemDto.prototype,"action",2);var AssignUserActionsDto=class{static{__name(this,"AssignUserActionsDto")}userId;companyId;branchId;items};__decorateClass([(0,import_swagger5.ApiProperty)({description:"User ID"}),(0,import_class_validator3.IsUUID)()],AssignUserActionsDto.prototype,"userId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Company ID (for company-wide or branch-specific assignments)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],AssignUserActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Branch ID (null = company-wide, set = branch-specific)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],AssignUserActionsDto.prototype,"branchId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator3.IsArray)(),(0,import_class_validator3.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignUserActionsDto.prototype,"items",2);var AssignCompanyActionsDto=class{static{__name(this,"AssignCompanyActionsDto")}companyId;items};__decorateClass([(0,import_swagger5.ApiProperty)({description:"Company ID"}),(0,import_class_validator3.IsUUID)()],AssignCompanyActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Array of actions to assign/remove to company (whitelist)",type:[PermissionItemDto]}),(0,import_class_validator3.IsArray)(),(0,import_class_validator3.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignCompanyActionsDto.prototype,"items",2);var AssignRoleActionsDto=class{static{__name(this,"AssignRoleActionsDto")}roleId;items};__decorateClass([(0,import_swagger5.ApiProperty)({description:"Role ID"}),(0,import_class_validator3.IsUUID)()],AssignRoleActionsDto.prototype,"roleId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator3.IsArray)(),(0,import_class_validator3.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignRoleActionsDto.prototype,"items",2);var AssignUserRolesDto=class{static{__name(this,"AssignUserRolesDto")}userId;companyId;branchId;items};__decorateClass([(0,import_swagger5.ApiProperty)({description:"User ID"}),(0,import_class_validator3.IsUUID)()],AssignUserRolesDto.prototype,"userId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Company ID (for company-wide or branch-specific assignments)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],AssignUserRolesDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Branch ID (null = company-wide, set = branch-specific)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],AssignUserRolesDto.prototype,"branchId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Array of roles to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator3.IsArray)(),(0,import_class_validator3.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignUserRolesDto.prototype,"items",2);var GetUserActionsDto=class{static{__name(this,"GetUserActionsDto")}companyId;branchId};__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Company ID (ignored when enableCompanyFeature is false)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],GetUserActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],GetUserActionsDto.prototype,"branchId",2);var GetUserRolesDto=class{static{__name(this,"GetUserRolesDto")}companyId;branchId};__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Company ID (ignored when enableCompanyFeature is false)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],GetUserRolesDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],GetUserRolesDto.prototype,"branchId",2);var UserActionResponseDto=class{static{__name(this,"UserActionResponseDto")}id;userId;actionId;actionCode;actionName;branchId;createdAt};__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"userId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)()],UserActionResponseDto.prototype,"branchId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserActionResponseDto.prototype,"createdAt",2);var RoleActionResponseDto=class{static{__name(this,"RoleActionResponseDto")}id;roleId;actionId;actionCode;actionName;createdAt};__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"roleId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger5.ApiProperty)()],RoleActionResponseDto.prototype,"createdAt",2);var CompanyActionResponseDto=class{static{__name(this,"CompanyActionResponseDto")}id;companyId;actionId;actionCode;actionName;createdAt};__decorateClass([(0,import_swagger5.ApiProperty)({description:"Permission ID"})],CompanyActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Company ID"})],CompanyActionResponseDto.prototype,"companyId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Action ID"})],CompanyActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Action Code"})],CompanyActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Action Name"})],CompanyActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"When this permission was created"})],CompanyActionResponseDto.prototype,"createdAt",2);var