@flusys/nestjs-iam 0.1.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cjs/config-index.js +1 -0
- package/cjs/controllers-index.js +1 -0
- package/cjs/docs-index.js +79 -0
- package/cjs/dtos-index.js +1 -0
- package/cjs/entities-index.js +1 -0
- package/cjs/enums-index.js +1 -0
- package/cjs/helpers-index.js +1 -0
- package/cjs/index.js +79 -0
- package/cjs/interfaces-index.js +1 -0
- package/cjs/modules-index.js +1 -0
- package/cjs/services-index.js +1 -0
- package/cjs/types-index.js +1 -0
- package/config/iam.constants.d.ts +1 -0
- package/config/index.d.ts +1 -0
- package/controllers/action.controller.d.ts +20 -0
- package/controllers/company-action-permission.controller.d.ts +9 -0
- package/controllers/index.d.ts +6 -0
- package/controllers/my-permission.controller.d.ts +8 -0
- package/controllers/role-permission.controller.d.ts +11 -0
- package/controllers/role.controller.d.ts +17 -0
- package/controllers/user-action-permission.controller.d.ts +9 -0
- package/docs/iam-swagger.config.d.ts +3 -0
- package/docs/index.d.ts +1 -0
- package/dtos/action.dto.d.ts +52 -0
- package/dtos/index.d.ts +3 -0
- package/dtos/permission.dto.d.ts +92 -0
- package/dtos/role.dto.d.ts +36 -0
- package/entities/action-base.entity.d.ts +17 -0
- package/entities/action.entity.d.ts +3 -0
- package/entities/index.d.ts +16 -0
- package/entities/permission-base.entity.d.ts +30 -0
- package/entities/permission-with-company.entity.d.ts +5 -0
- package/entities/role-base.entity.d.ts +9 -0
- package/entities/role-with-company.entity.d.ts +4 -0
- package/entities/role.entity.d.ts +3 -0
- package/entities/user-iam-permission.entity.d.ts +4 -0
- package/enums/action-type.enum.d.ts +5 -0
- package/enums/index.d.ts +2 -0
- package/enums/permission-type.enum.d.ts +5 -0
- package/fesm/config-index.js +1 -0
- package/fesm/controllers-index.js +1 -0
- package/fesm/docs-index.js +79 -0
- package/fesm/dtos-index.js +1 -0
- package/fesm/entities-index.js +1 -0
- package/fesm/enums-index.js +1 -0
- package/fesm/helpers-index.js +1 -0
- package/fesm/index.js +79 -0
- package/fesm/interfaces-index.js +0 -0
- package/fesm/modules-index.js +1 -0
- package/fesm/services-index.js +1 -0
- package/fesm/types-index.js +1 -0
- package/helpers/index.d.ts +2 -0
- package/helpers/permission-evaluator.helper.d.ts +26 -0
- package/helpers/permission-mode.helper.d.ts +5 -0
- package/index.d.ts +11 -0
- package/interfaces/action.interface.d.ts +24 -0
- package/interfaces/iam-module-async-options.interface.d.ts +11 -0
- package/interfaces/iam-module-options.interface.d.ts +12 -0
- package/interfaces/index.d.ts +4 -0
- package/interfaces/role.interface.d.ts +16 -0
- package/modules/iam.module.d.ts +13 -0
- package/modules/index.d.ts +1 -0
- package/package.json +95 -0
- package/services/action.service.d.ts +35 -0
- package/services/iam-config.service.d.ts +15 -0
- package/services/iam-datasource.provider.d.ts +25 -0
- package/services/index.d.ts +6 -0
- package/services/permission-cache.service.d.ts +41 -0
- package/services/permission.service.d.ts +37 -0
- package/services/role.service.d.ts +35 -0
- package/types/index.d.ts +1 -0
- package/types/logic-node.type.d.ts +15 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};var __decorateParam=(index,decorator)=>(target,key)=>decorator(target,key,index);import{JwtAuthGuard}from"@flusys/nestjs-shared/guards";import{createApiController,CurrentUser,SingleResponseDto}from"@flusys/nestjs-shared";import{Body,Controller,Get,Inject as Inject2,Post,UseGuards}from"@nestjs/common";import{ApiBearerAuth,ApiOperation,ApiResponse,ApiTags}from"@nestjs/swagger";import{ApiProperty,PartialType}from"@nestjs/swagger";import{IsBoolean,IsEnum,IsInt,IsNotEmpty,IsOptional,IsString,IsUUID,MaxLength}from"class-validator";var ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{});var CreateActionDto=class{static{__name(this,"CreateActionDto")}name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata};__decorateClass([ApiProperty({description:"Action name",example:"View Users"}),IsString(),IsNotEmpty(),MaxLength(255)],CreateActionDto.prototype,"name",2);__decorateClass([ApiProperty({description:"Action description",example:"Permission to view user list",required:false}),IsString(),IsOptional(),MaxLength(500)],CreateActionDto.prototype,"description",2);__decorateClass([ApiProperty({description:"Unique code for programmatic reference",example:"user.view",required:false}),IsString(),IsOptional(),MaxLength(255)],CreateActionDto.prototype,"code",2);__decorateClass([ApiProperty({description:"Action type (backend for API endpoints, frontend for UI features)",enum:ActionType,example:"backend",default:"backend",required:false}),IsEnum(ActionType),IsOptional()],CreateActionDto.prototype,"actionType",2);__decorateClass([ApiProperty({description:"Permission logic (AND/OR rules)",required:false}),IsOptional()],CreateActionDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty({description:"Parent action ID for hierarchy",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID(),IsOptional()],CreateActionDto.prototype,"parentId",2);__decorateClass([ApiProperty({description:"Display order",required:false}),IsInt(),IsOptional()],CreateActionDto.prototype,"serial",2);__decorateClass([ApiProperty({description:"Active status",default:true,required:false}),IsBoolean(),IsOptional()],CreateActionDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Additional metadata",required:false}),IsOptional()],CreateActionDto.prototype,"metadata",2);var UpdateActionDto=class extends PartialType(CreateActionDto){static{__name(this,"UpdateActionDto")}id};__decorateClass([ApiProperty({description:"Action ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID(),IsNotEmpty()],UpdateActionDto.prototype,"id",2);var ActionResponseDto=class{static{__name(this,"ActionResponseDto")}id;readOnly;name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty()],ActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"name",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"description",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"code",2);__decorateClass([ApiProperty({enum:ActionType})],ActionResponseDto.prototype,"actionType",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"parentId",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"serial",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedById",2);var _ActionTreeDto=class _ActionTreeDto extends ActionResponseDto{static{__name(this,"ActionTreeDto")}children};__decorateClass([ApiProperty({type:__name(()=>[_ActionTreeDto],"type")})],_ActionTreeDto.prototype,"children",2);var ActionTreeDto=_ActionTreeDto;var ActionQueryDto=class{static{__name(this,"ActionQueryDto")}isActive;parentId};__decorateClass([ApiProperty({description:"Filter by active status",required:false}),IsBoolean(),IsOptional()],ActionQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Filter by parent ID",required:false}),IsUUID(),IsOptional()],ActionQueryDto.prototype,"parentId",2);var ActionTreeQueryDto=class{static{__name(this,"ActionTreeQueryDto")}search;isActive;withDeleted};__decorateClass([ApiProperty({description:"Search by name or code",example:"user",required:false}),IsString(),IsOptional()],ActionTreeQueryDto.prototype,"search",2);__decorateClass([ApiProperty({description:"Filter by active status",example:true,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Include deleted actions",default:false,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"withDeleted",2);import{RequestScopedApiService}from"@flusys/nestjs-shared/classes";import{Inject,Injectable,Logger,NotFoundException}from"@nestjs/common";import{In}from"typeorm";import{Entity,Index}from"typeorm";import{Identity}from"@flusys/nestjs-shared";import{Column,JoinColumn,ManyToOne,OneToMany}from"typeorm";var ActionBase=class extends Identity{static{__name(this,"ActionBase")}readOnly;name;description;code;actionType;permissionLogic;serial;isActive;parent;parentId;children;metadata};__decorateClass([Column({type:"boolean",nullable:false,default:false,name:"read_only"})],ActionBase.prototype,"readOnly",2);__decorateClass([Column({type:"varchar",length:255,nullable:false})],ActionBase.prototype,"name",2);__decorateClass([Column({type:"varchar",length:500,nullable:true})],ActionBase.prototype,"description",2);__decorateClass([Column({type:"varchar",length:255,nullable:true,unique:true})],ActionBase.prototype,"code",2);__decorateClass([Column({type:"enum",enum:ActionType,nullable:false,default:"backend",name:"action_type"})],ActionBase.prototype,"actionType",2);__decorateClass([Column("simple-json",{nullable:true,name:"permission_logic"})],ActionBase.prototype,"permissionLogic",2);__decorateClass([Column({type:"int",nullable:true})],ActionBase.prototype,"serial",2);__decorateClass([Column({type:"boolean",nullable:false,default:true,name:"is_active"})],ActionBase.prototype,"isActive",2);__decorateClass([ManyToOne("Action","children",{nullable:true,onDelete:"CASCADE"}),JoinColumn({name:"parent_id"})],ActionBase.prototype,"parent",2);__decorateClass([Column({type:"uuid",nullable:true,name:"parent_id"})],ActionBase.prototype,"parentId",2);__decorateClass([OneToMany("Action","parent")],ActionBase.prototype,"children",2);__decorateClass([Column("simple-json",{nullable:true})],ActionBase.prototype,"metadata",2);var Action=class extends ActionBase{};__name(Action,"Action");Action=__decorateClass([Entity({name:"action"}),Index(["parentId"])],Action);var ActionService=class extends RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider,permissionService){super("action",null,cacheManager,utilsService,ActionService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider;this.permissionService=permissionService}logger=new Logger(ActionService.name);resolveEntity(){return Action}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,_user){if(!("id"in dto)||!dto.id){return dto}const existingAction=await this.repository.findOne({where:{id:dto.id}});if(!existingAction){throw new NotFoundException(`Action with ID ${dto.id} not found`)}return{...existingAction,...dto}}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","code","description","actionType","permissionLogic","isActive","parentId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,code:entity.code,actionType:entity.actionType,permissionLogic:entity.permissionLogic,serial:entity.serial,isActive:entity.isActive,parentId:entity.parentId,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}async getActionsForPermission(user){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionsForPermission")}const selectFields=["id","code","name","description","actionType","permissionLogic","isActive","parentId","serial"];const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user.companyId){const companyActionIds=await this.permissionService.getCompanyActionIds(user.companyId);if(companyActionIds.length===0){return[]}const actions2=await this.repository.find({where:{id:In(companyActionIds)},select:selectFields});return actions2.map(action=>this.convertEntityToResponseDto(action,false))}const actions=await this.repository.find({select:selectFields});return actions.map(action=>this.convertEntityToResponseDto(action,false))}async getActionTree(user,search,isActive,withDeleted=false){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionTree")}const query=this.repository.createQueryBuilder("action");if(!withDeleted){query.andWhere("action.deletedAt IS NULL")}if(isActive!==void 0){query.andWhere("action.isActive = :isActive",{isActive})}if(search?.trim()){query.andWhere("(action.name LIKE :search OR action.code LIKE :search)",{search:`%${search.trim()}%`})}const actions=await query.orderBy("action.serial","ASC").getMany();return this.buildActionTree(actions)}buildActionTree(actions){if(!actions?.length){return[]}const map=new Map;const rootNodes=[];for(const action of actions){const treeNode={...this.convertEntityToResponseDto(action,false),children:[]};map.set(action.id,treeNode)}for(const action of actions){const node=map.get(action.id);if(!node){continue}if(action.parentId&&map.has(action.parentId)){const parent=map.get(action.parentId);if(parent?.children){parent.children.push(node)}}else{rootNodes.push(node)}}return rootNodes}};__name(ActionService,"ActionService");ActionService=__decorateClass([Injectable(),__decorateParam(0,Inject("CACHE_INSTANCE"))],ActionService);var ActionController=class extends createApiController(CreateActionDto,UpdateActionDto,ActionResponseDto){constructor(actionService){super(actionService);this.actionService=actionService}async getActionsForPermission(user){const actions=await this.actionService.getActionsForPermission(user);return{success:true,message:"Actions retrieved successfully",data:actions}}async getActionTree(query,user){const tree=await this.actionService.getActionTree(user,query.search,query.isActive,query.withDeleted);return{success:true,message:"Action tree retrieved successfully",data:tree}}};__name(ActionController,"ActionController");__decorateClass([Get("tree-for-permission"),UseGuards(JwtAuthGuard),ApiBearerAuth(),ApiOperation({summary:"Get actions for permission assignment",description:"Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist."}),ApiResponse({status:200,type:SingleResponseDto}),__decorateParam(0,CurrentUser())],ActionController.prototype,"getActionsForPermission",1);__decorateClass([Post("tree"),UseGuards(JwtAuthGuard),ApiBearerAuth(),ApiOperation({summary:"Get actions in hierarchical tree structure",description:"Returns all actions organized in a parent-child tree structure. Supports optional search and filtering."}),ApiResponse({status:200,description:"Actions tree retrieved successfully",type:SingleResponseDto}),__decorateParam(0,Body()),__decorateParam(1,CurrentUser())],ActionController.prototype,"getActionTree",1);ActionController=__decorateClass([ApiTags("IAM - Actions"),Controller("iam/actions"),__decorateParam(0,Inject2(ActionService))],ActionController);import{createApiController as createApiController2}from"@flusys/nestjs-shared/classes";import{Controller as Controller2,Inject as Inject4}from"@nestjs/common";import{ApiTags as ApiTags2}from"@nestjs/swagger";import{ApiProperty as ApiProperty2,PartialType as PartialType2}from"@nestjs/swagger";import{IsBoolean as IsBoolean2,IsInt as IsInt2,IsNotEmpty as IsNotEmpty2,IsOptional as IsOptional2,IsString as IsString2,IsUUID as IsUUID2,MaxLength as MaxLength2}from"class-validator";var CreateRoleDto=class{static{__name(this,"CreateRoleDto")}name;description;companyId;isActive;serial;metadata};__decorateClass([ApiProperty2({description:"Role name",example:"Manager"}),IsString2(),IsNotEmpty2(),MaxLength2(255)],CreateRoleDto.prototype,"name",2);__decorateClass([ApiProperty2({description:"Role description",example:"Management level access",required:false}),IsString2(),IsOptional2(),MaxLength2(500)],CreateRoleDto.prototype,"description",2);__decorateClass([ApiProperty2({description:"Company ID (scope role to specific company) - Only available when company feature is enabled",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID2(),IsOptional2()],CreateRoleDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Active status",default:true,required:false}),IsBoolean2(),IsOptional2()],CreateRoleDto.prototype,"isActive",2);__decorateClass([ApiProperty2({description:"Display order",required:false}),IsInt2(),IsOptional2()],CreateRoleDto.prototype,"serial",2);__decorateClass([ApiProperty2({description:"Additional metadata",required:false}),IsOptional2()],CreateRoleDto.prototype,"metadata",2);var UpdateRoleDto=class extends PartialType2(CreateRoleDto){static{__name(this,"UpdateRoleDto")}id};__decorateClass([ApiProperty2({description:"Role ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID2(),IsNotEmpty2()],UpdateRoleDto.prototype,"id",2);var RoleQueryDto=class{static{__name(this,"RoleQueryDto")}companyId;isActive};__decorateClass([ApiProperty2({description:"Filter by company ID - Only available when company feature is enabled",required:false}),IsUUID2(),IsOptional2()],RoleQueryDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Filter by active status",required:false}),IsBoolean2(),IsOptional2()],RoleQueryDto.prototype,"isActive",2);var RoleResponseDto=class{static{__name(this,"RoleResponseDto")}id;readOnly;name;description;companyId;isActive;serial;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"name",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"description",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"serial",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedById",2);import{RequestScopedApiService as RequestScopedApiService2}from"@flusys/nestjs-shared/classes";import{Inject as Inject3,Injectable as Injectable2,Logger as Logger2,NotFoundException as NotFoundException2}from"@nestjs/common";import{Column as Column3,Entity as Entity2,Index as Index2}from"typeorm";import{Identity as Identity2}from"@flusys/nestjs-shared";import{Column as Column2}from"typeorm";var RoleBase=class extends Identity2{static{__name(this,"RoleBase")}readOnly;name;description;isActive;serial;metadata};__decorateClass([Column2({type:"boolean",nullable:false,default:false,name:"read_only"})],RoleBase.prototype,"readOnly",2);__decorateClass([Column2({type:"varchar",length:255,nullable:false})],RoleBase.prototype,"name",2);__decorateClass([Column2({type:"varchar",length:500,nullable:true})],RoleBase.prototype,"description",2);__decorateClass([Column2({type:"boolean",nullable:false,default:true,name:"is_active"})],RoleBase.prototype,"isActive",2);__decorateClass([Column2({type:"int",nullable:true})],RoleBase.prototype,"serial",2);__decorateClass([Column2("simple-json",{nullable:true})],RoleBase.prototype,"metadata",2);var RoleWithCompany=class extends RoleBase{companyId};__name(RoleWithCompany,"RoleWithCompany");__decorateClass([Column3({type:"uuid",nullable:true,name:"company_id"})],RoleWithCompany.prototype,"companyId",2);RoleWithCompany=__decorateClass([Entity2({name:"role"}),Index2(["companyId"])],RoleWithCompany);import{Entity as Entity3}from"typeorm";var Role=class extends RoleBase{};__name(Role,"Role");Role=__decorateClass([Entity3({name:"role"})],Role);var RoleService=class extends RequestScopedApiService2{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider){super("role",null,cacheManager,utilsService,RoleService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new Logger2(RoleService.name);resolveEntity(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();return enableCompanyFeature?RoleWithCompany:Role}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,user){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let role={};let isUpdate=false;if("id"in dto&&dto.id&&typeof dto.id==="string"){const dbData=await this.repository.findOne({where:{id:dto.id}});if(!dbData){throw new NotFoundException2("Role not found")}role=dbData;isUpdate=true}role={...role,...dto};if(enableCompanyFeature){if(isUpdate){if(dto.companyId!