@flusys/nestjs-iam 0.1.0-alpha.1 → 0.1.0-beta.2

package/cjs/modules/iam.module.js

@@ -0,0 +1,237 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "IAMModule", {
+    enumerable: true,
+    get: function() {
+        return IAMModule;
+    }
+});
+const _modules = require("@flusys/nestjs-shared/modules");
+const _common = require("@nestjs/common");
+const _typeorm = require("@nestjs/typeorm");
+const _iamconstants = require("../config/iam.constants");
+const _controllers = require("../controllers");
+const _entities = require("../entities");
+const _permissiontypeenum = require("../enums/permission-type.enum");
+const _helpers = require("../helpers");
+const _services = require("../services");
+const _iamconfigservice = require("../services/iam-config.service");
+const _iamdatasourceprovider = require("../services/iam-datasource.provider");
+const _permissioncacheservice = require("../services/permission-cache.service");
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+let IAMModule = class IAMModule {
+    static getControllers(permissionMode, enableCompanyFeature) {
+        const baseControllers = [
+            _controllers.ActionController,
+            _controllers.MyPermissionController
+        ];
+        // Direct permission mode - user actions only
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.DIRECT) {
+            baseControllers.push(_controllers.UserActionPermissionController);
+        }
+        // RBAC mode - role actions and user roles only
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC) {
+            baseControllers.push(_controllers.RoleController);
+            baseControllers.push(_controllers.RolePermissionController);
+        }
+        // FULL mode - all permission controllers
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
+            baseControllers.push(_controllers.RoleController);
+            baseControllers.push(_controllers.UserActionPermissionController);
+            baseControllers.push(_controllers.RolePermissionController);
+        }
+        // Company action permissions - only if company feature enabled
+        if (enableCompanyFeature) {
+            baseControllers.push(_controllers.CompanyActionPermissionController);
+        }
+        return baseControllers;
+    }
+    static getEntities(permissionMode, enableCompanyFeature) {
+        // Core entities
+        const entities = [];
+        // Action entity - always included
+        entities.push(_entities.Action);
+        // Permission entity is always needed
+        if (enableCompanyFeature) {
+            entities.push(_entities.UserIamPermissionWithCompany);
+        } else {
+            entities.push(_entities.UserIamPermission);
+        }
+        // Role entity - Only for RBAC or FULL mode
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
+            if (enableCompanyFeature) {
+                entities.push(_entities.RoleWithCompany);
+            } else {
+                entities.push(_entities.Role);
+            }
+        }
+        return entities;
+    }
+    static getServices(permissionMode) {
+        const services = [
+            _services.ActionService,
+            _services.PermissionService,
+            _permissioncacheservice.PermissionCacheService,
+            _helpers.PermissionEvaluatorHelper
+        ];
+        // RoleService - Only for RBAC or FULL mode
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
+            services.push(_services.RoleService);
+        }
+        return services;
+    }
+    /**
+   * Create repository providers that use IAMDataSourceProvider
+   * This replaces TypeOrmModule.forFeature() functionality
+   */ static getRepositoryProviders(permissionMode, enableCompanyFeature) {
+        const entities = this.getEntities(permissionMode, enableCompanyFeature);
+        return entities.map((entity)=>({
+                provide: (0, _typeorm.getRepositoryToken)(entity),
+                scope: _common.Scope.REQUEST,
+                useFactory: async (dataSourceProvider)=>{
+                    return await dataSourceProvider.getRepository(entity);
+                },
+                inject: [
+                    _iamdatasourceprovider.IAMDataSourceProvider
+                ]
+            }));
+    }
+    static forRoot(options = {}) {
+        const { global = false, includeController = false } = options;
+        const databaseMode = options.bootstrapAppConfig?.databaseMode;
+        const enableCompanyFeature = options.bootstrapAppConfig?.enableCompanyFeature ?? false;
+        // Read permissionMode from bootstrap config using helper
+        const permissionMode = _helpers.PermissionModeHelper.fromString(options.bootstrapAppConfig?.permissionMode);
+        const isMultiTenant = databaseMode === 'multi-tenant';
+        const entities = this.getEntities(permissionMode, enableCompanyFeature);
+        const controllers = includeController ? this.getControllers(permissionMode, enableCompanyFeature) : [];
+        const providers = [
+            {
+                provide: _iamconstants.IAM_MODULE_OPTIONS,
+                useValue: options
+            },
+            _iamconfigservice.IAMConfigService,
+            _iamdatasourceprovider.IAMDataSourceProvider,
+            ...this.getServices(permissionMode)
+        ];
+        const imports = [
+            _modules.CacheModule,
+            _modules.UtilsModule
+        ];