UserRoleResponseDto=class{static{__name(this,"UserRoleResponseDto")}id;userId;roleId;roleName;branchId;createdAt};__decorateClass([(0,import_swagger5.ApiProperty)()],UserRoleResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserRoleResponseDto.prototype,"userId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserRoleResponseDto.prototype,"roleId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserRoleResponseDto.prototype,"roleName",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)()],UserRoleResponseDto.prototype,"branchId",2);__decorateClass([(0,import_swagger5.ApiProperty)()],UserRoleResponseDto.prototype,"createdAt",2);var FrontendActionDto=class{static{__name(this,"FrontendActionDto")}id;code;name;description};__decorateClass([(0,import_swagger5.ApiProperty)()],FrontendActionDto.prototype,"id",2);__decorateClass([(0,import_swagger5.ApiProperty)()],FrontendActionDto.prototype,"code",2);__decorateClass([(0,import_swagger5.ApiProperty)()],FrontendActionDto.prototype,"name",2);__decorateClass([(0,import_swagger5.ApiPropertyOptional)()],FrontendActionDto.prototype,"description",2);var MyPermissionsQueryDto=class{static{__name(this,"MyPermissionsQueryDto")}parentCodes};__decorateClass([(0,import_swagger5.ApiPropertyOptional)({description:"Filter by parent action codes",example:["user","role"],type:[String]}),(0,import_class_validator3.IsArray)(),(0,import_class_validator3.IsString)({each:true}),(0,import_class_validator3.IsOptional)()],MyPermissionsQueryDto.prototype,"parentCodes",2);var MyPermissionsResponseDto=class{static{__name(this,"MyPermissionsResponseDto")}frontendActions;cachedEndpoints};__decorateClass([(0,import_swagger5.ApiProperty)({type:[FrontendActionDto]})],MyPermissionsResponseDto.prototype,"frontendActions",2);__decorateClass([(0,import_swagger5.ApiProperty)({description:"Number of endpoint actions cached for PermissionGuard"})],MyPermissionsResponseDto.prototype,"cachedEndpoints",2);var PermissionOperationResultDto=class{static{__name(this,"PermissionOperationResultDto")}success;added;removed;message};__decorateClass([(0,import_swagger5.ApiProperty)()],PermissionOperationResultDto.prototype,"success",2);__decorateClass([(0,import_swagger5.ApiProperty)()],PermissionOperationResultDto.prototype,"added",2);__decorateClass([(0,import_swagger5.ApiProperty)()],PermissionOperationResultDto.prototype,"removed",2);__decorateClass([(0,import_swagger5.ApiProperty)()],PermissionOperationResultDto.prototype,"message",2);var CompanyActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignCompanyActions(dto){return this.permissionService.assignCompanyActions(dto)}async getCompanyActions(companyId,query){const actions=await this.permissionService.getCompanyActions(companyId);return{success:true,message:"Company actions retrieved successfully",data:actions}}};__name(CompanyActionPermissionController,"CompanyActionPermissionController");__decorateClass([(0,import_common5.Post)("company-actions/assign"),(0,import_swagger6.ApiOperation)({summary:"Whitelist actions for company",description:"Controls which actions are available to company users/roles."}),(0,import_swagger6.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common5.Body)())],CompanyActionPermissionController.prototype,"assignCompanyActions",1);__decorateClass([(0,import_common5.Get)("company-actions/:companyId"),(0,import_swagger6.ApiOperation)({summary:"Get company whitelisted actions",description:"Returns actions available to company."}),(0,import_swagger6.ApiResponse)({status:200,type:import_nestjs_shared4.SingleResponseDto}),__decorateParam(0,(0,import_common5.Param)("companyId")),__decorateParam(1,(0,import_common5.Query)())],CompanyActionPermissionController.prototype,"getCompanyActions",1);CompanyActionPermissionController=__decorateClass([(0,import_swagger6.ApiTags)("IAM - Company Action Permissions"),(0,import_common5.Controller)("iam/permissions"),(0,import_common5.UseGuards)(import_nestjs_shared4.JwtAuthGuard),(0,import_swagger6.ApiBearerAuth)()],CompanyActionPermissionController);var import_nestjs_shared5=require("@flusys/nestjs-shared");var import_guards2=require("@flusys/nestjs-shared/guards");var import_common6=require("@nestjs/common");var import_swagger7=require("@nestjs/swagger");var MyPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async getMyPermissions(query,user){return this.permissionService.getMyPermissions(user.id,user.branchId??null,user.companyId??null,query.parentCodes)}};__name(MyPermissionController,"MyPermissionController");__decorateClass([(0,import_common6.Post)("my-permissions"),(0,import_swagger7.ApiOperation)({summary:"Get current user permissions",description:"Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes."}),(0,import_swagger7.ApiResponse)({status:200,type:MyPermissionsResponseDto}),(0,import_swagger7.ApiResponse)({status:401,description:"Unauthorized"}),__decorateParam(0,(0,import_common6.Body)()),__decorateParam(1,(0,import_nestjs_shared5.CurrentUser)())],MyPermissionController.prototype,"getMyPermissions",1);MyPermissionController=__decorateClass([(0,import_swagger7.ApiTags)("IAM - My Permissions"),(0,import_common6.Controller)("iam/permissions"),(0,import_common6.UseGuards)(import_guards2.JwtAuthGuard),(0,import_swagger7.ApiBearerAuth)()],MyPermissionController);var import_nestjs_shared6=require("@flusys/nestjs-shared");var import_common7=require("@nestjs/common");var import_swagger8=require("@nestjs/swagger");var RolePermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignRoleActions(dto){return this.permissionService.assignRoleActions(dto)}async getRoleActions(roleId,query){const actions=await this.permissionService.getRoleActions(roleId);return{success:true,message:"Role actions retrieved successfully",data:actions}}async assignUserRoles(dto){return this.permissionService.assignUserRoles(dto)}async getUserRoles(userId,query){const roles=await this.permissionService.getUserRoles(userId,query.branchId,query.companyId);return{success:true,message:"User roles retrieved successfully",data:roles}}};__name(RolePermissionController,"RolePermissionController");__decorateClass([(0,import_common7.Post)("role-actions/assign"),(0,import_swagger8.ApiOperation)({summary:"Assign/remove actions to/from role",description:"RBAC mode. No branch scoping."}),(0,import_swagger8.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common7.Body)())],RolePermissionController.prototype,"assignRoleActions",1);__decorateClass([(0,import_common7.Get)("role-actions/:roleId"),(0,import_swagger8.ApiOperation)({summary:"Get role actions",description:"Returns actions assigned to role."}),(0,import_swagger8.ApiResponse)({status:200,type:import_nestjs_shared6.SingleResponseDto}),__decorateParam(0,(0,import_common7.Param)("roleId")),__decorateParam(1,(0,import_common7.Query)())],RolePermissionController.prototype,"getRoleActions",1);__decorateClass([(0,import_common7.Post)("user-roles/assign"),(0,import_swagger8.ApiOperation)({summary:"Assign/remove roles to/from user",description:"RBAC mode. If company feature enabled, branchId is required."}),(0,import_swagger8.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common7.Body)())],RolePermissionController.prototype,"assignUserRoles",1);__decorateClass([(0,import_common7.Get)("user-roles/:userId"),(0,import_swagger8.ApiOperation)({summary:"Get user roles",description:"Returns roles assigned to user. Filter by companyId and branchId."}),(0,import_swagger8.ApiResponse)({status:200,type:import_nestjs_shared6.SingleResponseDto}),__decorateParam(0,(0,import_common7.Param)("userId")),__decorateParam(1,(0,import_common7.Query)())],RolePermissionController.prototype,"getUserRoles",1);RolePermissionController=__decorateClass([(0,import_swagger8.ApiTags)("IAM - Role Permissions"),(0,import_common7.Controller)("iam/permissions"),(0,import_common7.UseGuards)(import_nestjs_shared6.JwtAuthGuard),(0,import_swagger8.ApiBearerAuth)()],RolePermissionController);var import_nestjs_shared7=require("@flusys/nestjs-shared");var import_common8=require("@nestjs/common");var import_swagger9=require("@nestjs/swagger");var UserActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignUserActions(dto){return this.permissionService.assignUserActions(dto)}async getUserActions(userId,query){const actions=await this.permissionService.getUserActions(userId,query.branchId,query.companyId);return{success:true,message:"User actions retrieved successfully",data:actions}}};__name(UserActionPermissionController,"UserActionPermissionController");__decorateClass([(0,import_common8.Post)("user-actions/assign"),(0,import_swagger9.ApiOperation)({summary:"Assign/remove actions to/from user",description:"Direct permissions. If company feature enabled, branchId is required."}),(0,import_swagger9.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common8.Body)())],UserActionPermissionController.prototype,"assignUserActions",1);__decorateClass([(0,import_common8.Get)("user-actions/:userId"),(0,import_swagger9.ApiOperation)({summary:"Get user direct actions",description:"Returns direct action permissions for user. Filter by companyId and branchId."}),(0,import_swagger9.ApiResponse)({status:200,type:import_nestjs_shared7.SingleResponseDto}),__decorateParam(0,(0,import_common8.Param)("userId")),__decorateParam(1,(0,import_common8.Query)())],UserActionPermissionController.prototype,"getUserActions",1);UserActionPermissionController=__decorateClass([(0,import_swagger9.ApiTags)("IAM - User Action Permissions"),(0,import_common8.Controller)("iam/permissions"),(0,import_common8.UseGuards)(import_nestjs_shared7.JwtAuthGuard),(0,import_swagger9.ApiBearerAuth)()],UserActionPermissionController);0&&(module.exports={ActionController,CompanyActionPermissionController,MyPermissionController,RoleController,RolePermissionController,UserActionPermissionController});