==void 0){role.companyId=dto.companyId}if(!("companyId"in role)||role.companyId===void 0){role.companyId=user?.companyId??null}}else{role.companyId=dto.companyId??user?.companyId??null}}return role}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","description","isActive","companyId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(role.name LIKE :search OR role.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}async getExtraManipulateQuery(query,filterDto,user){const result=await super.getExtraManipulateQuery(query,filterDto,user);const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user?.companyId){query.andWhere("role.companyId = :companyId",{companyId:user.companyId})}return result}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,isActive:entity.isActive,serial:entity.serial,companyId:("companyId"in entity?entity.companyId:null)??null,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}};__name(RoleService,"RoleService");RoleService=__decorateClass([Injectable2(),__decorateParam(0,Inject3("CACHE_INSTANCE"))],RoleService);var RoleController=class extends createApiController2(CreateRoleDto,UpdateRoleDto,RoleResponseDto,{security:"jwt"}){constructor(roleService){super(roleService);this.roleService=roleService}};__name(RoleController,"RoleController");RoleController=__decorateClass([ApiTags2("IAM - Roles"),Controller2("iam/roles"),__decorateParam(0,Inject4(RoleService))],RoleController);import{JwtAuthGuard as JwtAuthGuard2,SingleResponseDto as SingleResponseDto2}from"@flusys/nestjs-shared";import{Body as Body2,Controller as Controller3,Get as Get2,Param,Post as Post2,Query,UseGuards as UseGuards2}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth2,ApiOperation as ApiOperation2,ApiResponse as ApiResponse2,ApiTags as ApiTags3}from"@nestjs/swagger";import{ApiProperty as ApiProperty3,ApiPropertyOptional}from"@nestjs/swagger";import{Type}from"class-transformer";import{IsArray,IsEnum as IsEnum2,IsOptional as IsOptional3,IsString as IsString3,IsUUID as IsUUID3,ValidateNested}from"class-validator";var PermissionAction=(PermissionAction2=>{PermissionAction2["ADD"]="add";PermissionAction2["REMOVE"]="remove";return PermissionAction2})(PermissionAction||{});var PermissionItemDto=class{static{__name(this,"PermissionItemDto")}id;action};__decorateClass([ApiProperty3({description:"ID of the target (action or role)"}),IsUUID3()],PermissionItemDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Action to perform",enum:PermissionAction,example:"add"}),IsEnum2(PermissionAction)],PermissionItemDto.prototype,"action",2);var AssignUserActionsDto=class{static{__name(this,"AssignUserActionsDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserActionsDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserActionsDto.prototype,"items",2);var AssignCompanyActionsDto=class{static{__name(this,"AssignCompanyActionsDto")}companyId;items};__decorateClass([ApiProperty3({description:"Company ID"}),IsUUID3()],AssignCompanyActionsDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove to company (whitelist)",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignCompanyActionsDto.prototype,"items",2);var AssignRoleActionsDto=class{static{__name(this,"AssignRoleActionsDto")}roleId;items};__decorateClass([ApiProperty3({description:"Role ID"}),IsUUID3()],AssignRoleActionsDto.prototype,"roleId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignRoleActionsDto.prototype,"items",2);var AssignUserRolesDto=class{static{__name(this,"AssignUserRolesDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserRolesDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of roles to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserRolesDto.prototype,"items",2);var GetUserActionsDto=class{static{__name(this,"GetUserActionsDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"branchId",2);var GetUserRolesDto=class{static{__name(this,"GetUserRolesDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"branchId",2);var UserActionResponseDto=class{static{__name(this,"UserActionResponseDto")}id;userId;actionId;actionCode;actionName;branchId;createdAt};__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionName",2);__decorateClass([ApiPropertyOptional()],UserActionResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"createdAt",2);var RoleActionResponseDto=class{static{__name(this,"RoleActionResponseDto")}id;roleId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"createdAt",2);var CompanyActionResponseDto=class{static{__name(this,"CompanyActionResponseDto")}id;companyId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3({description:"Permission ID"})],CompanyActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Company ID"})],CompanyActionResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Action ID"})],CompanyActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3({description:"Action Code"})],CompanyActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3({description:"Action Name"})],CompanyActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3({description:"When this permission was created"})],CompanyActionResponseDto.prototype,"createdAt",2);var UserRoleResponseDto=class{static{__name(this,"UserRoleResponseDto")}id;userId;roleId;roleName;branchId;createdAt};__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleName",2);__decorateClass([ApiPropertyOptional()],UserRoleResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"createdAt",2);var FrontendActionDto=class{static{__name(this,"FrontendActionDto")}id;code;name;description};__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"id",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"code",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"name",2);__decorateClass([ApiPropertyOptional()],FrontendActionDto.prototype,"description",2);var MyPermissionsQueryDto=class{static{__name(this,"MyPermissionsQueryDto")}parentCodes};__decorateClass([ApiPropertyOptional({description:"Filter by parent action codes",example:["user","role"],type:[String]}),IsArray(),IsString3({each:true}),IsOptional3()],MyPermissionsQueryDto.prototype,"parentCodes",2);var MyPermissionsResponseDto=class{static{__name(this,"MyPermissionsResponseDto")}frontendActions;cachedEndpoints};__decorateClass([ApiProperty3({type:[FrontendActionDto]})],MyPermissionsResponseDto.prototype,"frontendActions",2);__decorateClass([ApiProperty3({description:"Number of endpoint actions cached for PermissionGuard"})],MyPermissionsResponseDto.prototype,"cachedEndpoints",2);var PermissionOperationResultDto=class{static{__name(this,"PermissionOperationResultDto")}success;added;removed;message};__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"success",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"added",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"removed",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"message",2);var CompanyActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignCompanyActions(dto){return this.permissionService.assignCompanyActions(dto)}async getCompanyActions(companyId,query){const actions=await this.permissionService.getCompanyActions(companyId);return{success:true,message:"Company actions retrieved successfully",data:actions}}};__name(CompanyActionPermissionController,"CompanyActionPermissionController");__decorateClass([Post2("company-actions/assign"),ApiOperation2({summary:"Whitelist actions for company",description:"Controls which actions are available to company users/roles."}),ApiResponse2({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body2())],CompanyActionPermissionController.prototype,"assignCompanyActions",1);__decorateClass([Get2("company-actions/:companyId"),ApiOperation2({summary:"Get company whitelisted actions",description:"Returns actions available to company."}),ApiResponse2({status:200,type:SingleResponseDto2}),__decorateParam(0,Param("companyId")),__decorateParam(1,Query())],CompanyActionPermissionController.prototype,"getCompanyActions",1);CompanyActionPermissionController=__decorateClass([ApiTags3("IAM - Company Action Permissions"),Controller3("iam/permissions"),UseGuards2(JwtAuthGuard2),ApiBearerAuth2()],CompanyActionPermissionController);import{CurrentUser as CurrentUser2}from"@flusys/nestjs-shared";import{JwtAuthGuard as JwtAuthGuard3}from"@flusys/nestjs-shared/guards";import{Body as Body3,Controller as Controller4,Post as Post3,UseGuards as UseGuards3}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth3,ApiOperation as ApiOperation3,ApiResponse as ApiResponse3,ApiTags as ApiTags4}from"@nestjs/swagger";var MyPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async getMyPermissions(query,user){return this.permissionService.getMyPermissions(user.id,user.branchId??null,user.companyId??null,query.parentCodes)}};__name(MyPermissionController,"MyPermissionController");__decorateClass([Post3("my-permissions"),ApiOperation3({summary:"Get current user permissions",description:"Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes."}),ApiResponse3({status:200,type:MyPermissionsResponseDto}),ApiResponse3({status:401,description:"Unauthorized"}),__decorateParam(0,Body3()),__decorateParam(1,CurrentUser2())],MyPermissionController.prototype,"getMyPermissions",1);MyPermissionController=__decorateClass([ApiTags4("IAM - My Permissions"),Controller4("iam/permissions"),UseGuards3(JwtAuthGuard3),ApiBearerAuth3()],MyPermissionController);import{JwtAuthGuard as JwtAuthGuard4,SingleResponseDto as SingleResponseDto3}from"@flusys/nestjs-shared";import{Body as Body4,Controller as Controller5,Get as Get3,Param as Param2,Post as Post4,Query as Query2,UseGuards as UseGuards4}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth4,ApiOperation as ApiOperation4,ApiResponse as ApiResponse4,ApiTags as ApiTags5}from"@nestjs/swagger";var RolePermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignRoleActions(dto){return this.permissionService.assignRoleActions(dto)}async getRoleActions(roleId,query){const actions=await this.permissionService.getRoleActions(roleId);return{success:true,message:"Role actions retrieved successfully",data:actions}}async assignUserRoles(dto){return this.permissionService.assignUserRoles(dto)}async getUserRoles(userId,query){const roles=await this.permissionService.getUserRoles(userId,query.branchId,query.companyId);return{success:true,message:"User roles retrieved successfully",data:roles}}};__name(RolePermissionController,"RolePermissionController");__decorateClass([Post4("role-actions/assign"),ApiOperation4({summary:"Assign/remove actions to/from role",description:"RBAC mode. No branch scoping."}),ApiResponse4({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body4())],RolePermissionController.prototype,"assignRoleActions",1);__decorateClass([Get3("role-actions/:roleId"),ApiOperation4({summary:"Get role actions",description:"Returns actions assigned to role."}),ApiResponse4({status:200,type:SingleResponseDto3}),__decorateParam(0,Param2("roleId")),__decorateParam(1,Query2())],RolePermissionController.prototype,"getRoleActions",1);__decorateClass([Post4("user-roles/assign"),ApiOperation4({summary:"Assign/remove roles to/from user",description:"RBAC mode. If company feature enabled, branchId is required."}),ApiResponse4({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body4())],RolePermissionController.prototype,"assignUserRoles",1);__decorateClass([Get3("user-roles/:userId"),ApiOperation4({summary:"Get user roles",description:"Returns roles assigned to user. Filter by companyId and branchId."}),ApiResponse4({status:200,type:SingleResponseDto3}),__decorateParam(0,Param2("userId")),__decorateParam(1,Query2())],RolePermissionController.prototype,"getUserRoles",1);RolePermissionController=__decorateClass([ApiTags5("IAM - Role Permissions"),Controller5("iam/permissions"),UseGuards4(JwtAuthGuard4),ApiBearerAuth4()],RolePermissionController);import{JwtAuthGuard as JwtAuthGuard5,SingleResponseDto as SingleResponseDto4}from"@flusys/nestjs-shared";import{Body as Body5,Controller as Controller6,Get as Get4,Param as Param3,Post as Post5,Query as Query3,UseGuards as UseGuards5}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth5,ApiOperation as ApiOperation5,ApiResponse as ApiResponse5,ApiTags as ApiTags6}from"@nestjs/swagger";var UserActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignUserActions(dto){return this.permissionService.assignUserActions(dto)}async getUserActions(userId,query){const actions=await this.permissionService.getUserActions(userId,query.branchId,query.companyId);return{success:true,message:"User actions retrieved successfully",data:actions}}};__name(UserActionPermissionController,"UserActionPermissionController");__decorateClass([Post5("user-actions/assign"),ApiOperation5({summary:"Assign/remove actions to/from user",description:"Direct permissions. If company feature enabled, branchId is required."}),ApiResponse5({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body5())],UserActionPermissionController.prototype,"assignUserActions",1);__decorateClass([Get4("user-actions/:userId"),ApiOperation5({summary:"Get user direct actions",description:"Returns direct action permissions for user. Filter by companyId and branchId."}),ApiResponse5({status:200,type:SingleResponseDto4}),__decorateParam(0,Param3("userId")),__decorateParam(1,Query3())],UserActionPermissionController.prototype,"getUserActions",1);UserActionPermissionController=__decorateClass([ApiTags6("IAM - User Action Permissions"),Controller6("iam/permissions"),UseGuards5(JwtAuthGuard5),ApiBearerAuth5()],UserActionPermissionController);export{ActionController,CompanyActionPermissionController,MyPermissionController,RoleController,RolePermissionController,UserActionPermissionController};
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var AUTH_RELATED_TAGS=["Authentication","Users","Companies","Branches","User Permissions","Company Selection"];function iamSwaggerConfig(enableCompanyFeature=false,permissionMode=3){const excludeSchemaProperties=enableCompanyFeature?[]:[{schemaName:"AssignUserActionsDto",properties:["companyId","branchId"]},{schemaName:"AssignUserRolesDto",properties:["companyId","branchId"]},{schemaName:"GetUserActionsDto",properties:["companyId","branchId"]},{schemaName:"GetUserRolesDto",properties:["companyId","branchId"]},{schemaName:"UserActionResponseDto",properties:["branchId"]},{schemaName:"UserRoleResponseDto",properties:["branchId"]},{schemaName:"AssignCompanyActionsDto",properties:["companyId"]},{schemaName:"CompanyActionResponseDto",properties:["companyId"]}];const excludeQueryParameters=enableCompanyFeature?[]:[{pathPattern:"/iam/permissions/user-actions/*",method:"get",parameters:["companyId","branchId"]},{pathPattern:"/iam/permissions/user-roles/*",method:"get",parameters:["companyId","branchId"]}];const excludeTags=[...AUTH_RELATED_TAGS];if(!enableCompanyFeature){excludeTags.push("IAM - Company Action Permissions")}if(permissionMode===1){excludeTags.push("IAM - Permissions (Direct)")}else if(permissionMode===2){excludeTags.push("IAM - Permissions (RBAC)");excludeTags.push("IAM - Roles")}return{title:"IAM API",description:`
|
|
2
|
+
## Identity & Access Management API
|
|
3
|
+
|
|
4
|
+
Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
|
|
5
|
+
|
|
6
|
+
### Current Configuration
|
|
7
|
+
- **Permission Mode**: ${permissionMode===1?"**RBAC** (Role-Based Access Control)":permissionMode===2?"**DIRECT** (Direct User Permissions)":"**FULL** (RBAC + Direct)"}${enableCompanyFeature?"\n- **Company Feature**: Enabled (Multi-tenant with company/branch scoping)":"\n- **Company Feature**: Disabled"}
|
|
8
|
+
|
|
9
|
+
### Features Based on Mode
|
|
10
|
+
|
|
11
|
+
${permissionMode===1||permissionMode===3?`#### RBAC Features (Active)
|
|
12
|
+
- **Roles**: Create company-scoped roles${enableCompanyFeature?" (auto-filtered by user company)":""}
|
|
13
|
+
- **Role-Actions**: Assign actions to roles
|
|
14
|
+
- **User-Roles**: Assign roles to users${enableCompanyFeature?" at branch level":""}
|
|
15
|
+
`:""}${permissionMode===2||permissionMode===3?`#### Direct Permission Features (Active)
|
|
16
|
+
- **User-Actions**: Direct action assignment to users${enableCompanyFeature?" at branch level":""}
|
|
17
|
+
`:""}${enableCompanyFeature?`#### Company Features (Active)
|
|
18
|
+
- **Company-Action Whitelist**: Control which actions are available per company
|
|
19
|
+
- **Branch-Based Scoping**: Permissions scoped to specific branches
|
|
20
|
+
- **Auto-Filtering**: Roles automatically filtered by user's company
|
|
21
|
+
- **Action Tree Filtering**: Available actions filtered by company whitelist
|
|
22
|
+
`:""}
|
|
23
|
+
### Core Concepts
|
|
24
|
+
|
|
25
|
+
#### Actions
|
|
26
|
+
Represent permissions in the system. Can be hierarchical.
|
|
27
|
+
|
|
28
|
+
**Action Types:**
|
|
29
|
+
- \`menu\` - Menu visibility (actions with type='menu' are used as menus)
|
|
30
|
+
- \`endpoint\` - API endpoint access
|
|
31
|
+
- \`frontend\` - Frontend feature toggles
|
|
32
|
+
${permissionMode===1||permissionMode===3?`
|
|
33
|
+
#### Roles
|
|
34
|
+
Collections of actions that can be assigned to users.${enableCompanyFeature?" Scoped to companies.":" Global across the system."}
|
|
35
|
+
`:""}${enableCompanyFeature?`
|
|
36
|
+
#### Company-Action Whitelist
|
|
37
|
+
Controls which actions are available to a company. Users/roles can only use whitelisted actions.