+        const module = {
+            module: IAMModule,
+            imports,
+            controllers,
+            providers,
+            exports: [
+                _iamconfigservice.IAMConfigService,
+                _iamdatasourceprovider.IAMDataSourceProvider,
+                _services.ActionService,
+                _services.PermissionService,
+                _permissioncacheservice.PermissionCacheService,
+                _helpers.PermissionEvaluatorHelper,
+                ...permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL ? [
+                    _services.RoleService
+                ] : []
+            ]
+        };
+        if (global) {
+            return {
+                ...module,
+                global: true
+            };
+        }
+        return module;
+    }
+    static forRootAsync(asyncOptions) {
+        const { global = false, includeController = false, imports: externalImports = [] } = asyncOptions;
+        const databaseMode = asyncOptions.bootstrapAppConfig?.databaseMode;
+        const enableCompanyFeature = asyncOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
+        // Read permissionMode from bootstrap config using helper
+        const permissionMode = _helpers.PermissionModeHelper.fromString(asyncOptions.bootstrapAppConfig?.permissionMode);
+        const isMultiTenant = databaseMode === 'multi-tenant';
+        const entities = this.getEntities(permissionMode, enableCompanyFeature);
+        const controllers = includeController ? this.getControllers(permissionMode, enableCompanyFeature) : [];
+        const asyncProviders = this.createAsyncProviders(asyncOptions);
+        const providers = [
+            ...asyncProviders,
+            _iamconfigservice.IAMConfigService,
+            _iamdatasourceprovider.IAMDataSourceProvider,
+            ...this.getServices(permissionMode)
+        ];
+        const imports = [
+            ...externalImports,
+            _modules.CacheModule,
+            _modules.UtilsModule
+        ];
+        const module = {
+            module: IAMModule,
+            imports,
+            controllers,
+            providers,
+            exports: [
+                _iamconfigservice.IAMConfigService,
+                _iamdatasourceprovider.IAMDataSourceProvider,
+                _services.ActionService,
+                _services.PermissionService,
+                _permissioncacheservice.PermissionCacheService,
+                _helpers.PermissionEvaluatorHelper,
+                ...permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL ? [
+                    _services.RoleService
+                ] : []
+            ]
+        };
+        if (global) {
+            return {
+                ...module,
+                global: true
+            };
+        }
+        return module;
+    }
+    static createAsyncProviders(options) {
+        if (options.useExisting || options.useFactory) {
+            return [
+                this.createAsyncOptionsProvider(options)
+            ];
+        }
+        const useClass = options.useClass;
+        return [
+            this.createAsyncOptionsProvider(options),
+            {
+                provide: useClass,
+                useClass
+            }
+        ];
+    }
+    static createAsyncOptionsProvider(options) {
+        if (options.useFactory) {
+            return {
+                provide: _iamconstants.IAM_MODULE_OPTIONS,
+                useFactory: options.useFactory,
+                inject: options.inject || []
+            };
+        }
+        const inject = [
+            options.useClass || options.useExisting
+        ];
+        return {
+            provide: _iamconstants.IAM_MODULE_OPTIONS,
+            useFactory: async (optionsFactory)=>optionsFactory.createIAMOptions(),
+            inject
+        };
+    }
+    static forFeature(options = {}) {
+        return this.forRoot(options);
+    }
+};
+IAMModule = _ts_decorate([
+    (0, _common.Module)({})
+], IAMModule);

package/cjs/modules/index.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+_export_star(require("./iam.module"), exports);
+function _export_star(from, to) {
+    Object.keys(from).forEach(function(k) {
+        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
+            Object.defineProperty(to, k, {
+                enumerable: true,
+                get: function() {
+                    return from[k];
+                }
+            });
+        }
+    });
+    return from;
+}

package/cjs/services/action.service.js

@@ -0,0 +1,253 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "ActionService", {
+    enumerable: true,
+    get: function() {
+        return ActionService;
+    }
+});
+const _classes = require("@flusys/nestjs-shared/classes");
+const _modules = require("@flusys/nestjs-shared/modules");
+const _common = require("@nestjs/common");
+const _typeorm = require("typeorm");
+const _actionentity = require("../entities/action.entity");
+const _iamconfigservice = require("./iam-config.service");
+const _iamdatasourceprovider = require("./iam-datasource.provider");
+const _permissionservice = require("./permission.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let ActionService = class ActionService extends _classes.RequestScopedApiService {
+    /**
+   * Resolve entity class for this service
+   * @returns Action entity class
+   */ resolveEntity() {
+        return _actionentity.Action;