package/cjs/docs-index.js ADDED Viewed

@@ -0,0 +1,79 @@
+"use strict";var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __hasOwnProp=Object.prototype.hasOwnProperty;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from==="object"||typeof from==="function"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toCommonJS=mod=>__copyProps(__defProp({},"__esModule",{value:true}),mod);var index_exports={};__export(index_exports,{iamSwaggerConfig:()=>iamSwaggerConfig});module.exports=__toCommonJS(index_exports);var AUTH_RELATED_TAGS=["Authentication","Users","Companies","Branches","User Permissions","Company Selection"];function iamSwaggerConfig(enableCompanyFeature=false,permissionMode=3){const excludeSchemaProperties=enableCompanyFeature?[]:[{schemaName:"AssignUserActionsDto",properties:["companyId","branchId"]},{schemaName:"AssignUserRolesDto",properties:["companyId","branchId"]},{schemaName:"GetUserActionsDto",properties:["companyId","branchId"]},{schemaName:"GetUserRolesDto",properties:["companyId","branchId"]},{schemaName:"UserActionResponseDto",properties:["branchId"]},{schemaName:"UserRoleResponseDto",properties:["branchId"]},{schemaName:"AssignCompanyActionsDto",properties:["companyId"]},{schemaName:"CompanyActionResponseDto",properties:["companyId"]}];const excludeQueryParameters=enableCompanyFeature?[]:[{pathPattern:"/iam/permissions/user-actions/*",method:"get",parameters:["companyId","branchId"]},{pathPattern:"/iam/permissions/user-roles/*",method:"get",parameters:["companyId","branchId"]}];const excludeTags=[...AUTH_RELATED_TAGS];if(!enableCompanyFeature){excludeTags.push("IAM - Company Action Permissions")}if(permissionMode===1){excludeTags.push("IAM - Permissions (Direct)")}else if(permissionMode===2){excludeTags.push("IAM - Permissions (RBAC)");excludeTags.push("IAM - Roles")}return{title:"IAM API",description:`
+## Identity & Access Management API
+Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
+### Current Configuration
+- **Permission Mode**: ${permissionMode===1?"**RBAC** (Role-Based Access Control)":permissionMode===2?"**DIRECT** (Direct User Permissions)":"**FULL** (RBAC + Direct)"}${enableCompanyFeature?"\n- **Company Feature**: Enabled (Multi-tenant with company/branch scoping)":"\n- **Company Feature**: Disabled"}
+### Features Based on Mode
+${permissionMode===1||permissionMode===3?`#### RBAC Features (Active)
+- **Roles**: Create company-scoped roles${enableCompanyFeature?" (auto-filtered by user company)":""}
+- **Role-Actions**: Assign actions to roles
+- **User-Roles**: Assign roles to users${enableCompanyFeature?" at branch level":""}
+`:""}${permissionMode===2||permissionMode===3?`#### Direct Permission Features (Active)
+- **User-Actions**: Direct action assignment to users${enableCompanyFeature?" at branch level":""}
+`:""}${enableCompanyFeature?`#### Company Features (Active)
+- **Company-Action Whitelist**: Control which actions are available per company
+- **Branch-Based Scoping**: Permissions scoped to specific branches
+- **Auto-Filtering**: Roles automatically filtered by user's company
+- **Action Tree Filtering**: Available actions filtered by company whitelist
+`:""}
+### Core Concepts
+#### Actions
+Represent permissions in the system. Can be hierarchical.
+**Action Types:**
+- \`menu\` - Menu visibility (actions with type='menu' are used as menus)
+- \`endpoint\` - API endpoint access