|
|
38
|
+
|
|
39
|
+
**Flow:**
|
|
40
|
+
1. Admin assigns actions to company (whitelist)
|
|
41
|
+
2. Only whitelisted actions appear in permission assignment UIs
|
|
42
|
+
3. Users/roles cannot be assigned non-whitelisted actions
|
|
43
|
+
`:""}
|
|
44
|
+
### Permission Resolution
|
|
45
|
+
|
|
46
|
+
${permissionMode===3?`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
47
|
+
2. **UserAction (DENY)** - Explicit denials take precedence
|
|
48
|
+
3. **UserAction (GRANT)** - Direct user grants
|
|
49
|
+
4. **UserRole \u2192 RoleAction** - Inherited from assigned roles
|
|
50
|
+
5. **Action Permission Logic** - Complex AND/OR rules`:permissionMode===1?`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
51
|
+
2. **UserRole \u2192 RoleAction** - Actions inherited from roles
|
|
52
|
+
3. **Action Permission Logic** - Complex AND/OR rules`:`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
53
|
+
2. **UserAction (DENY)** - Explicit denials take precedence
|
|
54
|
+
3. **UserAction (GRANT)** - Direct user grants
|
|
55
|
+
4. **Action Permission Logic** - Complex AND/OR rules`}
|
|
56
|
+
|
|
57
|
+
### API Endpoints Summary
|
|
58
|
+
|
|
59
|
+
#### Available Endpoints
|
|
60
|
+
- \u2705 **Actions**: CRUD operations, tree view${enableCompanyFeature?", filtered tree for permissions":""}${permissionMode===1||permissionMode===3?`
|
|
61
|
+
- \u2705 **Roles**: CRUD operations${enableCompanyFeature?" (auto-filtered by company)":""}
|
|
62
|
+
- \u2705 **Role-Actions**: Assign actions to roles, get role actions
|
|
63
|
+
- \u2705 **User-Roles**: Assign roles to users, get user roles`:`
|
|
64
|
+
- \u274C **Roles**: Disabled (RBAC mode not active)`}${permissionMode===2||permissionMode===3?`
|
|
65
|
+
- \u2705 **User-Actions**: Direct action assignment to users`:`
|
|
66
|
+
- \u274C **User-Actions**: Disabled (DIRECT mode not active)`}${enableCompanyFeature?`
|
|
67
|
+
- \u2705 **Company-Actions**: Whitelist actions for companies`:`
|
|
68
|
+
- \u274C **Company-Actions**: Disabled (company feature not enabled)`}
|
|
69
|
+
- \u2705 **My Permissions**: Get current user's complete permissions (includes menu-type actions)
|
|
70
|
+
|
|
71
|
+
### Best Practices
|
|
72
|
+
|
|
73
|
+
1. **Action Codes**: Use meaningful codes like \`user.create\`, \`order.view\`
|
|
74
|
+
2. **Hierarchical Actions**: Group related actions (use parentId for hierarchy)${permissionMode===1||permissionMode===3?`
|
|
75
|
+
3. **Role Design**: Create roles for common permission patterns`:""}${permissionMode===2||permissionMode===3?`
|
|
76
|
+
${permissionMode===3?"4":"3"}. **Direct Actions**: Use sparingly for exceptions`:""}${enableCompanyFeature?`
|
|
77
|
+
${permissionMode===3?"5":"4"}. **Company Whitelisting**: Set up action whitelist before assigning permissions
|
|
78
|
+
${permissionMode===3?"6":"5"}. **Branch Scoping**: Use branches for location-based access control`:""}
|
|
79
|
+
`,version:"1.0",path:"api/docs/iam",bearerAuth:true,excludeSchemaProperties,excludeTags,excludeQueryParameters}}__name(iamSwaggerConfig,"iamSwaggerConfig");export{iamSwaggerConfig};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};import{ApiProperty,PartialType}from"@nestjs/swagger";import{IsBoolean,IsEnum,IsInt,IsNotEmpty,IsOptional,IsString,IsUUID,MaxLength}from"class-validator";var ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{});var CreateActionDto=class{static{__name(this,"CreateActionDto")}name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata};__decorateClass([ApiProperty({description:"Action name",example:"View Users"}),IsString(),IsNotEmpty(),MaxLength(255)],CreateActionDto.prototype,"name",2);__decorateClass([ApiProperty({description:"Action description",example:"Permission to view user list",required:false}),IsString(),IsOptional(),MaxLength(500)],CreateActionDto.prototype,"description",2);__decorateClass([ApiProperty({description:"Unique code for programmatic reference",example:"user.view",required:false}),IsString(),IsOptional(),MaxLength(255)],CreateActionDto.prototype,"code",2);__decorateClass([ApiProperty({description:"Action type (backend for API endpoints, frontend for UI features)",enum:ActionType,example:"backend",default:"backend",required:false}),IsEnum(ActionType),IsOptional()],CreateActionDto.prototype,"actionType",2);__decorateClass([ApiProperty({description:"Permission logic (AND/OR rules)",required:false}),IsOptional()],CreateActionDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty({description:"Parent action ID for hierarchy",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID(),IsOptional()],CreateActionDto.prototype,"parentId",2);__decorateClass([ApiProperty({description:"Display order",required:false}),IsInt(),IsOptional()],CreateActionDto.prototype,"serial",2);__decorateClass([ApiProperty({description:"Active status",default:true,required:false}),IsBoolean(),IsOptional()],CreateActionDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Additional metadata",required:false}),IsOptional()],CreateActionDto.prototype,"metadata",2);var UpdateActionDto=class extends PartialType(CreateActionDto){static{__name(this,"UpdateActionDto")}id};__decorateClass([ApiProperty({description:"Action ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID(),IsNotEmpty()],UpdateActionDto.prototype,"id",2);var ActionResponseDto=class{static{__name(this,"ActionResponseDto")}id;readOnly;name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty()],ActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"name",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"description",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"code",2);__decorateClass([ApiProperty({enum:ActionType})],ActionResponseDto.prototype,"actionType",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"parentId",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"serial",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedById",2);var _ActionTreeDto=class _ActionTreeDto extends ActionResponseDto{static{__name(this,"ActionTreeDto")}children};__decorateClass([ApiProperty({type:__name(()=>[_ActionTreeDto],"type")})],_ActionTreeDto.prototype,"children",2);var ActionTreeDto=_ActionTreeDto;var ActionQueryDto=class{static{__name(this,"ActionQueryDto")}isActive;parentId};__decorateClass([ApiProperty({description:"Filter by active status",required:false}),IsBoolean(),IsOptional()],ActionQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Filter by parent ID",required:false}),IsUUID(),IsOptional()],ActionQueryDto.prototype,"parentId",2);var ActionTreeQueryDto=class{static{__name(this,"ActionTreeQueryDto")}search;isActive;withDeleted};__decorateClass([ApiProperty({description:"Search by name or code",example:"user",required:false}),IsString(),IsOptional()],ActionTreeQueryDto.prototype,"search",2);__decorateClass([ApiProperty({description:"Filter by active status",example:true,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Include deleted actions",default:false,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"withDeleted",2);import{ApiProperty as ApiProperty2,PartialType as PartialType2}from"@nestjs/swagger";import{IsBoolean as IsBoolean2,IsInt as IsInt2,IsNotEmpty as IsNotEmpty2,IsOptional as IsOptional2,IsString as IsString2,IsUUID as IsUUID2,MaxLength as MaxLength2}from"class-validator";var CreateRoleDto=class{static{__name(this,"CreateRoleDto")}name;description;companyId;isActive;serial;metadata};__decorateClass([ApiProperty2({description:"Role name",example:"Manager"}),IsString2(),IsNotEmpty2(),MaxLength2(255)],CreateRoleDto.prototype,"name",2);__decorateClass([ApiProperty2({description:"Role description",example:"Management level access",required:false}),IsString2(),IsOptional2(),MaxLength2(500)],CreateRoleDto.prototype,"description",2);__decorateClass([ApiProperty2({description:"Company ID (scope role to specific company) - Only available when company feature is enabled",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID2(),IsOptional2()],CreateRoleDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Active status",default:true,required:false}),IsBoolean2(),IsOptional2()],CreateRoleDto.prototype,"isActive",2);__decorateClass([ApiProperty2({description:"Display order",required:false}),IsInt2(),IsOptional2()],CreateRoleDto.prototype,"serial",2);__decorateClass([ApiProperty2({description:"Additional metadata",required:false}),IsOptional2()],CreateRoleDto.prototype,"metadata",2);var UpdateRoleDto=class extends PartialType2(CreateRoleDto){static{__name(this,"UpdateRoleDto")}id};__decorateClass([ApiProperty2({description:"Role ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID2(),IsNotEmpty2()],UpdateRoleDto.prototype,"id",2);var RoleQueryDto=class{static{__name(this,"RoleQueryDto")}companyId;isActive};__decorateClass([ApiProperty2({description:"Filter by company ID - Only available when company feature is enabled",required:false}),IsUUID2(),IsOptional2()],RoleQueryDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Filter by active status",required:false}),IsBoolean2(),IsOptional2()],RoleQueryDto.prototype,"isActive",2);var RoleResponseDto=class{static{__name(this,"RoleResponseDto")}id;readOnly;name;description;companyId;isActive;serial;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"name",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"description",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"serial",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedById",2);import{ApiProperty as ApiProperty3,ApiPropertyOptional}from"@nestjs/swagger";import{Type}from"class-transformer";import{IsArray,IsEnum as IsEnum2,IsOptional as IsOptional3,IsString as IsString3,IsUUID as IsUUID3,ValidateNested}from"class-validator";var PermissionAction=(PermissionAction2=>{PermissionAction2["ADD"]="add";PermissionAction2["REMOVE"]="remove";return PermissionAction2})(PermissionAction||{});var PermissionItemDto=class{static{__name(this,"PermissionItemDto")}id;action};__decorateClass([ApiProperty3({description:"ID of the target (action or role)"}),IsUUID3()],PermissionItemDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Action to perform",enum:PermissionAction,example:"add"}),IsEnum2(PermissionAction)],PermissionItemDto.prototype,"action",2);var AssignUserActionsDto=class{static{__name(this,"AssignUserActionsDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserActionsDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserActionsDto.prototype,"items",2);var AssignCompanyActionsDto=class{static{__name(this,"AssignCompanyActionsDto")}companyId;items};__decorateClass([ApiProperty3({description:"Company ID"}),IsUUID3()],AssignCompanyActionsDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove to company (whitelist)",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignCompanyActionsDto.prototype,"items",2);var AssignRoleActionsDto=class{static{__name(this,"AssignRoleActionsDto")}roleId;items};__decorateClass([ApiProperty3({description:"Role ID"}),IsUUID3()],AssignRoleActionsDto.prototype,"roleId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignRoleActionsDto.prototype,"items",2);var AssignUserRolesDto=class{static{__name(this,"AssignUserRolesDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserRolesDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of roles to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserRolesDto.prototype,"items",2);var GetUserActionsDto=class{static{__name(this,"GetUserActionsDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"branchId",2);var GetRoleActionsDto=class{static{__name(this,"GetRoleActionsDto")}};var GetCompanyActionsDto=class{static{__name(this,"GetCompanyActionsDto")}};var GetUserRolesDto=class{static{__name(this,"GetUserRolesDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"branchId",2);var UserActionResponseDto=class{static{__name(this,"UserActionResponseDto")}id;userId;actionId;actionCode;actionName;branchId;createdAt};__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionName",2);__decorateClass([ApiPropertyOptional()],UserActionResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"createdAt",2);var RoleActionResponseDto=class{static{__name(this,"RoleActionResponseDto")}id;roleId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"createdAt",2);var CompanyActionResponseDto=class{static{__name(this,"CompanyActionResponseDto")}id;companyId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3({description:"Permission ID"})],CompanyActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Company ID"})],CompanyActionResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Action ID"})],CompanyActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3({description:"Action Code"})],CompanyActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3({description:"Action Name"})],CompanyActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3({description:"When this permission was created"})],CompanyActionResponseDto.prototype,"createdAt",2);var UserRoleResponseDto=class{static{__name(this,"UserRoleResponseDto")}id;userId;roleId;roleName;branchId;createdAt};__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleName",2);__decorateClass([ApiPropertyOptional()],UserRoleResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"createdAt",2);var FrontendActionDto=class{static{__name(this,"FrontendActionDto")}id;code;name;description};__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"id",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"code",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"name",2);__decorateClass([ApiPropertyOptional()],FrontendActionDto.prototype,"description",2);var MyPermissionsQueryDto=class{static{__name(this,"MyPermissionsQueryDto")}parentCodes};__decorateClass([ApiPropertyOptional({description:"Filter by parent action codes",example:["user","role"],type:[String]}),IsArray(),IsString3({each:true}),IsOptional3()],MyPermissionsQueryDto.prototype,"parentCodes",2);var MyPermissionsResponseDto=class{static{__name(this,"MyPermissionsResponseDto")}frontendActions;cachedEndpoints};__decorateClass([ApiProperty3({type:[FrontendActionDto]})],MyPermissionsResponseDto.prototype,"frontendActions",2);__decorateClass([ApiProperty3({description:"Number of endpoint actions cached for PermissionGuard"})],MyPermissionsResponseDto.prototype,"cachedEndpoints",2);var PermissionOperationResultDto=class{static{__name(this,"PermissionOperationResultDto")}success;added;removed;message};__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"success",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"added",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"removed",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"message",2);export{ActionQueryDto,ActionResponseDto,ActionTreeDto,ActionTreeQueryDto,AssignCompanyActionsDto,AssignRoleActionsDto,AssignUserActionsDto,AssignUserRolesDto,CompanyActionResponseDto,CreateActionDto,CreateRoleDto,FrontendActionDto,GetCompanyActionsDto,GetRoleActionsDto,GetUserActionsDto,GetUserRolesDto,MyPermissionsQueryDto,MyPermissionsResponseDto,PermissionAction,PermissionItemDto,PermissionOperationResultDto,RoleActionResponseDto,RoleQueryDto,RoleResponseDto,UpdateActionDto,UpdateRoleDto,UserActionResponseDto,UserRoleResponseDto};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};import{Identity}from"@flusys/nestjs-shared";import{Column,JoinColumn,ManyToOne,OneToMany}from"typeorm";var ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{});var ActionBase=class extends Identity{static{__name(this,"ActionBase")}readOnly;name;description;code;actionType;permissionLogic;serial;isActive;parent;parentId;children;metadata};__decorateClass([Column({type:"boolean",nullable:false,default:false,name:"read_only"})],ActionBase.prototype,"readOnly",2);__decorateClass([Column({type:"varchar",length:255,nullable:false})],ActionBase.prototype,"name",2);__decorateClass([Column({type:"varchar",length:500,nullable:true})],ActionBase.prototype,"description",2);__decorateClass([Column({type:"varchar",length:255,nullable:true,unique:true})],ActionBase.prototype,"code",2);__decorateClass([Column({type:"enum",enum:ActionType,nullable:false,default:"backend",name:"action_type"})],ActionBase.prototype,"actionType",2);__decorateClass([Column("simple-json",{nullable:true,name:"permission_logic"})],ActionBase.prototype,"permissionLogic",2);__decorateClass([Column({type:"int",nullable:true})],ActionBase.prototype,"serial",2);__decorateClass([Column({type:"boolean",nullable:false,default:true,name:"is_active"})],ActionBase.prototype,"isActive",2);__decorateClass([ManyToOne("Action","children",{nullable:true,onDelete:"CASCADE"}),JoinColumn({name:"parent_id"})],ActionBase.prototype,"parent",2);__decorateClass([Column({type:"uuid",nullable:true,name:"parent_id"})],ActionBase.prototype,"parentId",2);__decorateClass([OneToMany("Action","parent")],ActionBase.prototype,"children",2);__decorateClass([Column("simple-json",{nullable:true})],ActionBase.prototype,"metadata",2);import{Entity,Index}from"typeorm";var Action=class extends ActionBase{};__name(Action,"Action");Action=__decorateClass([Entity({name:"action"}),Index(["parentId"])],Action);import{Identity as