+    }
+    /**
+   * Get DataSource provider for this service
+   * @returns IAMDataSourceProvider instance
+   */ getDataSourceProvider() {
+        return this.dataSourceProvider;
+    }
+    // ==================== Entity Conversion ====================
+    async convertSingleDtoToEntity(dto, _user) {
+        if (!('id' in dto) || !dto.id) {
+            return dto;
+        }
+        const existingAction = await this.repository.findOne({
+            where: {
+                id: dto.id
+            }
+        });
+        if (!existingAction) {
+            throw new _common.NotFoundException(`Action with ID ${dto.id} not found`);
+        }
+        return {
+            ...existingAction,
+            ...dto
+        };
+    }
+    async getSelectQuery(query, _user, select) {
+        if (!select || !select.length) {
+            select = [
+                'id',
+                'name',
+                'code',
+                'description',
+                'actionType',
+                'permissionLogic',
+                'isActive',
+                'parentId',
+                'serial',
+                'createdAt'
+            ];
+        }
+        const selectFields = select.map((field)=>`${this.entityName}.${field}`);
+        query.select(selectFields);
+        return {
+            query,
+            isRaw: false
+        };
+    }
+    async getGlobalSearchQuery(query, search, _user) {
+        query.andWhere('(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)', {
+            search: `%${search}%`
+        });
+        return {
+            query,
+            isRaw: false
+        };
+    }
+    /**
+   * Override: Convert entity to response DTO
+   */ convertEntityToResponseDto(entity, _isRaw) {
+        return {
+            id: entity.id,
+            readOnly: entity.readOnly,
+            name: entity.name,
+            description: entity.description,
+            code: entity.code,
+            actionType: entity.actionType,
+            permissionLogic: entity.permissionLogic,
+            serial: entity.serial,
+            isActive: entity.isActive,
+            parentId: entity.parentId,
+            metadata: entity.metadata,
+            createdAt: entity.createdAt,
+            updatedAt: entity.updatedAt,
+            deletedAt: entity.deletedAt,
+            createdById: entity.createdById,
+            updatedById: entity.updatedById,
+            deletedById: entity.deletedById
+        };
+    }
+    /**
+   * Get actions available for permission assignment (filtered by company whitelist)
+   *
+   * @param user - Logged in user info
+   * @returns Array of actions with id, code, and name fields
+   */ async getActionsForPermission(user) {
+        await this.ensureRepositoryInitialized();
+        if (!user) {
+            throw new Error('User is required for getActionsForPermission');
+        }
+        const selectFields = [
+            'id',
+            'code',
+            'name',
+            'description',
+            'actionType',
+            'permissionLogic',
+            'isActive',
+            'parentId',
+            'serial'
+        ];
+        const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
+        if (enableCompanyFeature && user.companyId) {
+            const companyActionIds = await this.permissionService.getCompanyActionIds(user.companyId);
+            if (companyActionIds.length === 0) {
+                return [];
+            }
+            const actions = await this.repository.find({
+                where: {
+                    id: (0, _typeorm.In)(companyActionIds)
+                },
+                select: selectFields
+            });
+            return actions.map((action)=>this.convertEntityToResponseDto(action, false));
+        }
+        const actions = await this.repository.find({
+            select: selectFields
+        });
+        return actions.map((action)=>this.convertEntityToResponseDto(action, false));
+    }
+    /**
+   * Get actions in hierarchical tree structure
+   *
+   * @param user - Logged in user info for company filtering
+   * @param search - Optional search term (name or code)
+   * @param isActive - Optional filter by active status
+   * @param withDeleted - Include deleted actions (default: false)
+   * @returns Array of root actions with nested children
+   */ async getActionTree(user, search, isActive, withDeleted = false) {
+        await this.ensureRepositoryInitialized();
+        if (!user) {
+            throw new Error('User is required for getActionTree');
+        }
+        const query = this.repository.createQueryBuilder('action');
+        if (!withDeleted) {
+            query.andWhere('action.deletedAt IS NULL');
+        }
+        if (isActive !== undefined) {
+            query.andWhere('action.isActive = :isActive', {
+                isActive
+            });
+        }
+        if (search?.trim()) {
+            query.andWhere('(action.name LIKE :search OR action.code LIKE :search)', {
+                search: `%${search.trim()}%`
+            });
+        }
+        const actions = await query.orderBy('action.serial', 'ASC').getMany();
+        return this.buildActionTree(actions);
+    }
+    buildActionTree(actions) {
+        if (!actions?.length) {
+            return [];
+        }
+        const map = new Map();
+        const rootNodes = [];
+        for (const action of actions){
