@flusys/nestjs-iam 0.1.0-beta.1 → 0.1.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (118) hide show
  1. package/README.md +665 -0
  2. package/cjs/config/iam.constants.js +11 -0
  3. package/cjs/config/index.js +18 -0
  4. package/cjs/controllers/action.controller.js +117 -0
  5. package/cjs/controllers/company-action-permission.controller.js +110 -0
  6. package/cjs/controllers/index.js +23 -0
  7. package/cjs/controllers/my-permission.controller.js +90 -0
  8. package/cjs/controllers/role-permission.controller.js +160 -0
  9. package/cjs/controllers/role.controller.js +58 -0
  10. package/cjs/controllers/user-action-permission.controller.js +110 -0
  11. package/cjs/docs/iam-swagger.config.js +202 -0
  12. package/cjs/docs/index.js +18 -0
  13. package/cjs/dtos/action.dto.js +347 -0
  14. package/cjs/dtos/index.js +21 -0
  15. package/cjs/dtos/permission.dto.js +554 -0
  16. package/cjs/dtos/role.dto.js +238 -0
  17. package/cjs/entities/action-base.entity.js +135 -0
  18. package/cjs/entities/action.entity.js +28 -0
  19. package/cjs/entities/index.js +81 -0
  20. package/cjs/entities/permission-base.entity.js +156 -0
  21. package/cjs/entities/permission-with-company.entity.js +99 -0
  22. package/cjs/entities/role-base.entity.js +86 -0
  23. package/cjs/entities/role-with-company.entity.js +55 -0
  24. package/cjs/entities/role.entity.js +25 -0
  25. package/cjs/entities/user-iam-permission.entity.js +57 -0
  26. package/cjs/enums/action-type.enum.js +22 -0
  27. package/cjs/enums/index.js +19 -0
  28. package/cjs/enums/permission-type.enum.js +16 -0
  29. package/cjs/helpers/index.js +19 -0
  30. package/cjs/helpers/permission-evaluator.helper.js +175 -0
  31. package/cjs/helpers/permission-mode.helper.js +49 -0
  32. package/cjs/index.js +28 -79
  33. package/cjs/interfaces/action.interface.js +4 -0
  34. package/cjs/interfaces/iam-module-async-options.interface.js +4 -0
  35. package/cjs/interfaces/iam-module-options.interface.js +18 -0
  36. package/cjs/interfaces/index.js +21 -0
  37. package/cjs/interfaces/role.interface.js +7 -0
  38. package/cjs/modules/iam.module.js +237 -0
  39. package/cjs/modules/index.js +18 -0
  40. package/cjs/services/action.service.js +253 -0
  41. package/cjs/services/iam-config.service.js +107 -0
  42. package/cjs/services/iam-datasource.provider.js +205 -0
  43. package/cjs/services/index.js +23 -0
  44. package/cjs/services/permission-cache.service.js +308 -0
  45. package/cjs/services/permission.service.js +1020 -0
  46. package/cjs/services/role.service.js +181 -0
  47. package/cjs/types/index.js +18 -0
  48. package/cjs/types/logic-node.type.js +54 -0
  49. package/fesm/config/iam.constants.js +1 -0
  50. package/fesm/config/index.js +1 -0
  51. package/fesm/controllers/action.controller.js +107 -0
  52. package/fesm/controllers/company-action-permission.controller.js +100 -0
  53. package/fesm/controllers/index.js +7 -0
  54. package/fesm/controllers/my-permission.controller.js +80 -0
  55. package/fesm/controllers/role-permission.controller.js +150 -0
  56. package/fesm/controllers/role.controller.js +48 -0
  57. package/fesm/controllers/user-action-permission.controller.js +100 -0
  58. package/fesm/docs/iam-swagger.config.js +192 -0
  59. package/fesm/docs/index.js +1 -0
  60. package/fesm/dtos/action.dto.js +317 -0
  61. package/fesm/dtos/index.js +4 -0
  62. package/fesm/dtos/permission.dto.js +490 -0
  63. package/fesm/dtos/role.dto.js +214 -0
  64. package/fesm/entities/action-base.entity.js +128 -0
  65. package/fesm/entities/action.entity.js +18 -0
  66. package/fesm/entities/index.js +56 -0
  67. package/fesm/entities/permission-base.entity.js +138 -0
  68. package/fesm/entities/permission-with-company.entity.js +89 -0
  69. package/fesm/entities/role-base.entity.js +79 -0
  70. package/fesm/entities/role-with-company.entity.js +45 -0
  71. package/fesm/entities/role.entity.js +15 -0