Identity2}from"@flusys/nestjs-shared";import{Column as Column2}from"typeorm";var IamPermissionType=(IamPermissionType2=>{IamPermissionType2["USER_ROLE"]="user_role";IamPermissionType2["ROLE_ACTION"]="role_action";IamPermissionType2["USER_ACTION"]="user_action";IamPermissionType2["COMPANY_ACTION"]="company_action";return IamPermissionType2})(IamPermissionType||{});var IamEntityType=(IamEntityType2=>{IamEntityType2["USER"]="user";IamEntityType2["ROLE"]="role";IamEntityType2["ACTION"]="action";IamEntityType2["COMPANY"]="company";return IamEntityType2})(IamEntityType||{});var PermissionBase=class extends Identity2{static{__name(this,"PermissionBase")}permissionType;sourceType;sourceId;targetType;targetId;userId;validFrom;validUntil;reason;metadata;isUserRole(){return this.permissionType==="user_role"}isRoleAction(){return this.permissionType==="role_action"}isUserAction(){return this.permissionType==="user_action"}isCompanyAction(){return this.permissionType==="company_action"}isValid(now=new Date){if(this.validFrom&&now<this.validFrom)return false;if(this.validUntil&&now>this.validUntil)return false;return true}};__decorateClass([Column2({type:"enum",enum:IamPermissionType,name:"permission_type"})],PermissionBase.prototype,"permissionType",2);__decorateClass([Column2({type:"enum",enum:IamEntityType,name:"source_type"})],PermissionBase.prototype,"sourceType",2);__decorateClass([Column2({type:"uuid",name:"source_id"})],PermissionBase.prototype,"sourceId",2);__decorateClass([Column2({type:"enum",enum:IamEntityType,name:"target_type"})],PermissionBase.prototype,"targetType",2);__decorateClass([Column2({type:"uuid",name:"target_id"})],PermissionBase.prototype,"targetId",2);__decorateClass([Column2({type:"uuid",nullable:true,name:"user_id"})],PermissionBase.prototype,"userId",2);__decorateClass([Column2({type:"timestamp",nullable:true,name:"valid_from"})],PermissionBase.prototype,"validFrom",2);__decorateClass([Column2({type:"timestamp",nullable:true,name:"valid_until"})],PermissionBase.prototype,"validUntil",2);__decorateClass([Column2({type:"text",nullable:true})],PermissionBase.prototype,"reason",2);__decorateClass([Column2("simple-json",{nullable:true})],PermissionBase.prototype,"metadata",2);import{Column as Column3,Entity as Entity2,Index as Index2}from"typeorm";var UserIamPermissionWithCompany=class extends PermissionBase{companyId;branchId};__name(UserIamPermissionWithCompany,"UserIamPermissionWithCompany");__decorateClass([Column3({type:"uuid",nullable:true,name:"company_id"})],UserIamPermissionWithCompany.prototype,"companyId",2);__decorateClass([Column3({type:"uuid",nullable:true,name:"branch_id"})],UserIamPermissionWithCompany.prototype,"branchId",2);UserIamPermissionWithCompany=__decorateClass([Entity2({name:"user_iam_permission"}),Index2(["permissionType","sourceId","targetId"],{unique:true}),Index2(["sourceId","sourceType"]),Index2(["targetId","targetType"]),Index2(["permissionType"]),Index2(["userId"]),Index2(["companyId"]),Index2(["branchId"]),Index2(["companyId","branchId"])],UserIamPermissionWithCompany);import{Identity as Identity3}from"@flusys/nestjs-shared";import{Column as Column4}from"typeorm";var RoleBase=class extends Identity3{static{__name(this,"RoleBase")}readOnly;name;description;isActive;serial;metadata};__decorateClass([Column4({type:"boolean",nullable:false,default:false,name:"read_only"})],RoleBase.prototype,"readOnly",2);__decorateClass([Column4({type:"varchar",length:255,nullable:false})],RoleBase.prototype,"name",2);__decorateClass([Column4({type:"varchar",length:500,nullable:true})],RoleBase.prototype,"description",2);__decorateClass([Column4({type:"boolean",nullable:false,default:true,name:"is_active"})],RoleBase.prototype,"isActive",2);__decorateClass([Column4({type:"int",nullable:true})],RoleBase.prototype,"serial",2);__decorateClass([Column4("simple-json",{nullable:true})],RoleBase.prototype,"metadata",2);import{Column as Column5,Entity as Entity3,Index as Index3}from"typeorm";var RoleWithCompany=class extends RoleBase{companyId};__name(RoleWithCompany,"RoleWithCompany");__decorateClass([Column5({type:"uuid",nullable:true,name:"company_id"})],RoleWithCompany.prototype,"companyId",2);RoleWithCompany=__decorateClass([Entity3({name:"role"}),Index3(["companyId"])],RoleWithCompany);import{Entity as Entity4}from"typeorm";var Role=class extends RoleBase{};__name(Role,"Role");Role=__decorateClass([Entity4({name:"role"})],Role);import{Entity as Entity5,Index as Index5}from"typeorm";var UserIamPermission=class extends PermissionBase{};__name(UserIamPermission,"UserIamPermission");UserIamPermission=__decorateClass([Entity5({name:"user_iam_permission"}),Index5(["permissionType","sourceId","targetId"],{unique:true}),Index5(["sourceId","sourceType"]),Index5(["targetId","targetType"]),Index5(["permissionType"]),Index5(["userId"])],UserIamPermission);var IAMCoreEntities=[Action,Role,UserIamPermission];var IAMCompanyEntities=[RoleWithCompany,UserIamPermissionWithCompany];var IAMAllEntities=[Action,Role,RoleWithCompany,UserIamPermission,UserIamPermissionWithCompany];function getIAMEntitiesByConfig(enableCompanyFeature,permissionMode="FULL"){const entities=[Action];if(enableCompanyFeature){entities.push(UserIamPermissionWithCompany)}else{entities.push(UserIamPermission)}if(permissionMode==="RBAC"||permissionMode==="FULL"){if(enableCompanyFeature){entities.push(RoleWithCompany)}else{entities.push(Role)}}return entities}__name(getIAMEntitiesByConfig,"getIAMEntitiesByConfig");export{Action,ActionBase,IAMAllEntities,IAMCompanyEntities,IAMCoreEntities,IamEntityType,IamPermissionType,PermissionBase,Role,RoleBase,RoleWithCompany,UserIamPermission,UserIamPermissionWithCompany,getIAMEntitiesByConfig};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{});var IAMPermissionMode=(IAMPermissionMode2=>{IAMPermissionMode2[IAMPermissionMode2["RBAC"]=1]="RBAC";IAMPermissionMode2[IAMPermissionMode2["DIRECT"]=2]="DIRECT";IAMPermissionMode2[IAMPermissionMode2["FULL"]=3]="FULL";return IAMPermissionMode2})(IAMPermissionMode||{});export{ActionType,IAMPermissionMode};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};import{Injectable}from"@nestjs/common";var PermissionEvaluatorHelper=class{evaluate(logic,context){if(!logic){return true}return this.evaluateNode(logic,context)}evaluateNode(node,context){switch(node.type){case"action":return this.evaluateAction(node.actionId,context);case"group":return this.evaluateGroup(node,context);default:return false}}evaluateAction(actionId,context){if(context.deniedActionIds.has(actionId)){return false}if(context.grantedActionIds.has(actionId)){return true}if(context.inheritedActionIds?.has(actionId)){return true}return false}evaluateGroup(node,context){if(!node.children||node.children.length===0){return false}const results=node.children.map(child=>this.evaluateNode(child,context));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}batchEvaluate(logics,context){const results=new Map;for(const item of logics){results.set(item.id,this.evaluate(item.logic,context))}return results}hasAnyAction(actionIds,context){return actionIds.some(actionId=>this.evaluateAction(actionId,context))}hasAllActions(actionIds,context){return actionIds.every(actionId=>this.evaluateAction(actionId,context))}hasAnyRole(roleIds,context){return roleIds.some(roleId=>context.roleIds.has(roleId))}hasAllRoles(roleIds,context){return roleIds.every(roleId=>context.roleIds.has(roleId))}evaluateLogicNode(logic,actionCodes){if(!logic){return true}return this.evaluateNodeSimple(logic,actionCodes)}evaluateNodeSimple(node,actionCodes){switch(node.type){case"action":return node.actionId?actionCodes.has(node.actionId):false;case"group":return this.evaluateGroupSimple(node,actionCodes);default:return false}}evaluateGroupSimple(node,actionCodes){if(!node.children||node.children.length===0){return node.operator==="AND"}const results=node.children.map(child=>this.evaluateNodeSimple(child,actionCodes));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}};__name(PermissionEvaluatorHelper,"PermissionEvaluatorHelper");PermissionEvaluatorHelper=__decorateClass([Injectable()],PermissionEvaluatorHelper);var IAMPermissionMode=(IAMPermissionMode2=>{IAMPermissionMode2[IAMPermissionMode2["RBAC"]=1]="RBAC";IAMPermissionMode2[IAMPermissionMode2["DIRECT"]=2]="DIRECT";IAMPermissionMode2[IAMPermissionMode2["FULL"]=3]="FULL";return IAMPermissionMode2})(IAMPermissionMode||{});var PermissionModeHelper=class{static{__name(this,"PermissionModeHelper")}static fromString(modeStr){if(!modeStr){return 3}const mode=IAMPermissionMode[modeStr];return mode??3}static toString(mode){return IAMPermissionMode[mode]}};export{PermissionEvaluatorHelper,PermissionModeHelper};
|
package/fesm/index.js
ADDED
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __defNormalProp=(obj,key,value)=>key in obj?__defProp(obj,key,{enumerable:true,configurable:true,writable:true,value}):obj[key]=value;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __esm=(fn,res)=>function __init(){return fn&&(res=(0,fn[__getOwnPropNames(fn)[0]])(fn=0)),res};var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};var __decorateParam=(index,decorator)=>(target,key)=>decorator(target,key,index);var __publicField=(obj,key,value)=>__defNormalProp(obj,typeof key!=="symbol"?key+"":key,value);var ActionType;var init_action_type_enum=__esm({"projects/nestjs-iam/src/enums/action-type.enum.ts"(){"use strict";ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{})}});var IAMPermissionMode;var init_permission_type_enum=__esm({"projects/nestjs-iam/src/enums/permission-type.enum.ts"(){"use strict";IAMPermissionMode=(IAMPermissionMode2=>{IAMPermissionMode2[IAMPermissionMode2["RBAC"]=1]="RBAC";IAMPermissionMode2[IAMPermissionMode2["DIRECT"]=2]="DIRECT";IAMPermissionMode2[IAMPermissionMode2["FULL"]=3]="FULL";return IAMPermissionMode2})(IAMPermissionMode||{})}});var init_enums=__esm({"projects/nestjs-iam/src/enums/index.ts"(){"use strict";init_action_type_enum();init_permission_type_enum()}});import{Identity}from"@flusys/nestjs-shared";import{Column,JoinColumn,ManyToOne,OneToMany}from"typeorm";var ActionBase;var init_action_base_entity=__esm({"projects/nestjs-iam/src/entities/action-base.entity.ts"(){"use strict";init_enums();ActionBase=class extends Identity{static{__name(this,"ActionBase")}readOnly;name;description;code;actionType;permissionLogic;serial;isActive;parent;parentId;children;metadata};__decorateClass([Column({type:"boolean",nullable:false,default:false,name:"read_only"})],ActionBase.prototype,"readOnly",2);__decorateClass([Column({type:"varchar",length:255,nullable:false})],ActionBase.prototype,"name",2);__decorateClass([Column({type:"varchar",length:500,nullable:true})],ActionBase.prototype,"description",2);__decorateClass([Column({type:"varchar",length:255,nullable:true,unique:true})],ActionBase.prototype,"code",2);__decorateClass([Column({type:"enum",enum:ActionType,nullable:false,default:"backend",name:"action_type"})],ActionBase.prototype,"actionType",2);__decorateClass([Column("simple-json",{nullable:true,name:"permission_logic"})],ActionBase.prototype,"permissionLogic",2);__decorateClass([Column({type:"int",nullable:true})],ActionBase.prototype,"serial",2);__decorateClass([Column({type:"boolean",nullable:false,default:true,name:"is_active"})],ActionBase.prototype,"isActive",2);__decorateClass([ManyToOne("Action","children",{nullable:true,onDelete:"CASCADE"}),JoinColumn({name:"parent_id"})],ActionBase.prototype,"parent",2);__decorateClass([Column({type:"uuid",nullable:true,name:"parent_id"})],ActionBase.prototype,"parentId",2);__decorateClass([OneToMany("Action","parent")],ActionBase.prototype,"children",2);__decorateClass([Column("simple-json",{nullable:true})],ActionBase.prototype,"metadata",2)}});import{Entity,Index}from"typeorm";var Action;var init_action_entity=__esm({"projects/nestjs-iam/src/entities/action.entity.ts"(){"use strict";init_action_base_entity();Action=class extends ActionBase{};__name(Action,"Action");Action=__decorateClass([Entity({name:"action"}),Index(["parentId"])],Action)}});import{Identity as Identity2}from"@flusys/nestjs-shared";import{Column as Column2}from"typeorm";var RoleBase;var init_role_base_entity=__esm({"projects/nestjs-iam/src/entities/role-base.entity.ts"(){"use strict";RoleBase=class extends Identity2{static{__name(this,"RoleBase")}readOnly;name;description;isActive;serial;metadata};__decorateClass([Column2({type:"boolean",nullable:false,default:false,name:"read_only"})],RoleBase.prototype,"readOnly",2);__decorateClass([Column2({type:"varchar",length:255,nullable:false})],RoleBase.prototype,"name",2);__decorateClass([Column2({type:"varchar",length:500,nullable:true})],RoleBase.prototype,"description",2);__decorateClass([Column2({type:"boolean",nullable:false,default:true,name:"is_active"})],RoleBase.prototype,"isActive",2);__decorateClass([Column2({type:"int",nullable:true})],RoleBase.prototype,"serial",2);__decorateClass([Column2("simple-json",{nullable:true})],RoleBase.prototype,"metadata",2)}});import{Column as Column3,Entity as Entity2,Index as Index2}from"typeorm";var RoleWithCompany;var init_role_with_company_entity=__esm({"projects/nestjs-iam/src/entities/role-with-company.entity.ts"(){"use strict";init_role_base_entity();RoleWithCompany=class extends RoleBase{companyId};__name(RoleWithCompany,"RoleWithCompany");__decorateClass([Column3({type:"uuid",nullable:true,name:"company_id"})],RoleWithCompany.prototype,"companyId",2);RoleWithCompany=__decorateClass([Entity2({name:"role"}),Index2(["companyId"])],RoleWithCompany)}});import{Entity as Entity3}from"typeorm";var Role;var init_role_entity=__esm({"projects/nestjs-iam/src/entities/role.entity.ts"(){"use strict";init_role_base_entity();Role=class extends RoleBase{};__name(Role,"Role");Role=__decorateClass([Entity3({name:"role"})],Role)}});import{Identity as Identity3}from"@flusys/nestjs-shared";import{Column as Column4}from"typeorm";var IamPermissionType,IamEntityType,PermissionBase;var init_permission_base_entity=__esm({"projects/nestjs-iam/src/entities/permission-base.entity.ts"(){"use strict";IamPermissionType=(IamPermissionType2=>{IamPermissionType2["USER_ROLE"]="user_role";IamPermissionType2["ROLE_ACTION"]="role_action";IamPermissionType2["USER_ACTION"]="user_action";IamPermissionType2["COMPANY_ACTION"]="company_action";return IamPermissionType2})(IamPermissionType||{});IamEntityType=(IamEntityType2=>{IamEntityType2["USER"]="user";IamEntityType2["ROLE"]="role";IamEntityType2["ACTION"]="action";IamEntityType2["COMPANY"]="company";return IamEntityType2})(IamEntityType||{});PermissionBase=class extends Identity3{static{__name(this,"PermissionBase")}permissionType;sourceType;sourceId;targetType;targetId;userId;validFrom;validUntil;reason;metadata;isUserRole(){return this.permissionType==="user_role"}isRoleAction(){return this.permissionType==="role_action"}isUserAction(){return this.permissionType==="user_action"}isCompanyAction(){return this.permissionType==="company_action"}isValid(now=new Date){if(this.validFrom&&now<this.validFrom)return false;if(this.validUntil&&now>this.validUntil)return false;return true}};__decorateClass([Column4({type:"enum",enum:IamPermissionType,name:"permission_type"})],PermissionBase.prototype,"permissionType",2);__decorateClass([Column4({type:"enum",enum:IamEntityType,name:"source_type"})],PermissionBase.prototype,"sourceType",2);__decorateClass([Column4({type:"uuid",name:"source_id"})],PermissionBase.prototype,"sourceId",2);__decorateClass([Column4({type:"enum",enum:IamEntityType,name:"target_type"})],PermissionBase.prototype,"targetType",2);__decorateClass([Column4({type:"uuid",name:"target_id"})],PermissionBase.prototype,"targetId",2);__decorateClass([Column4({type:"uuid",nullable:true,name:"user_id"})],PermissionBase.prototype,"userId",2);__decorateClass([Column4({type:"timestamp",nullable:true,name:"valid_from"})],PermissionBase.prototype,"validFrom",2);__decorateClass([Column4({type:"timestamp",nullable:true,name:"valid_until"})],PermissionBase.prototype,"validUntil",2);__decorateClass([Column4({type:"text",nullable:true})],PermissionBase.prototype,"reason",2);__decorateClass([Column4("simple-json",{nullable:true})],PermissionBase.prototype,"metadata",2)}});import{Column as Column5,Entity as Entity4,Index as Index4}from"typeorm";var UserIamPermissionWithCompany;var init_permission_with_company_entity=__esm({"projects/nestjs-iam/src/entities/permission-with-company.entity.ts"(){"use strict";init_permission_base_entity();UserIamPermissionWithCompany=class extends PermissionBase{companyId;branchId};__name(UserIamPermissionWithCompany,"UserIamPermissionWithCompany");__decorateClass([Column5({type:"uuid",nullable:true,name:"company_id"})],UserIamPermissionWithCompany.prototype,"companyId",2);__decorateClass([Column5({type:"uuid",nullable:true,name:"branch_id"})],UserIamPermissionWithCompany.prototype,"branchId",2);UserIamPermissionWithCompany=__decorateClass([Entity4({name:"user_iam_permission"}),Index4(["permissionType","sourceId","targetId"],{unique:true}),Index4(["sourceId","sourceType"]),Index4(["targetId","targetType"]),Index4(["permissionType"]),Index4(["userId"]),Index4(["companyId"]),Index4(["branchId"]),Index4(["companyId","branchId"])],UserIamPermissionWithCompany)}});import{Entity