+            const treeNode = {
+                ...this.convertEntityToResponseDto(action, false),
+                children: []
+            };
+            map.set(action.id, treeNode);
+        }
+        for (const action of actions){
+            const node = map.get(action.id);
+            if (!node) {
+                continue;
+            }
+            if (action.parentId && map.has(action.parentId)) {
+                const parent = map.get(action.parentId);
+                if (parent?.children) {
+                    parent.children.push(node);
+                }
+            } else {
+                rootNodes.push(node);
+            }
+        }
+        return rootNodes;
+    }
+    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
+    constructor(cacheManager, utilsService, iamConfigService, dataSourceProvider, permissionService){
+        // Repository will be set asynchronously by RequestScopedApiService
+        super('action', null, cacheManager, utilsService, ActionService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "iamConfigService", void 0), _define_property(this, "dataSourceProvider", void 0), _define_property(this, "permissionService", void 0), _define_property(this, "logger", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.iamConfigService = iamConfigService, this.dataSourceProvider = dataSourceProvider, this.permissionService = permissionService, this.logger = new _common.Logger(ActionService.name);
+    }
+};
+ActionService = _ts_decorate([
+    (0, _common.Injectable)({
+        scope: _common.Scope.REQUEST
+    }),
+    _ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
+    _ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
+    _ts_param(2, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
+    _ts_param(3, (0, _common.Inject)(_iamdatasourceprovider.IAMDataSourceProvider)),
+    _ts_param(4, (0, _common.Inject)(_permissionservice.PermissionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
+        typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
+        typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService,
+        typeof _iamdatasourceprovider.IAMDataSourceProvider === "undefined" ? Object : _iamdatasourceprovider.IAMDataSourceProvider,
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
+    ])
+], ActionService);

package/cjs/services/iam-config.service.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "IAMConfigService", {
+    enumerable: true,
+    get: function() {
+        return IAMConfigService;
+    }
+});
+const _common = require("@nestjs/common");
+const _iamconstants = require("../config/iam.constants");
+const _permissiontypeenum = require("../enums/permission-type.enum");
+const _helpers = require("../helpers");
+const _iammoduleoptionsinterface = require("../interfaces/iam-module-options.interface");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let IAMConfigService = class IAMConfigService {
+    // ==================== Database Mode ====================
+    /**
+   * Get database mode (single or multi-tenant)
+   */ getDatabaseMode() {
+        return this.options.bootstrapAppConfig?.databaseMode ?? 'single';
+    }
+    /**
+   * Check if running in multi-tenant mode
+   */ isMultiTenant() {
+        return this.getDatabaseMode() === 'multi-tenant';
+    }
+    // ==================== Company Feature ====================
+    /**
+   * Get enable company feature flag
+   */ getEnableCompanyFeature() {
+        return this.options.bootstrapAppConfig?.enableCompanyFeature ?? false;
+    }
+    /**
+   * Check if company feature is enabled (alias for getEnableCompanyFeature)
+   */ isCompanyFeatureEnabled() {
+        return this.getEnableCompanyFeature();
+    }
+    // ==================== Permission Mode ====================
+    /**
+   * Get permission mode from bootstrap config
+   *
+   * **Note:** Reads from bootstrapAppConfig (not runtime config)
+   * because permissionMode affects entity/controller registration.
+   */ getPermissionMode() {
+        return _helpers.PermissionModeHelper.fromString(this.options.bootstrapAppConfig?.permissionMode);
+    }
+    /**
+   * Check if RBAC (role-based) permissions are enabled
+   */ isRbacEnabled() {
+        const mode = this.getPermissionMode();
+        return mode === _permissiontypeenum.IAMPermissionMode.RBAC || mode === _permissiontypeenum.IAMPermissionMode.FULL;
+    }
+    /**
+   * Check if direct (user-level) permissions are enabled
+   */ isDirectPermissionEnabled() {
+        const mode = this.getPermissionMode();
+        return mode === _permissiontypeenum.IAMPermissionMode.DIRECT || mode === _permissiontypeenum.IAMPermissionMode.FULL;
+    }
+    // ==================== Options ====================
+    getOptions() {
+        return this.options;
+    }
+    constructor(injectedOptions){
+        _define_property(this, "options", void 0);
+        this.options = injectedOptions ?? {
+            global: false,
+            includeController: false
+        };
+    }
+};
+IAMConfigService = _ts_decorate([
+    (0, _common.Injectable)(),
+    _ts_param(0, (0, _common.Optional)()),
+    _ts_param(0, (0, _common.Inject)(_iamconstants.IAM_MODULE_OPTIONS)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _iammoduleoptionsinterface.IAMModuleOptions === "undefined" ? Object : _iammoduleoptionsinterface.IAMModuleOptions
+    ])
+], IAMConfigService);