+- \`frontend\` - Frontend feature toggles
+${permissionMode===1||permissionMode===3?`
+#### Roles
+Collections of actions that can be assigned to users.${enableCompanyFeature?" Scoped to companies.":" Global across the system."}
+`:""}${enableCompanyFeature?`
+#### Company-Action Whitelist
+Controls which actions are available to a company. Users/roles can only use whitelisted actions.
+**Flow:**
+1. Admin assigns actions to company (whitelist)
+2. Only whitelisted actions appear in permission assignment UIs
+3. Users/roles cannot be assigned non-whitelisted actions
+`:""}
+### Permission Resolution
+${permissionMode===3?`1. **Company-Action Whitelist** - Filter by company (if enabled)
+2. **UserAction (DENY)** - Explicit denials take precedence
+3. **UserAction (GRANT)** - Direct user grants
+4. **UserRole \u2192 RoleAction** - Inherited from assigned roles
+5. **Action Permission Logic** - Complex AND/OR rules`:permissionMode===1?`1. **Company-Action Whitelist** - Filter by company (if enabled)
+2. **UserRole \u2192 RoleAction** - Actions inherited from roles
+3. **Action Permission Logic** - Complex AND/OR rules`:`1. **Company-Action Whitelist** - Filter by company (if enabled)
+2. **UserAction (DENY)** - Explicit denials take precedence
+3. **UserAction (GRANT)** - Direct user grants
+4. **Action Permission Logic** - Complex AND/OR rules`}
+### API Endpoints Summary
+#### Available Endpoints
+- \u2705 **Actions**: CRUD operations, tree view${enableCompanyFeature?", filtered tree for permissions":""}${permissionMode===1||permissionMode===3?`
+- \u2705 **Roles**: CRUD operations${enableCompanyFeature?" (auto-filtered by company)":""}
+- \u2705 **Role-Actions**: Assign actions to roles, get role actions
+- \u2705 **User-Roles**: Assign roles to users, get user roles`:`
+- \u274C **Roles**: Disabled (RBAC mode not active)`}${permissionMode===2||permissionMode===3?`
+- \u2705 **User-Actions**: Direct action assignment to users`:`
+- \u274C **User-Actions**: Disabled (DIRECT mode not active)`}${enableCompanyFeature?`
+- \u2705 **Company-Actions**: Whitelist actions for companies`:`
+- \u274C **Company-Actions**: Disabled (company feature not enabled)`}
+- \u2705 **My Permissions**: Get current user's complete permissions (includes menu-type actions)
+### Best Practices
+1. **Action Codes**: Use meaningful codes like \`user.create\`, \`order.view\`
+2. **Hierarchical Actions**: Group related actions (use parentId for hierarchy)${permissionMode===1||permissionMode===3?`
+3. **Role Design**: Create roles for common permission patterns`:""}${permissionMode===2||permissionMode===3?`
+${permissionMode===3?"4":"3"}. **Direct Actions**: Use sparingly for exceptions`:""}${enableCompanyFeature?`
+${permissionMode===3?"5":"4"}. **Company Whitelisting**: Set up action whitelist before assigning permissions
+${permissionMode===3?"6":"5"}. **Branch Scoping**: Use branches for location-based access control`:""}
+  `,version:"1.0",path:"api/docs/iam",bearerAuth:true,excludeSchemaProperties,excludeTags,excludeQueryParameters}}__name(iamSwaggerConfig,"iamSwaggerConfig");0&&(module.exports={iamSwaggerConfig});

package/cjs/dtos-index.js ADDED Viewed

@@ -0,0 +1 @@

package/cjs/entities-index.js ADDED Viewed

@@ -0,0 +1 @@

package/cjs/enums-index.js ADDED Viewed

@@ -0,0 +1 @@

package/cjs/helpers-index.js ADDED Viewed

@@ -0,0 +1 @@