as Entity5,Index as Index5}from"typeorm";var UserIamPermission;var init_user_iam_permission_entity=__esm({"projects/nestjs-iam/src/entities/user-iam-permission.entity.ts"(){"use strict";init_permission_base_entity();init_permission_base_entity();UserIamPermission=class extends PermissionBase{};__name(UserIamPermission,"UserIamPermission");UserIamPermission=__decorateClass([Entity5({name:"user_iam_permission"}),Index5(["permissionType","sourceId","targetId"],{unique:true}),Index5(["sourceId","sourceType"]),Index5(["targetId","targetType"]),Index5(["permissionType"]),Index5(["userId"])],UserIamPermission)}});var entities_exports={};__export(entities_exports,{Action:()=>Action,ActionBase:()=>ActionBase,IAMAllEntities:()=>IAMAllEntities,IAMCompanyEntities:()=>IAMCompanyEntities,IAMCoreEntities:()=>IAMCoreEntities,IamEntityType:()=>IamEntityType,IamPermissionType:()=>IamPermissionType,PermissionBase:()=>PermissionBase,Role:()=>Role,RoleBase:()=>RoleBase,RoleWithCompany:()=>RoleWithCompany,UserIamPermission:()=>UserIamPermission,UserIamPermissionWithCompany:()=>UserIamPermissionWithCompany,getIAMEntitiesByConfig:()=>getIAMEntitiesByConfig});function getIAMEntitiesByConfig(enableCompanyFeature,permissionMode="FULL"){const entities=[Action];if(enableCompanyFeature){entities.push(UserIamPermissionWithCompany)}else{entities.push(UserIamPermission)}if(permissionMode==="RBAC"||permissionMode==="FULL"){if(enableCompanyFeature){entities.push(RoleWithCompany)}else{entities.push(Role)}}return entities}var IAMCoreEntities,IAMCompanyEntities,IAMAllEntities;var init_entities=__esm({"projects/nestjs-iam/src/entities/index.ts"(){"use strict";init_action_base_entity();init_action_entity();init_permission_base_entity();init_permission_with_company_entity();init_role_base_entity();init_role_with_company_entity();init_role_entity();init_user_iam_permission_entity();init_action_entity();init_role_entity();init_role_with_company_entity();init_user_iam_permission_entity();init_permission_with_company_entity();IAMCoreEntities=[Action,Role,UserIamPermission];IAMCompanyEntities=[RoleWithCompany,UserIamPermissionWithCompany];IAMAllEntities=[Action,Role,RoleWithCompany,UserIamPermission,UserIamPermissionWithCompany];__name(getIAMEntitiesByConfig,"getIAMEntitiesByConfig")}});var IAM_MODULE_OPTIONS="IAM_MODULE_OPTIONS";import{JwtAuthGuard}from"@flusys/nestjs-shared/guards";import{createApiController,CurrentUser,SingleResponseDto}from"@flusys/nestjs-shared";import{Body,Controller,Get,Inject as Inject2,Post,UseGuards}from"@nestjs/common";import{ApiBearerAuth,ApiOperation,ApiResponse,ApiTags}from"@nestjs/swagger";init_enums();import{ApiProperty,PartialType}from"@nestjs/swagger";import{IsBoolean,IsEnum,IsInt,IsNotEmpty,IsOptional,IsString,IsUUID,MaxLength}from"class-validator";var CreateActionDto=class{static{__name(this,"CreateActionDto")}name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata};__decorateClass([ApiProperty({description:"Action name",example:"View Users"}),IsString(),IsNotEmpty(),MaxLength(255)],CreateActionDto.prototype,"name",2);__decorateClass([ApiProperty({description:"Action description",example:"Permission to view user list",required:false}),IsString(),IsOptional(),MaxLength(500)],CreateActionDto.prototype,"description",2);__decorateClass([ApiProperty({description:"Unique code for programmatic reference",example:"user.view",required:false}),IsString(),IsOptional(),MaxLength(255)],CreateActionDto.prototype,"code",2);__decorateClass([ApiProperty({description:"Action type (backend for API endpoints, frontend for UI features)",enum:ActionType,example:"backend",default:"backend",required:false}),IsEnum(ActionType),IsOptional()],CreateActionDto.prototype,"actionType",2);__decorateClass([ApiProperty({description:"Permission logic (AND/OR rules)",required:false}),IsOptional()],CreateActionDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty({description:"Parent action ID for hierarchy",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID(),IsOptional()],CreateActionDto.prototype,"parentId",2);__decorateClass([ApiProperty({description:"Display order",required:false}),IsInt(),IsOptional()],CreateActionDto.prototype,"serial",2);__decorateClass([ApiProperty({description:"Active status",default:true,required:false}),IsBoolean(),IsOptional()],CreateActionDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Additional metadata",required:false}),IsOptional()],CreateActionDto.prototype,"metadata",2);var UpdateActionDto=class extends PartialType(CreateActionDto){static{__name(this,"UpdateActionDto")}id};__decorateClass([ApiProperty({description:"Action ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID(),IsNotEmpty()],UpdateActionDto.prototype,"id",2);var ActionResponseDto=class{static{__name(this,"ActionResponseDto")}id;readOnly;name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty()],ActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"name",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"description",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"code",2);__decorateClass([ApiProperty({enum:ActionType})],ActionResponseDto.prototype,"actionType",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"permissionLogic",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"parentId",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"serial",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty()],ActionResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty({required:false})],ActionResponseDto.prototype,"deletedById",2);var _ActionTreeDto=class _ActionTreeDto extends ActionResponseDto{static{__name(this,"ActionTreeDto")}children};__decorateClass([ApiProperty({type:__name(()=>[_ActionTreeDto],"type")})],_ActionTreeDto.prototype,"children",2);var ActionTreeDto=_ActionTreeDto;var ActionQueryDto=class{static{__name(this,"ActionQueryDto")}isActive;parentId};__decorateClass([ApiProperty({description:"Filter by active status",required:false}),IsBoolean(),IsOptional()],ActionQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Filter by parent ID",required:false}),IsUUID(),IsOptional()],ActionQueryDto.prototype,"parentId",2);var ActionTreeQueryDto=class{static{__name(this,"ActionTreeQueryDto")}search;isActive;withDeleted};__decorateClass([ApiProperty({description:"Search by name or code",example:"user",required:false}),IsString(),IsOptional()],ActionTreeQueryDto.prototype,"search",2);__decorateClass([ApiProperty({description:"Filter by active status",example:true,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"isActive",2);__decorateClass([ApiProperty({description:"Include deleted actions",default:false,required:false}),IsBoolean(),IsOptional()],ActionTreeQueryDto.prototype,"withDeleted",2);init_action_entity();import{RequestScopedApiService}from"@flusys/nestjs-shared/classes";import{Inject,Injectable,Logger,NotFoundException}from"@nestjs/common";import{In}from"typeorm";var ActionService=class extends RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider,permissionService){super("action",null,cacheManager,utilsService,ActionService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider;this.permissionService=permissionService}logger=new Logger(ActionService.name);resolveEntity(){return Action}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,_user){if(!("id"in dto)||!dto.id){return dto}const existingAction=await this.repository.findOne({where:{id:dto.id}});if(!existingAction){throw new NotFoundException(`Action with ID ${dto.id} not found`)}return{...existingAction,...dto}}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","code","description","actionType","permissionLogic","isActive","parentId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,code:entity.code,actionType:entity.actionType,permissionLogic:entity.permissionLogic,serial:entity.serial,isActive:entity.isActive,parentId:entity.parentId,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}async getActionsForPermission(user){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionsForPermission")}const selectFields=["id","code","name","description","actionType","permissionLogic","isActive","parentId","serial"];const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user.companyId){const companyActionIds=await this.permissionService.getCompanyActionIds(user.companyId);if(companyActionIds.length===0){return[]}const actions2=await this.repository.find({where:{id:In(companyActionIds)},select:selectFields});return actions2.map(action=>this.convertEntityToResponseDto(action,false))}const actions=await this.repository.find({select:selectFields});return actions.map(action=>this.convertEntityToResponseDto(action,false))}async getActionTree(user,search,isActive,withDeleted=false){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionTree")}const query=this.repository.createQueryBuilder("action");if(!withDeleted){query.andWhere("action.deletedAt IS NULL")}if(isActive!==void 0){query.andWhere("action.isActive = :isActive",{isActive})}if(search?.trim()){query.andWhere("(action.name LIKE :search OR action.code LIKE :search)",{search:`%${search.trim()}%`})}const actions=await query.orderBy("action.serial","ASC").getMany();return this.buildActionTree(actions)}buildActionTree(actions){if(!actions?.length){return[]}const map=new Map;const rootNodes=[];for(const action of actions){const treeNode={...this.convertEntityToResponseDto(action,false),children:[]};map.set(action.id,treeNode)}for(const action of actions){const node=map.get(action.id);if(!node){continue}if(action.parentId&&map.has(action.parentId)){const parent=map.get(action.parentId);if(parent?.children){parent.children.push(node)}}else{rootNodes.push(node)}}return rootNodes}};__name(ActionService,"ActionService");ActionService=__decorateClass([Injectable(),__decorateParam(0,Inject("CACHE_INSTANCE"))],ActionService);var ActionController=class extends createApiController(CreateActionDto,UpdateActionDto,ActionResponseDto){constructor(actionService){super(actionService);this.actionService=actionService}async getActionsForPermission(user){const actions=await this.actionService.getActionsForPermission(user);return{success:true,message:"Actions retrieved successfully",data:actions}}async getActionTree(query,user){const tree=await this.actionService.getActionTree(user,query.search,query.isActive,query.withDeleted);return{success:true,message:"Action tree retrieved successfully",data:tree}}};__name(ActionController,"ActionController");__decorateClass([Get("tree-for-permission"),UseGuards(JwtAuthGuard),ApiBearerAuth(),ApiOperation({summary:"Get actions for permission assignment",description:"Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist."}),ApiResponse({status:200,type:SingleResponseDto}),__decorateParam(0,CurrentUser())],ActionController.prototype,"getActionsForPermission",1);__decorateClass([Post("tree"),UseGuards(JwtAuthGuard),ApiBearerAuth(),ApiOperation({summary:"Get actions in hierarchical tree structure",description:"Returns all actions organized in a parent-child tree structure. Supports optional search and filtering."}),ApiResponse({status:200,description:"Actions tree retrieved successfully",type:SingleResponseDto}),__decorateParam(0,Body()),__decorateParam(1,CurrentUser())],ActionController.prototype,"getActionTree",1);ActionController=__decorateClass([ApiTags("IAM - Actions"),Controller("iam/actions"),__decorateParam(0,Inject2(ActionService))],ActionController);import{createApiController as createApiController2}from"@flusys/nestjs-shared/classes";import{Controller as Controller2,Inject as Inject4}from"@nestjs/common";import{ApiTags as ApiTags2}from"@nestjs/swagger";import{ApiProperty as ApiProperty2,PartialType as PartialType2}from"@nestjs/swagger";import{IsBoolean as IsBoolean2,IsInt as IsInt2,IsNotEmpty as IsNotEmpty2,IsOptional as IsOptional2,IsString as IsString2,IsUUID as IsUUID2,MaxLength as MaxLength2}from"class-validator";var CreateRoleDto=class{static{__name(this,"CreateRoleDto")}name;description;companyId;isActive;serial;metadata};__decorateClass([ApiProperty2({description:"Role name",example:"Manager"}),IsString2(),IsNotEmpty2(),MaxLength2(255)],CreateRoleDto.prototype,"name",2);__decorateClass([ApiProperty2({description:"Role description",example:"Management level access",required:false}),IsString2(),IsOptional2(),MaxLength2(500)],CreateRoleDto.prototype,"description",2);__decorateClass([ApiProperty2({description:"Company ID (scope role to specific company) - Only available when company feature is enabled",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),IsUUID2(),IsOptional2()],CreateRoleDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Active status",default:true,required:false}),IsBoolean2(),IsOptional2()],CreateRoleDto.prototype,"isActive",2);__decorateClass([ApiProperty2({description:"Display order",required:false}),IsInt2(),IsOptional2()],CreateRoleDto.prototype,"serial",2);__decorateClass([ApiProperty2({description:"Additional metadata",required:false}),IsOptional2()],CreateRoleDto.prototype,"metadata",2);var UpdateRoleDto=class extends PartialType2(CreateRoleDto){static{__name(this,"UpdateRoleDto")}id};__decorateClass([ApiProperty2({description:"Role ID",example:"123e4567-e89b-12d3-a456-426614174000"}),IsUUID2(),IsNotEmpty2()],UpdateRoleDto.prototype,"id",2);var RoleQueryDto=class{static{__name(this,"RoleQueryDto")}companyId;isActive};__decorateClass([ApiProperty2({description:"Filter by company ID - Only available when company feature is enabled",required:false}),IsUUID2(),IsOptional2()],RoleQueryDto.prototype,"companyId",2);__decorateClass([ApiProperty2({description:"Filter by active status",required:false}),IsBoolean2(),IsOptional2()],RoleQueryDto.prototype,"isActive",2);var RoleResponseDto=class{static{__name(this,"RoleResponseDto")}id;readOnly;name;description;companyId;isActive;serial;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"readOnly",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"name",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"description",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"isActive",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"serial",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"metadata",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"createdAt",2);__decorateClass([ApiProperty2()],RoleResponseDto.prototype,"updatedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedAt",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"createdById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"updatedById",2);__decorateClass([ApiProperty2({required:false})],RoleResponseDto.prototype,"deletedById",2);init_role_with_company_entity();init_role_entity();import{RequestScopedApiService as RequestScopedApiService2}from"@flusys/nestjs-shared/classes";import{Inject as Inject3,Injectable as Injectable2,Logger as Logger2,NotFoundException as NotFoundException2}from"@nestjs/common";var RoleService=class extends RequestScopedApiService2{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider){super("role",null,cacheManager,utilsService,RoleService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new Logger2(RoleService.name);resolveEntity(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();return enableCompanyFeature?RoleWithCompany:Role}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,user){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let role={};let isUpdate=false;if("id"in dto&&dto.id&&typeof dto.id==="string"){const dbData=await this.repository.findOne({where:{id:dto.id}});if(!dbData){throw new NotFoundException2("Role not found")}role=dbData;isUpdate=true}role={...role,...dto};if(enableCompanyFeature){if(isUpdate){if(dto.companyId!==void 0){role.companyId=dto.companyId}if(!("companyId"in role)||role.companyId===void 0){role.companyId=user?.companyId??null}}else{role.companyId=dto.companyId??user?.companyId??null}}return role}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","description","isActive","companyId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(role.name LIKE :search OR role.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}async getExtraManipulateQuery(query,filterDto,user){const result=await super.getExtraManipulateQuery(query,filterDto,user);const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user?.companyId){query.andWhere("role.companyId = :companyId",{companyId:user.companyId})}return result}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,isActive:entity.isActive,serial:entity.serial,companyId:("companyId"in entity?entity.companyId:null)??null,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}};__name(RoleService,"RoleService");RoleService=__decorateClass([Injectable2(),__decorateParam(0,Inject3("CACHE_INSTANCE"))],RoleService);var RoleController=class extends createApiController2(CreateRoleDto,UpdateRoleDto,RoleResponseDto,{security:"jwt"}){constructor(roleService){super(roleService);this.roleService=roleService}};__name(RoleController,"RoleController");RoleController=__decorateClass([ApiTags2("IAM - Roles"),Controller2("iam/roles"),__decorateParam(0,Inject4(RoleService))],RoleController);import{JwtAuthGuard as JwtAuthGuard2,SingleResponseDto as SingleResponseDto2}from"@flusys/nestjs-shared";import{Body as Body2,Controller as Controller3,Get as Get2,Param,Post as Post2,Query,UseGuards as UseGuards2}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth2,ApiOperation as ApiOperation2,ApiResponse as ApiResponse2,ApiTags as ApiTags3}from"@nestjs/swagger";import{ApiProperty as ApiProperty3,ApiPropertyOptional}from"@nestjs/swagger";import{Type}from"class-transformer";import{IsArray,IsEnum as IsEnum2,IsOptional as IsOptional3,IsString as IsString3,IsUUID as IsUUID3,ValidateNested}from"class-validator";var PermissionAction=(PermissionAction2=>{PermissionAction2["ADD"]="add";PermissionAction2["REMOVE"]="remove";return PermissionAction2})(PermissionAction||{});var PermissionItemDto=class{static{__name(this,"PermissionItemDto")}id;action};__decorateClass([ApiProperty3({description:"ID of the target (action or role)"}),IsUUID3()],PermissionItemDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Action to perform",enum:PermissionAction,example:"add"}),IsEnum2(PermissionAction)],PermissionItemDto.prototype,"action",2);var AssignUserActionsDto=class{static{__name(this,"AssignUserActionsDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserActionsDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserActionsDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserActionsDto.prototype,"items",2);var AssignCompanyActionsDto=class{static{__name(this,"AssignCompanyActionsDto")}companyId;items};__decorateClass([ApiProperty3({description:"Company ID"}),IsUUID3()],AssignCompanyActionsDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove to company (whitelist)",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignCompanyActionsDto.prototype,"items",2);var AssignRoleActionsDto=class{static{__name(this,"AssignRoleActionsDto")}roleId;items};__decorateClass([ApiProperty3({description:"Role ID"}),IsUUID3()],AssignRoleActionsDto.prototype,"roleId",2);__decorateClass([ApiProperty3({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignRoleActionsDto.prototype,"items",2);var AssignUserRolesDto=class{static{__name(this,"AssignUserRolesDto")}userId;companyId;branchId;items};__decorateClass([ApiProperty3({description:"User ID"}),IsUUID3()],AssignUserRolesDto.prototype,"userId",2);__decorateClass([ApiPropertyOptional({description:"Company ID (for company-wide or branch-specific assignments)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID (null = company-wide, set = branch-specific)"}),IsUUID3(),IsOptional3()],AssignUserRolesDto.prototype,"branchId",2);__decorateClass([ApiProperty3({description:"Array of roles to assign/remove",type:[PermissionItemDto]}),IsArray(),ValidateNested({each:true}),Type(()=>PermissionItemDto)],AssignUserRolesDto.prototype,"items",2);var GetUserActionsDto=class{static{__name(this,"GetUserActionsDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserActionsDto.prototype,"branchId",2);var GetRoleActionsDto=class{static{__name(this,"GetRoleActionsDto")}};var GetCompanyActionsDto=class{static{__name(this,"GetCompanyActionsDto")}};var GetUserRolesDto=class{static{__name(this,"GetUserRolesDto")}companyId;branchId};__decorateClass([ApiPropertyOptional({description:"Company ID (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"companyId",2);__decorateClass([ApiPropertyOptional({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),IsUUID3(),IsOptional3()],GetUserRolesDto.prototype,"branchId",2);var UserActionResponseDto=class{static{__name(this,"UserActionResponseDto")}id;userId;actionId;actionCode;actionName;branchId;createdAt};__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"actionName",2);__decorateClass([ApiPropertyOptional()],UserActionResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserActionResponseDto.prototype,"createdAt",2);var RoleActionResponseDto=class{static{__name(this,"RoleActionResponseDto")}id;roleId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3()],RoleActionResponseDto.prototype,"createdAt",2);var CompanyActionResponseDto=class{static{__name(this,"CompanyActionResponseDto")}id;companyId;actionId;actionCode;actionName;createdAt};__decorateClass([ApiProperty3({description:"Permission ID"})],CompanyActionResponseDto.prototype,"id",2);__decorateClass([ApiProperty3({description:"Company ID"})],CompanyActionResponseDto.prototype,"companyId",2);__decorateClass([ApiProperty3({description:"Action ID"})],CompanyActionResponseDto.prototype,"actionId",2);__decorateClass([ApiProperty3({description:"Action Code"})],CompanyActionResponseDto.prototype,"actionCode",2);__decorateClass([ApiProperty3({description:"Action Name"})],CompanyActionResponseDto.prototype,"actionName",2);__decorateClass([ApiProperty3({description:"When this permission was created"})],CompanyActionResponseDto.prototype,"createdAt",2);var UserRoleResponseDto=class{static{__name(this,"UserRoleResponseDto")}id;userId;roleId;roleName;branchId;createdAt};__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"id",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"userId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"roleName",2);__decorateClass([ApiPropertyOptional()],UserRoleResponseDto.prototype,"branchId",2);__decorateClass([ApiProperty3()],UserRoleResponseDto.prototype,"createdAt",2);var FrontendActionDto=class{static{__name(this,"FrontendActionDto")}id;code;name;description};__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"id",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"code",2);__decorateClass([ApiProperty3()],FrontendActionDto.prototype,"name",2);__decorateClass([ApiPropertyOptional()],FrontendActionDto.prototype,"description",2);var MyPermissionsQueryDto=class{static{__name(this,"MyPermissionsQueryDto")}parentCodes};__decorateClass([ApiPropertyOptional({description:"Filter by parent action codes",example:["user","role"],type:[String]}),IsArray(),IsString3({each:true}),IsOptional3()],MyPermissionsQueryDto.prototype,"parentCodes",2);var MyPermissionsResponseDto=class{static{__name(this,"MyPermissionsResponseDto")}frontendActions;cachedEndpoints};__decorateClass([ApiProperty3({type:[FrontendActionDto]})],MyPermissionsResponseDto.prototype,"frontendActions",2);__decorateClass([ApiProperty3({description:"Number of endpoint actions cached for PermissionGuard"})],MyPermissionsResponseDto.prototype,"cachedEndpoints",2);var PermissionOperationResultDto=class{static{__name(this,"PermissionOperationResultDto")}success;added;removed;message};__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"success",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"added",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"removed",2);__decorateClass([ApiProperty3()],PermissionOperationResultDto.prototype,"message",2);var CompanyActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignCompanyActions(dto){return this.permissionService.assignCompanyActions(dto)}async getCompanyActions(companyId,query){const actions=await this.permissionService.getCompanyActions(companyId);return{success:true,message:"Company actions retrieved successfully",data:actions}}};__name(CompanyActionPermissionController,"CompanyActionPermissionController");__decorateClass([Post2("company-actions/assign"),ApiOperation2({summary:"Whitelist actions for company",description:"Controls which actions are available to company users/roles."}),ApiResponse2({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body2())],CompanyActionPermissionController.prototype,"assignCompanyActions",1);__decorateClass([Get2("company-actions/:companyId"),ApiOperation2({summary:"Get company whitelisted actions",description:"Returns actions available to company."}),ApiResponse2({status:200,type:SingleResponseDto2}),__decorateParam(0,Param("companyId")),__decorateParam(1,Query())],CompanyActionPermissionController.prototype,"getCompanyActions",1);CompanyActionPermissionController=__decorateClass([ApiTags3("IAM - Company Action Permissions"),Controller3("iam/permissions"),UseGuards2(JwtAuthGuard2),ApiBearerAuth2()],CompanyActionPermissionController);import{CurrentUser as CurrentUser2}from"@flusys/nestjs-shared";import{JwtAuthGuard as JwtAuthGuard3}from"@flusys/nestjs-shared/guards";import{Body as Body3,Controller as Controller4,Post as Post3,UseGuards as UseGuards3}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth3,ApiOperation as ApiOperation3,ApiResponse as ApiResponse3,ApiTags as ApiTags4}from"@nestjs/swagger";var MyPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async getMyPermissions(query,user){return this.permissionService.getMyPermissions(user.id,user.branchId??null,user.companyId??null,query.parentCodes)}};__name(MyPermissionController,"MyPermissionController");__decorateClass([Post3("my-permissions"),ApiOperation3({summary:"Get current user permissions",description:"Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes."}),ApiResponse3({status:200,type:MyPermissionsResponseDto}),ApiResponse3({status:401,description:"Unauthorized"}),__decorateParam(0,Body3()),__decorateParam(1,CurrentUser2())],MyPermissionController.prototype,"getMyPermissions",1);MyPermissionController=__decorateClass([ApiTags4("IAM - My Permissions"),Controller4("iam/permissions"),UseGuards3(JwtAuthGuard3),ApiBearerAuth3()],MyPermissionController);import{JwtAuthGuard as JwtAuthGuard4,SingleResponseDto as SingleResponseDto3}from"@flusys/nestjs-shared";import{Body as Body4,Controller as Controller5,Get as Get3,Param as Param2,Post as Post4,Query as Query2,UseGuards as UseGuards4}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth4,ApiOperation as ApiOperation4,ApiResponse as ApiResponse4,ApiTags as ApiTags5}from"@nestjs/swagger";var RolePermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignRoleActions(dto){return this.permissionService.assignRoleActions(dto)}async getRoleActions(roleId,query){const actions=await this.permissionService.getRoleActions(roleId);return{success:true,message:"Role actions retrieved successfully",data:actions}}async assignUserRoles(dto){return this.permissionService.assignUserRoles(dto)}async getUserRoles(userId,query){const roles=await this.permissionService.getUserRoles(userId,query.branchId,query.companyId);return{success:true,message:"User roles retrieved successfully",data:roles}}};__name(RolePermissionController,"RolePermissionController");__decorateClass([Post4("role-actions/assign"),ApiOperation4({summary:"Assign/remove actions to/from role",description:"RBAC mode. No branch scoping."}),ApiResponse4({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body4())],RolePermissionController.prototype,"assignRoleActions",1);__decorateClass([Get3("role-actions/:roleId"),ApiOperation4({summary:"Get role actions",description:"Returns actions assigned to role."}),ApiResponse4({status:200,type:SingleResponseDto3}),__decorateParam(0,Param2("roleId")),__decorateParam(1,Query2())],RolePermissionController.prototype,"getRoleActions",1);__decorateClass([Post4("user-roles/assign"),ApiOperation4({summary:"Assign/remove roles to/from user",description:"RBAC mode. If company feature enabled, branchId is required."}),ApiResponse4({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body4())],RolePermissionController.prototype,"assignUserRoles",1);__decorateClass([Get3("user-roles/:userId"),ApiOperation4({summary:"Get user roles",description:"Returns roles assigned to user. Filter by companyId and branchId."}),ApiResponse4({status:200,type:SingleResponseDto3}),__decorateParam(0,Param2("userId")),__decorateParam(1,Query2())],RolePermissionController.prototype,"getUserRoles",1);RolePermissionController=__decorateClass([ApiTags5("IAM - Role Permissions"),Controller5("iam/permissions"),UseGuards4(JwtAuthGuard4),ApiBearerAuth4()],RolePermissionController);import{JwtAuthGuard as JwtAuthGuard5,SingleResponseDto as SingleResponseDto4}from"@flusys/nestjs-shared";import{Body as Body5,Controller as Controller6,Get as Get4,Param as Param3,Post as Post5,Query as Query3,UseGuards as UseGuards5}from"@nestjs/common";import{ApiBearerAuth as ApiBearerAuth5,ApiOperation as ApiOperation5,ApiResponse as ApiResponse5,ApiTags as ApiTags6}from"@nestjs/swagger";var UserActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignUserActions(dto){return this.permissionService.assignUserActions(dto)}async getUserActions(userId,query){const actions=await this.permissionService.getUserActions(userId,query.branchId,query.companyId);return{success:true,message:"User actions retrieved successfully",data:actions}}};__name(UserActionPermissionController,"UserActionPermissionController");__decorateClass([Post5("user-actions/assign"),ApiOperation5({summary:"Assign/remove actions to/from user",description:"Direct permissions. If company feature enabled, branchId is required."}),ApiResponse5({status:200,type:PermissionOperationResultDto}),__decorateParam(0,Body5())],UserActionPermissionController.prototype,"assignUserActions",1);__decorateClass([Get4("user-actions/:userId"),ApiOperation5({summary:"Get user direct actions",description:"Returns direct action permissions for user. Filter by companyId and branchId."}),ApiResponse5({status:200,type:SingleResponseDto4}),__decorateParam(0,Param3("userId")),__decorateParam(1,Query3())],UserActionPermissionController.prototype,"getUserActions",1);UserActionPermissionController=__decorateClass([ApiTags6("IAM - User Action Permissions"),Controller6("iam/permissions"),UseGuards5(JwtAuthGuard5),ApiBearerAuth5()],UserActionPermissionController);init_permission_type_enum();var AUTH_RELATED_TAGS=["Authentication","Users","Companies","Branches","User Permissions","Company Selection"];function iamSwaggerConfig(enableCompanyFeature=false,permissionMode=3){const excludeSchemaProperties=enableCompanyFeature?[]:[{schemaName:"AssignUserActionsDto",properties:["companyId","branchId"]},{schemaName:"AssignUserRolesDto",properties:["companyId","branchId"]},{schemaName:"GetUserActionsDto",properties:["companyId","branchId"]},{schemaName:"GetUserRolesDto",properties:["companyId","branchId"]},{schemaName:"UserActionResponseDto",properties:["branchId"]},{schemaName:"UserRoleResponseDto",properties:["branchId"]},{schemaName:"AssignCompanyActionsDto",properties:["companyId"]},{schemaName:"CompanyActionResponseDto",properties:["companyId"]}];const excludeQueryParameters=enableCompanyFeature?[]:[{pathPattern:"/iam/permissions/user-actions/*",method:"get",parameters:["companyId","branchId"]},{pathPattern:"/iam/permissions/user-roles/*",method:"get",parameters:["companyId","branchId"]}];const excludeTags=[...AUTH_RELATED_TAGS];if(!enableCompanyFeature){excludeTags.push("IAM - Company Action Permissions")}if(permissionMode===1){excludeTags.push("IAM - Permissions (Direct)")}else if(permissionMode===2){excludeTags.push("IAM - Permissions (RBAC)");excludeTags.push("IAM - Roles")}return{title:"IAM API",description:`
|
|
2
|
+
## Identity & Access Management API
|
|
3
|
+
|
|
4
|
+
Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
|
|
5
|
+
|
|
6
|
+
### Current Configuration
|
|
7
|
+
- **Permission Mode**: ${permissionMode===1?"**RBAC** (Role-Based Access Control)":permissionMode===2?"**DIRECT** (Direct User Permissions)":"**FULL** (RBAC + Direct)"}${enableCompanyFeature?"\n- **Company Feature**: Enabled (Multi-tenant with company/branch scoping)":"\n- **Company Feature**: Disabled"}
|
|
8
|
+
|
|
9
|
+
### Features Based on Mode
|
|
10
|
+
|
|
11
|
+
${permissionMode===1||permissionMode===3?`#### RBAC Features (Active)
|
|
12
|
+
- **Roles**: Create company-scoped roles${enableCompanyFeature?" (auto-filtered by user company)":""}
|
|
13
|
+
- **Role-Actions**: Assign actions to roles
|
|
14
|
+
- **User-Roles**: Assign roles to users${enableCompanyFeature?" at branch level":""}
|
|
15
|
+
`:""}${permissionMode===2||permissionMode===3?`#### Direct Permission Features (Active)
|
|
16
|
+
- **User-Actions**: Direct action assignment to users${enableCompanyFeature?" at branch level":""}
|
|
17
|
+
`:""}${enableCompanyFeature?`#### Company Features (Active)
|
|
18
|
+
- **Company-Action Whitelist**: Control which actions are available per company
|
|
19
|
+
- **Branch-Based Scoping**: Permissions scoped to specific branches
|
|
20
|
+
- **Auto-Filtering**: Roles automatically filtered by user's company
|
|
21
|
+
- **Action Tree Filtering**: Available actions filtered by company whitelist
|
|
22
|
+
`:""}
|
|
23
|
+
### Core Concepts
|
|
24
|
+
|
|
25
|
+
#### Actions
|
|
26
|
+
Represent permissions in the system. Can be hierarchical.
|
|
27
|
+
|
|
28
|
+
**Action Types:**
|
|
29
|
+
- \`menu\` - Menu visibility (actions with type='menu' are used as menus)
|
|
30
|
+
- \`endpoint\` - API endpoint access
|
|
31
|
+
- \`frontend\` - Frontend feature toggles
|
|
32
|
+
${permissionMode===1||permissionMode===3?`
|
|
33
|
+
#### Roles
|
|
34
|
+
Collections of actions that can be assigned to users.${enableCompanyFeature?" Scoped to companies.":" Global across the system."}
|
|
35
|
+
`:""}${enableCompanyFeature?`
|
|
36
|
+
#### Company-Action Whitelist
|
|
37
|
+
Controls which actions are available to a company. Users/roles can only use whitelisted actions.
|
|
38
|
+
|
|
39
|
+
**Flow:**
|
|
40
|
+
1. Admin assigns actions to company (whitelist)
|
|
41
|
+
2. Only whitelisted actions appear in permission assignment UIs
|
|
42
|
+
3. Users/roles cannot be assigned non-whitelisted actions
|
|
43
|
+
`:""}
|
|
44
|
+
### Permission Resolution
|
|
45
|
+
|
|
46
|
+
${permissionMode===3?`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
47
|
+
2. **UserAction (DENY)** - Explicit denials take precedence
|
|
48
|
+
3. **UserAction (GRANT)** - Direct user grants
|
|
49
|
+
4. **UserRole \u2192 RoleAction** - Inherited from assigned roles
|
|
50
|
+
5. **Action Permission Logic** - Complex AND/OR rules`:permissionMode===1?`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
51
|
+
2. **UserRole \u2192 RoleAction** - Actions inherited from roles
|
|
52
|
+
3. **Action Permission Logic** - Complex AND/OR rules`:`1. **Company-Action Whitelist** - Filter by company (if enabled)
|
|
53
|
+
2. **UserAction (DENY)** - Explicit denials take precedence
|
|
54
|
+
3. **UserAction (GRANT)** - Direct user grants
|
|
55
|
+
4. **Action Permission Logic** - Complex AND/OR rules`}
|
|
56
|
+
|
|
57
|
+
### API Endpoints Summary
|
|
58
|
+
|
|
59
|
+
#### Available Endpoints
|
|
60
|
+
- \u2705 **Actions**: CRUD operations, tree view${enableCompanyFeature?", filtered tree for permissions":""}${permissionMode===1||permissionMode===3?`
|
|
61
|
+
- \u2705 **Roles**: CRUD operations${enableCompanyFeature?" (auto-filtered by company)":""}
|
|
62
|
+
- \u2705 **Role-Actions**: Assign actions to roles, get role actions
|
|
63
|
+
- \u2705 **User-Roles**: Assign roles to users, get user roles`:`
|
|
64
|
+
- \u274C **Roles**: Disabled (RBAC mode not active)`}${permissionMode===2||permissionMode===3?`
|
|
65
|
+
- \u2705 **User-Actions**: Direct action assignment to users`:`
|
|
66
|
+
- \u274C **User-Actions**: Disabled (DIRECT mode not active)`}${enableCompanyFeature?`
|
|
67
|
+
- \u2705 **Company-Actions**: Whitelist actions for companies`:`
|
|
68
|
+
- \u274C **Company-Actions**: Disabled (company feature not enabled)`}
|
|
69
|
+
- \u2705 **My Permissions**: Get current user's complete permissions (includes menu-type actions)
|
|
70
|
+
|
|
71
|
+
### Best Practices
|
|
72
|
+
|
|
73
|
+
1. **Action Codes**: Use meaningful codes like \`user.create\`, \`order.view\`
|
|
74
|
+
2. **Hierarchical Actions**: Group related actions (use parentId for hierarchy)${permissionMode===1||permissionMode===3?`
|
|
75
|
+
3. **Role Design**: Create roles for common permission patterns`:""}${permissionMode===2||permissionMode===3?`
|
|
76
|
+
${permissionMode===3?"4":"3"}. **Direct Actions**: Use sparingly for exceptions`:""}${enableCompanyFeature?`
|
|
77
|
+
${permissionMode===3?"5":"4"}. **Company Whitelisting**: Set up action whitelist before assigning permissions
|
|
78
|
+
${permissionMode===3?"6":"5"}. **Branch Scoping**: Use branches for location-based access control`:""}
|
|
79
|
+
`,version:"1.0",path:"api/docs/iam",bearerAuth:true,excludeSchemaProperties,excludeTags,excludeQueryParameters}}__name(iamSwaggerConfig,"iamSwaggerConfig");init_entities();init_enums();import{Injectable as Injectable3}from"@nestjs/common";var PermissionEvaluatorHelper=class{evaluate(logic,context){if(!logic){return true}return this.evaluateNode(logic,context)}evaluateNode(node,context){switch(node.type){case"action":return this.evaluateAction(node.actionId,context);case"group":return this.evaluateGroup(node,context);default:return false}}evaluateAction(actionId,context){if(context.deniedActionIds.has(actionId)){return false}if(context.grantedActionIds.has(actionId)){return true}if(context.inheritedActionIds?.has(actionId)){return true}return false}evaluateGroup(node,context){if(!node.children||node.children.length===0){return false}const results=node.children.map(child=>this.evaluateNode(child,context));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}batchEvaluate(logics,context){const results=new Map;for(const item of logics){results.set(item.id,this.evaluate(item.logic,context))}return results}hasAnyAction(actionIds,context){return actionIds.some(actionId=>this.evaluateAction(actionId,context))}hasAllActions(actionIds,context){return actionIds.every(actionId=>this.evaluateAction(actionId,context))}hasAnyRole(roleIds,context){return roleIds.some(roleId=>context.roleIds.has(roleId))}hasAllRoles(roleIds,context){return roleIds.every(roleId=>context.roleIds.has(roleId))}evaluateLogicNode(logic,actionCodes){if(!logic){return true}return this.evaluateNodeSimple(logic,actionCodes)}evaluateNodeSimple(node,actionCodes){switch(node.type){case"action":return node.actionId?actionCodes.has(node.actionId):false;case"group":return this.evaluateGroupSimple(node,actionCodes);default:return false}}evaluateGroupSimple(node,actionCodes){if(!node.children||node.children.length===0){return node.operator==="AND"}const results=node.children.map(child=>this.evaluateNodeSimple(child,actionCodes));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}};__name(PermissionEvaluatorHelper,"PermissionEvaluatorHelper");PermissionEvaluatorHelper=__decorateClass([Injectable3()],PermissionEvaluatorHelper);init_permission_type_enum();var PermissionModeHelper=class{static{__name(this,"PermissionModeHelper")}static fromString(modeStr){if(!modeStr){return 3}const mode=IAMPermissionMode[modeStr];return mode??3}static toString(mode){return IAMPermissionMode[mode]}};import{CacheModule,UtilsModule}from"@flusys/nestjs-shared/modules";import{Module}from"@nestjs/common";import{getRepositoryToken}from"@nestjs/typeorm";init_entities();init_permission_type_enum();import{Inject as Inject5,Injectable as Injectable4,Optional}from"@nestjs/common";init_permission_type_enum();var IAMConfigService=class{options;constructor(injectedOptions){this.options=injectedOptions??{global:false,includeController:false}}getDatabaseMode(){return this.options.bootstrapAppConfig?.databaseMode??"single"}isMultiTenant(){return this.getDatabaseMode()==="multi-tenant"}getEnableCompanyFeature(){return this.options.bootstrapAppConfig?.enableCompanyFeature??false}isCompanyFeatureEnabled(){return this.getEnableCompanyFeature()}getPermissionMode(){return PermissionModeHelper.fromString(this.options.bootstrapAppConfig?.permissionMode)}isRbacEnabled(){const mode=this.getPermissionMode();return mode===1||mode===3}isDirectPermissionEnabled(){const mode=this.getPermissionMode();return mode===2||mode===3}getOptions(){return this.options}};__name(IAMConfigService,"IAMConfigService");IAMConfigService=__decorateClass([Injectable4(),__decorateParam(0,Optional()),__decorateParam(0,Inject5(IAM_MODULE_OPTIONS))],IAMConfigService);import{MultiTenantDataSourceService}from"@flusys/nestjs-shared/modules";import{Inject as Inject6,Injectable as Injectable5,Logger as Logger3,Optional as Optional2,Scope}from"@nestjs/common";import{REQUEST}from"@nestjs/core";var IAMDataSourceProvider=class extends MultiTenantDataSourceService{constructor(iamOptions,request){super(IAMDataSourceProvider.buildParentOptions(iamOptions),request);this.iamOptions=iamOptions}logger=new Logger3(IAMDataSourceProvider.name);static buildParentOptions(options){return{bootstrapAppConfig:options.bootstrapAppConfig,defaultDatabaseConfig:options.config?.defaultDatabaseConfig,tenantDefaultDatabaseConfig:options.config?.tenantDefaultDatabaseConfig,tenants:options.config?.tenants}}getEnableCompanyFeature(){return this.iamOptions.bootstrapAppConfig?.enableCompanyFeature??false}getEnableCompanyFeatureForTenant(tenant){return tenant?.enableCompanyFeature??this.getEnableCompanyFeature()}getEnableCompanyFeatureForCurrentTenant(){return this.getEnableCompanyFeatureForTenant(this.getCurrentTenant()??void 0)}async getIAMEntities(){const{Action:Action2,Role:Role2,RoleWithCompany:RoleWithCompany2,UserIamPermission:UserIamPermission2,UserIamPermissionWithCompany:UserIamPermissionWithCompany2,getIAMEntitiesByConfig:getIAMEntitiesByConfig2}=await Promise.resolve().then(()=>(init_entities(),entities_exports));const enableCompanyFeature=this.getEnableCompanyFeatureForCurrentTenant();const permissionMode=this.iamOptions.bootstrapAppConfig?.permissionMode||"FULL";return getIAMEntitiesByConfig2(enableCompanyFeature,permissionMode)}async createDataSourceFromConfig(config){const entities=await this.getIAMEntities();return super.createDataSourceFromConfig(config,entities)}async getSingleDataSource(){if(!IAMDataSourceProvider.singleDataSource){if(IAMDataSourceProvider.singleConnectionLock){return IAMDataSourceProvider.singleConnectionLock}const lockPromise=(async()=>{const config=this.getDefaultDatabaseConfig();if(!config){throw new Error("Default database config is not available")}const ds=await this.createDataSourceFromConfig(config);IAMDataSourceProvider.singleDataSource=ds;IAMDataSourceProvider.initialized=true;return ds})();IAMDataSourceProvider.singleConnectionLock=lockPromise;try{return await lockPromise}finally{IAMDataSourceProvider.singleConnectionLock=null}}return IAMDataSourceProvider.singleDataSource}async getOrCreateTenantConnection(tenant){const existing=IAMDataSourceProvider.tenantConnections.get(tenant.id);if(existing?.isInitialized){return existing}const pendingConnection=IAMDataSourceProvider.connectionLocks.get(tenant.id);if(pendingConnection){return pendingConnection}const config=this.buildTenantDatabaseConfig(tenant);const connectionPromise=this.createDataSourceFromConfig(config);IAMDataSourceProvider.connectionLocks.set(tenant.id,connectionPromise);try{const dataSource=await connectionPromise;IAMDataSourceProvider.tenantConnections.set(tenant.id,dataSource);return dataSource}finally{IAMDataSourceProvider.connectionLocks.delete(tenant.id)}}};__name(IAMDataSourceProvider,"IAMDataSourceProvider");__publicField(IAMDataSourceProvider,"tenantConnections",new Map);__publicField(IAMDataSourceProvider,"singleDataSource",null);__publicField(IAMDataSourceProvider,"tenantsRegistry",new Map);__publicField(IAMDataSourceProvider,"initialized",false);__publicField(IAMDataSourceProvider,"connectionLocks",new Map);__publicField(IAMDataSourceProvider,"singleConnectionLock",null);IAMDataSourceProvider=__decorateClass([Injectable5({scope:Scope.REQUEST}),__decorateParam(0,Inject6(IAM_MODULE_OPTIONS)),__decorateParam(1,Optional2()),__decorateParam(1,Inject6(REQUEST))],IAMDataSourceProvider);import{Inject as Inject7,Injectable as Injectable6,Logger as Logger4}from"@nestjs/common";var PermissionCacheService=class{constructor(cacheManager){this.cacheManager=cacheManager}logger=new Logger4(PermissionCacheService.name);TTL=36e5;ACTION_CODE_TTL=72e5;CACHE_PREFIX="permissions";MY_PERMISSIONS_PREFIX="my-permissions";ACTION_CODE_PREFIX="action-codes";generateCacheKey(options){const{userId,companyId,branchId,enableCompanyFeature}=options;if(enableCompanyFeature&&companyId){return`${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`}return`${this.CACHE_PREFIX}:user:${userId}`}generateMyPermissionsCacheKey(options){const{userId,companyId,branchId,enableCompanyFeature}=options;if(enableCompanyFeature&&companyId){return`${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`}return`${this.MY_PERMISSIONS_PREFIX}:user:${userId}`}async setPermissions(options,permissions){try{const key=this.generateCacheKey(options);await this.cacheManager.set(key,permissions,this.TTL);this.logger.debug(`Cached ${permissions.length} permissions for key: ${key}`)}catch(error){this.logger.error(`Failed to cache permissions: ${error}`)}}async getPermissions(options){try{const key=this.generateCacheKey(options);const result=await this.cacheManager.get(key);return result||null}catch(error){this.logger.error(`Failed to get permissions from cache: ${error}`);return null}}async setMyPermissions(options,data){try{const key=this.generateMyPermissionsCacheKey(options);await this.cacheManager.set(key,data,this.TTL);this.logger.debug(`Cached my-permissions for key: ${key} (${data.frontendActions.length} frontend, ${data.backendCodes.length} backend)`)}catch(error){this.logger.error(`Failed to cache my-permissions: ${error}`)}}async getMyPermissions(options){try{const key=this.generateMyPermissionsCacheKey(options);const result=await this.cacheManager.get(key);if(result){this.logger.debug(`Cache hit for my-permissions: ${key}`)}return result||null}catch(error){this.logger.error(`Failed to get my-permissions from cache: ${error}`);return null}}async setActionCodeMap(codeToIdMap){try{const key=`${this.ACTION_CODE_PREFIX}:map`;await this.cacheManager.set(key,codeToIdMap,this.ACTION_CODE_TTL);this.logger.debug(`Cached ${Object.keys(codeToIdMap).length} action code mappings`)}catch(error){this.logger.error(`Failed to cache action code map: ${error}`)}}async getActionIdsByCodes(codes){try{const key=`${this.ACTION_CODE_PREFIX}:map`;const fullMap=await this.cacheManager.get(key);if(!fullMap){return null}const result={};for(const code of codes){if(fullMap[code]){result[code]=fullMap[code]}}return Object.keys(result).length>0?result:null}catch(error){this.logger.error(`Failed to get action IDs from cache: ${error}`);return null}}async invalidateActionCodeCache(){try{const key=`${this.ACTION_CODE_PREFIX}:map`;await this.cacheManager.del(key);this.logger.debug("Invalidated action code cache")}catch(error){this.logger.warn(`Failed to invalidate action code cache: ${error}`)}}async invalidateUser(userId,companyId,branchIds){try{const keysToDelete=[`${this.CACHE_PREFIX}:user:${userId}`,`${this.MY_PERMISSIONS_PREFIX}:user:${userId}`];if(companyId){const branches=branchIds?.length?branchIds:[null];for(const branchId of branches){keysToDelete.push(`${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`,`${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`)}}await Promise.all(keysToDelete.map(key=>this.cacheManager.del(key)));this.logger.debug(`Invalidated ${keysToDelete.length} cache keys for user ${userId}`)}catch(error){this.logger.warn(`Failed to invalidate user cache for ${userId}: ${error}`)}}async invalidateUsers(userIds,companyId,branchIds){if(userIds.length===0){return 0}const results=await Promise.allSettled(userIds.map(userId=>this.invalidateUser(userId,companyId,branchIds)));const successCount=results.filter(r=>r.status==="fulfilled").length;const failedCount=results.filter(r=>r.status==="rejected").length;if(failedCount>0){this.logger.warn(`Failed to invalidate cache for ${failedCount} users`)}if(successCount>0){this.logger.log(`Invalidated cache for ${successCount} users`)}return successCount}async invalidateCompany(companyId){this.logger.warn(`invalidateCompany called for ${companyId}, but pattern matching is not supported. Use invalidateUsers() with specific user IDs instead.`);return 0}async invalidateRole(roleId,userIds,companyId,branchIds){if(userIds.length===0){this.logger.debug(`No users found for role ${roleId}`);return 0}const count=await this.invalidateUsers(userIds,companyId,branchIds);if(count>0){this.logger.log(`Invalidated cache for ${count} users with role ${roleId}`)}return count}async clearAll(){try{await this.cacheManager.reset();await this.cacheManager.resetL2();this.logger.warn("Cleared all cache entries (memory and redis)")}catch(error){this.logger.error(`Failed to clear all caches: ${error}`)}}};__name(PermissionCacheService,"PermissionCacheService");PermissionCacheService=__decorateClass([Injectable6(),__decorateParam(0,Inject7("CACHE_INSTANCE"))],PermissionCacheService);import{Injectable as Injectable7,Logger as Logger5,Scope as Scope2}from"@nestjs/common";import{In as In2,IsNull}from"typeorm";init_action_entity();init_permission_with_company_entity();init_role_with_company_entity();init_role_entity();init_user_iam_permission_entity();init_action_type_enum();init_permission_type_enum();var PermissionService=class{constructor(permissionEvaluator,permissionCacheService,iamConfigService,dataSourceProvider){this.permissionEvaluator=permissionEvaluator;this.permissionCacheService=permissionCacheService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new Logger5(PermissionService.name);async getPermissionRepository(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const entity=enableCompanyFeature?UserIamPermissionWithCompany:UserIamPermission;return this.dataSourceProvider.getRepository(entity)}async getActionRepository(){return this.dataSourceProvider.getRepository(Action)}async getRoleRepository(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const entity=enableCompanyFeature?RoleWithCompany:Role;return this.dataSourceProvider.getRepository(entity)}async assignUserActions(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const branchId=dto.branchId??null;const companyId=dto.companyId??null;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const actionIdsToAdd=itemsToAdd.map(item=>item.id);const whereFind={permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:In2(actionIdsToAdd)};if(enableCompanyFeature){if(companyId)whereFind.companyId=companyId;if(branchId)whereFind.branchId=branchId}const existingPermissions=await permissionRepo.find({where:whereFind,select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingActionIds.has(item.id)).map(item=>({permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:item.id,userId:dto.userId,companyId:enableCompanyFeature?companyId:null,branchId:enableCompanyFeature?branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const whereDelete={permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:In2(actionIdsToRemove)};if(enableCompanyFeature){if(companyId)whereDelete.companyId=companyId;if(branchId)whereDelete.branchId=branchId}const result=await permissionRepo.delete(whereDelete);removed=result.affected||0}await this.invalidateUserPermissionCache(dto.userId,branchId,companyId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed`}}async getUserActions(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const where={permissionType:"user_action",sourceType:"user",sourceId:userId};if(enableCompanyFeature){if(companyId){where.companyId=companyId}if(branchId){where.branchId=branchId}else{where.branchId=null}}const permissions=await permissionRepo.find({where});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actionWhere={id:In2(actionIds)};const actions=await actionRepo.find({where:actionWhere});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,userId:p.userId,actionId:action.id,actionCode:action.code??"",actionName:action.name,branchId:("branchId"in p?p.branchId:null)??null,createdAt:p.createdAt}})}async assignRoleActions(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let roleCompanyId=null;if(enableCompanyFeature){const roleRepo=await this.getRoleRepository();const role=await roleRepo.findOne({where:{id:dto.roleId},select:["id","companyId"]});roleCompanyId=role?.companyId??null}const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const actionIdsToAdd=itemsToAdd.map(item=>item.id);const existingPermissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:In2(actionIdsToAdd)},select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingActionIds.has(item.id)).map(item=>({permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:item.id,userId:null,companyId:enableCompanyFeature?roleCompanyId:null,branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const result=await permissionRepo.delete({permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:In2(actionIdsToRemove)});removed=result.affected||0}const affectedUsers=await this.invalidateRoleMembersCache(dto.roleId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed. Invalidated cache for ${affectedUsers} users.`}}async getRoleActions(roleId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const permissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:roleId}});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actionWhere={id:In2(actionIds)};const actions=await actionRepo.find({where:actionWhere});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,roleId:p.sourceId,actionId:action.id,actionCode:action.code??"",actionName:action.name,createdAt:p.createdAt}})}async assignCompanyActions(dto){const permissionRepo=await this.getPermissionRepository();const dataSource=permissionRepo.manager.connection;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;let removedRoleActions=0;let removedUserActions=0;await dataSource.transaction(async manager=>{const transactionalPermissionRepo=manager.getRepository(permissionRepo.target);if(itemsToAdd.length>0){added=await this.addCompanyActions(transactionalPermissionRepo,dto.companyId,itemsToAdd.map(item=>item.id))}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const cascadeResult=await this.removeCompanyActionsWithCascade(manager,dto.companyId,actionIdsToRemove);removed=cascadeResult.removedCompanyActions;removedRoleActions=cascadeResult.removedRoleActions;removedUserActions=cascadeResult.removedUserActions}});const affectedCacheEntries=await this.invalidateCompanyMembersCache(dto.companyId);const cascadeInfo=removedRoleActions>0||removedUserActions>0?` Cascaded removal: ${removedRoleActions} role permissions, ${removedUserActions} user permissions.`:"";return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed.${cascadeInfo} Invalidated ${affectedCacheEntries} cache entries.`}}async addCompanyActions(permissionRepo,companyId,actionIds){const existingPermissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:In2(actionIds)},select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newActionIds=actionIds.filter(id=>!existingActionIds.has(id));if(newActionIds.length===0){return 0}const newPermissions=newActionIds.map(actionId=>permissionRepo.create({permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:actionId,userId:null}));await permissionRepo.save(newPermissions);return newPermissions.length}async removeCompanyActionsWithCascade(manager,companyId,actionIds){const permissionEntity=this.iamConfigService.isCompanyFeatureEnabled()?UserIamPermissionWithCompany:UserIamPermission;const permissionRepo=manager.getRepository(permissionEntity);const companyResult=await permissionRepo.delete({permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:In2(actionIds)});const roleEntity=this.iamConfigService.isCompanyFeatureEnabled()?RoleWithCompany:Role;const roleRepo=manager.getRepository(roleEntity);const companyRoles=await roleRepo.find({where:{companyId,deletedAt:IsNull()},select:["id"]});let removedRoleActions=0;let removedUserActions=0;if(companyRoles.length>0){const roleIds=companyRoles.map(role=>role.id);const roleResult=await permissionRepo.delete({permissionType:"role_action",sourceType:"role",sourceId:In2(roleIds),targetType:"action",targetId:In2(actionIds)});removedRoleActions=roleResult.affected||0}if(this.iamConfigService.isCompanyFeatureEnabled()){const userResult=await permissionRepo.delete({permissionType:"user_action",companyId,targetType:"action",targetId:In2(actionIds)});removedUserActions=userResult.affected||0}if(removedRoleActions>0||removedUserActions>0){this.logger.log(`Cascade deleted for company ${companyId}: ${removedRoleActions} role actions, ${removedUserActions} user actions`)}return{removedCompanyActions:companyResult.affected||0,removedRoleActions,removedUserActions}}async getCompanyActions(companyId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const permissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId}});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actions=await actionRepo.find({where:{id:In2(actionIds)}});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,companyId,actionId:action.id,actionCode:action.code??"",actionName:action.name,createdAt:p.createdAt}})}async getCompanyActionIds(companyId){const permissionRepo=await this.getPermissionRepository();const permissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId},select:["targetId"]});return permissions.map(p=>p.targetId)}async assignUserRoles(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const branchId=dto.branchId??null;const companyId=dto.companyId??null;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const roleIdsToAdd=itemsToAdd.map(item=>item.id);const whereFind={permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:In2(roleIdsToAdd)};if(enableCompanyFeature){if(companyId)whereFind.companyId=companyId;if(branchId)whereFind.branchId=branchId}const existingPermissions=await permissionRepo.find({where:whereFind,select:["targetId"]});const existingRoleIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingRoleIds.has(item.id)).map(item=>({permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:item.id,userId:dto.userId,companyId:enableCompanyFeature?companyId:null,branchId:enableCompanyFeature?branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const roleIdsToRemove=itemsToRemove.map(item=>item.id);const whereDelete={permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:In2(roleIdsToRemove)};if(enableCompanyFeature){if(companyId)whereDelete.companyId=companyId;if(branchId)whereDelete.branchId=branchId}const result=await permissionRepo.delete(whereDelete);removed=result.affected||0}await this.invalidateUserPermissionCache(dto.userId,branchId,companyId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed`}}async getUserRoles(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const roleRepo=await this.getRoleRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const where={permissionType:"user_role",sourceType:"user",sourceId:userId};if(enableCompanyFeature){if(companyId){where.companyId=companyId}if(branchId){where.branchId=branchId}else{where.branchId=null}}const permissions=await permissionRepo.find({where});if(permissions.length===0){return[]}const roleIds=permissions.map(p=>p.targetId);const roleWhere={id:In2(roleIds)};const roles=await roleRepo.find({where:roleWhere});const roleMap=new Map(roles.map(r=>[r.id,r]));return permissions.filter(p=>roleMap.has(p.targetId)).map(p=>{const role=roleMap.get(p.targetId);const permissionEntity=p;return{id:p.id,userId:p.userId,roleId:role.id,roleName:role.name,branchId:enableCompanyFeature?permissionEntity.branchId??null:null,createdAt:p.createdAt}})}async getMyPermissions(userId,branchId,companyId,parentCodes){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const cacheOptions={userId,companyId,branchId,enableCompanyFeature};const cachedData=await this.permissionCacheService.getMyPermissions(cacheOptions);if(cachedData){return this.buildResponseFromCache(cachedData,parentCodes)}const freshData=await this.fetchAndCachePermissions(userId,branchId,companyId);return this.buildResponseFromCache(freshData,parentCodes)}async buildResponseFromCache(cachedData,parentCodes){let frontendActions=cachedData.frontendActions;if(parentCodes?.length){const parentIds=await this.getParentIdsByCodesWithCache(parentCodes);if(parentIds.size>0){frontendActions=frontendActions.filter(a=>a.parentId&&parentIds.has(a.parentId))}else{frontendActions=[]}}return{frontendActions:frontendActions.map(a=>({id:a.id,code:a.code,name:a.name,description:a.description})),cachedEndpoints:cachedData.backendCodes.length}}async getParentIdsByCodesWithCache(codes){const cachedMap=await this.permissionCacheService.getActionIdsByCodes(codes);if(cachedMap){return new Set(Object.values(cachedMap))}const actionRepo=await this.getActionRepository();const allActions=await actionRepo.find({select:["id","code"]});const fullMap={};for(const action of allActions){if(action.code){fullMap[action.code]=action.id}}await this.permissionCacheService.setActionCodeMap(fullMap);return new Set(codes.map(code=>fullMap[code]).filter(Boolean))}async fetchAndCachePermissions(userId,branchId,companyId){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const permissionMode=this.iamConfigService.getPermissionMode();const cacheOptions={userId,companyId,branchId,enableCompanyFeature};const emptyData={frontendActions:[],backendCodes:[]};const allActionIds=new Set;if(permissionMode===1||permissionMode===3){const userRoleIds=await this.getUserRoleIds(userId,branchId,companyId);if(userRoleIds.length>0){const roleActionIds=await this.getRoleActionIds(userRoleIds);roleActionIds.forEach(id=>allActionIds.add(id))}}if(permissionMode===2||permissionMode===3){const userActionIds=await this.getUserActionIds(userId,branchId,companyId);userActionIds.forEach(id=>allActionIds.add(id))}if(allActionIds.size===0){await this.permissionCacheService.setMyPermissions(cacheOptions,emptyData);return emptyData}if(enableCompanyFeature&&companyId){const companyActionIds=await this.getCompanyActionIds(companyId);if(companyActionIds.length>0){const allowedActionIds=new Set(companyActionIds);for(const actionId of allActionIds){if(!allowedActionIds.has(actionId)){allActionIds.delete(actionId)}}}}if(allActionIds.size===0){await this.permissionCacheService.setMyPermissions(cacheOptions,emptyData);return emptyData}const actionRepo=await this.getActionRepository();const actions=await actionRepo.find({where:{id:In2(Array.from(allActionIds))}});const backendActions=actions.filter(a=>a.actionType==="backend"||a.actionType==="both");const frontendActions=actions.filter(a=>a.actionType==="frontend"||a.actionType==="both");const backendCodes=backendActions.map(a=>a.code).filter(c=>!!c);const cacheData={frontendActions:frontendActions.map(a=>({id:a.id,code:a.code??"",name:a.name,description:a.description,parentId:a.parentId})),backendCodes};await Promise.all([this.permissionCacheService.setMyPermissions(cacheOptions,cacheData),this.permissionCacheService.setPermissions(cacheOptions,backendCodes)]);return cacheData}async getUserRoleIds(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(!enableCompanyFeature){const permissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId}});return permissions.map(p=>p.targetId)}const roleIds=new Set;const companyWidePermissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId,branchId:IsNull(),companyId}});companyWidePermissions.forEach(p=>roleIds.add(p.targetId));if(branchId){const branchPermissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId,branchId,companyId}});branchPermissions.forEach(p=>roleIds.add(p.targetId))}return Array.from(roleIds)}async getRoleActionIds(roleIds){const permissionRepo=await this.getPermissionRepository();const permissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:In2(roleIds)}});return permissions.map(p=>p.targetId)}async getUserActionIds(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(!enableCompanyFeature){const permissions=await permissionRepo.find({where:{permissionType:"user_action",sourceType:"user",sourceId:userId}});return permissions.map(p=>p.targetId)}const actionIds=new Set;const companyWideWhere={permissionType:"user_action",sourceType:"user",sourceId:userId,branchId:IsNull()};if(companyId){companyWideWhere.companyId=companyId}const companyWidePermissions=await permissionRepo.find({where:companyWideWhere});companyWidePermissions.forEach(p=>actionIds.add(p.targetId));if(branchId){const branchWhere={permissionType:"user_action",sourceType:"user",sourceId:userId,branchId};if(companyId){branchWhere.companyId=companyId}const branchPermissions=await permissionRepo.find({where:branchWhere});branchPermissions.forEach(p=>actionIds.add(p.targetId))}return Array.from(actionIds)}async invalidateUserPermissionCache(userId,branchId,companyId){const branchIds=branchId!==void 0?[branchId]:[null];await this.permissionCacheService.invalidateUser(userId,companyId,branchIds)}async invalidateRoleMembersCache(roleId){const permissionRepo=await this.getPermissionRepository();const roleRepo=await this.getRoleRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const userRoles=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",targetType:"role",targetId:roleId}});const userIds=[...new Set(userRoles.map(ur=>ur.sourceId))];if(userIds.length===0){return 0}const role=await roleRepo.findOne({where:{id:roleId}});const companyId=role?.companyId||null;let branchIds=[null];if(enableCompanyFeature&&companyId){const userBranches=await permissionRepo.createQueryBuilder("p").select("DISTINCT p.branch_id","branchId").where("p.user_id IN (:...userIds)",{userIds}).andWhere("p.company_id = :companyId",{companyId}).getRawMany();branchIds=[...new Set(userBranches.map(p=>p.branchId))]}return await this.permissionCacheService.invalidateRole(roleId,userIds,companyId,branchIds)}async invalidateCompanyMembersCache(companyId){if(!this.iamConfigService.isCompanyFeatureEnabled()){return 0}const permissionRepo=await this.getPermissionRepository();const userPermissions=await permissionRepo.createQueryBuilder("p").select("DISTINCT p.user_id","userId").addSelect("p.branch_id","branchId").where("p.company_id = :companyId",{companyId}).andWhere("p.user_id IS NOT NULL").getRawMany();const userIds=[...new Set(userPermissions.map(p=>p.userId).filter(Boolean))];const branchIds=[...new Set(userPermissions.map(p=>p.branchId))];if(userIds.length===0){return 0}return await this.permissionCacheService.invalidateUsers(userIds,companyId,branchIds)}};__name(PermissionService,"PermissionService");PermissionService=__decorateClass([Injectable7({scope:Scope2.REQUEST})],PermissionService);var IAMModule=class{static getControllers(permissionMode,enableCompanyFeature){const baseControllers=[ActionController,MyPermissionController];if(permissionMode===2){baseControllers.push(UserActionPermissionController)}if(permissionMode===1){baseControllers.push(RoleController);baseControllers.push(RolePermissionController)}if(permissionMode===3){baseControllers.push(RoleController);baseControllers.push(UserActionPermissionController);baseControllers.push(RolePermissionController)}if(enableCompanyFeature){baseControllers.push(CompanyActionPermissionController)}return baseControllers}static getEntities(permissionMode,enableCompanyFeature){const entities=[];entities.push(Action);if(enableCompanyFeature){entities.push(UserIamPermissionWithCompany)}else{entities.push(UserIamPermission)}if(permissionMode===1||permissionMode===3){if(enableCompanyFeature){entities.push(RoleWithCompany)}else{entities.push(Role)}}return entities}static getServices(permissionMode){const services=[ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper];if(permissionMode===1||permissionMode===3){services.push(RoleService)}return services}static getRepositoryProviders(permissionMode,enableCompanyFeature){const entities=this.getEntities(permissionMode,enableCompanyFeature);return entities.map(entity=>({provide:getRepositoryToken(entity),useFactory:__name(async dataSourceProvider=>{return await dataSourceProvider.getRepository(entity)},"useFactory"),inject:[IAMDataSourceProvider]}))}static forRoot(options={}){const{global=false,includeController=false}=options;const databaseMode=options.bootstrapAppConfig?.databaseMode;const enableCompanyFeature=options.bootstrapAppConfig?.enableCompanyFeature??false;const permissionMode=PermissionModeHelper.fromString(options.bootstrapAppConfig?.permissionMode);const isMultiTenant=databaseMode==="multi-tenant";const entities=this.getEntities(permissionMode,enableCompanyFeature);const controllers=includeController?this.getControllers(permissionMode,enableCompanyFeature):[];const providers=[{provide:IAM_MODULE_OPTIONS,useValue:options},IAMConfigService,IAMDataSourceProvider,...this.getRepositoryProviders(permissionMode,enableCompanyFeature),...this.getServices(permissionMode)];const imports=[CacheModule,UtilsModule];const module={module:IAMModule,imports,controllers,providers,exports:[IAMConfigService,IAMDataSourceProvider,ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper,...permissionMode===1||permissionMode===3?[RoleService]:[]]};if(global){return{...module,global:true}}return module}static forRootAsync(asyncOptions){const{global=false,includeController=false,imports:externalImports=[]}=asyncOptions;const databaseMode=asyncOptions.bootstrapAppConfig?.databaseMode;const enableCompanyFeature=asyncOptions.bootstrapAppConfig?.enableCompanyFeature??false;const permissionMode=PermissionModeHelper.fromString(asyncOptions.bootstrapAppConfig?.permissionMode);const isMultiTenant=databaseMode==="multi-tenant";const entities=this.getEntities(permissionMode,enableCompanyFeature);const controllers=includeController?this.getControllers(permissionMode,enableCompanyFeature):[];const asyncProviders=this.createAsyncProviders(asyncOptions);const providers=[...asyncProviders,IAMConfigService,IAMDataSourceProvider,...this.getRepositoryProviders(permissionMode,enableCompanyFeature),...this.getServices(permissionMode)];const imports=[...externalImports,CacheModule,UtilsModule];const module={module:IAMModule,imports,controllers,providers,exports:[IAMConfigService,IAMDataSourceProvider,ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper,...permissionMode===1||permissionMode===3?[RoleService]:[]]};if(global){return{...module,global:true}}return module}static createAsyncProviders(options){if(options.useExisting||options.useFactory){return[this.createAsyncOptionsProvider(options)]}const useClass=options.useClass;return[this.createAsyncOptionsProvider(options),{provide:useClass,useClass}]}static createAsyncOptionsProvider(options){if(options.useFactory){return{provide:IAM_MODULE_OPTIONS,useFactory:options.useFactory,inject:options.inject||[]}}const inject=[options.useClass||options.useExisting];return{provide:IAM_MODULE_OPTIONS,useFactory:__name(async optionsFactory=>optionsFactory.createIAMOptions(),"useFactory"),inject}}static forFeature(options={}){return this.forRoot(options)}};__name(IAMModule,"IAMModule");IAMModule=__decorateClass([Module({})],IAMModule);var LogicOperator=(LogicOperator2=>{LogicOperator2["AND"]="AND";LogicOperator2["OR"]="OR";return LogicOperator2})(LogicOperator||{});var LogicNodeType=(LogicNodeType2=>{LogicNodeType2["GROUP"]="group";LogicNodeType2["ACTION"]="action";return LogicNodeType2})(LogicNodeType||{});export{Action,ActionBase,ActionController,ActionQueryDto,ActionResponseDto,ActionService,ActionTreeDto,ActionTreeQueryDto,ActionType,AssignCompanyActionsDto,AssignRoleActionsDto,AssignUserActionsDto,AssignUserRolesDto,CompanyActionPermissionController,CompanyActionResponseDto,CreateActionDto,CreateRoleDto,FrontendActionDto,GetCompanyActionsDto,GetRoleActionsDto,GetUserActionsDto,GetUserRolesDto,IAMAllEntities,IAMCompanyEntities,IAMConfigService,IAMCoreEntities,IAMDataSourceProvider,IAMModule,IAMPermissionMode,IAM_MODULE_OPTIONS,IamEntityType,IamPermissionType,LogicNodeType,LogicOperator,MyPermissionController,MyPermissionsQueryDto,MyPermissionsResponseDto,PermissionAction,PermissionBase,PermissionCacheService,PermissionEvaluatorHelper,PermissionItemDto,PermissionModeHelper,PermissionOperationResultDto,PermissionService,Role,RoleActionResponseDto,RoleBase,RoleController,RolePermissionController,RoleQueryDto,RoleResponseDto,RoleService,RoleWithCompany,UpdateActionDto,UpdateRoleDto,UserActionPermissionController,UserActionResponseDto,UserIamPermission,UserIamPermissionWithCompany,UserRoleResponseDto,getIAMEntitiesByConfig,iamSwaggerConfig};
|
|
File without changes
|