  72. package/fesm/entities/user-iam-permission.entity.js +38 -0
  73. package/fesm/enums/action-type.enum.js +12 -0
  74. package/fesm/enums/index.js +2 -0
  75. package/fesm/enums/permission-type.enum.js +6 -0
  76. package/fesm/helpers/index.js +2 -0
  77. package/fesm/helpers/permission-evaluator.helper.js +165 -0
  78. package/fesm/helpers/permission-mode.helper.js +49 -0
  79. package/fesm/index.js +11 -79
  80. package/fesm/interfaces/action.interface.js +3 -0
  81. package/fesm/interfaces/iam-module-async-options.interface.js +3 -0
  82. package/fesm/interfaces/iam-module-options.interface.js +1 -0
  83. package/fesm/interfaces/index.js +4 -0
  84. package/fesm/interfaces/role.interface.js +4 -0
  85. package/fesm/modules/iam.module.js +227 -0
  86. package/fesm/modules/index.js +1 -0
  87. package/fesm/services/action.service.js +243 -0
  88. package/fesm/services/iam-config.service.js +97 -0
  89. package/fesm/services/iam-datasource.provider.js +154 -0
  90. package/fesm/services/index.js +6 -0
  91. package/fesm/services/permission-cache.service.js +298 -0
  92. package/fesm/services/permission.service.js +1010 -0
  93. package/fesm/services/role.service.js +171 -0
  94. package/fesm/types/index.js +1 -0
  95. package/fesm/types/logic-node.type.js +36 -0
  96. package/package.json +25 -25
  97. package/cjs/config-index.js +0 -1
  98. package/cjs/controllers-index.js +0 -1
  99. package/cjs/docs-index.js +0 -79
  100. package/cjs/dtos-index.js +0 -1
  101. package/cjs/entities-index.js +0 -1
  102. package/cjs/enums-index.js +0 -1
  103. package/cjs/helpers-index.js +0 -1
  104. package/cjs/interfaces-index.js +0 -1
  105. package/cjs/modules-index.js +0 -1
  106. package/cjs/services-index.js +0 -1
  107. package/cjs/types-index.js +0 -1
  108. package/fesm/config-index.js +0 -1
  109. package/fesm/controllers-index.js +0 -1
  110. package/fesm/docs-index.js +0 -79
  111. package/fesm/dtos-index.js +0 -1
  112. package/fesm/entities-index.js +0 -1
  113. package/fesm/enums-index.js +0 -1
  114. package/fesm/helpers-index.js +0 -1
  115. package/fesm/interfaces-index.js +0 -0
  116. package/fesm/modules-index.js +0 -1
  117. package/fesm/services-index.js +0 -1
  118. package/fesm/types-index.js +0 -1
@@ -0,0 +1,181 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", {
3
+ value: true
4
+ });
5
+ Object.defineProperty(exports, "RoleService", {
6
+ enumerable: true,
7
+ get: function() {
8
+ return RoleService;
9
+ }
10
+ });
11
+ const _classes = require("@flusys/nestjs-shared/classes");
12
+ const _modules = require("@flusys/nestjs-shared/modules");
13
+ const _common = require("@nestjs/common");
14
+ const _rolewithcompanyentity = require("../entities/role-with-company.entity");
15
+ const _roleentity = require("../entities/role.entity");
16
+ const _iamconfigservice = require("./iam-config.service");
17
+ const _iamdatasourceprovider = require("./iam-datasource.provider");
18
+ function _define_property(obj, key, value) {
19
+ if (key in obj) {
20
+ Object.defineProperty(obj, key, {
21
+ value: value,
22
+ enumerable: true,
23
+ configurable: true,
24
+ writable: true
25
+ });
26
+ } else {
27
+ obj[key] = value;
28
+ }
29
+ return obj;
30
+ }
31
+ function _ts_decorate(decorators, target, key, desc) {
32
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
33
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
34
+ else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
35
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
36
+ }
37
+ function _ts_metadata(k, v) {
38
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
39
+ }
40
+ function _ts_param(paramIndex, decorator) {
41
+ return function(target, key) {
42
+ decorator(target, key, paramIndex);
43
+ };
44
+ }
45
+ let RoleService = class RoleService extends _classes.RequestScopedApiService {
46
+ /**
47
+ * Resolve entity class for this service
48
+ * @returns Role or RoleWithCompany based on configuration
49
+ */ resolveEntity() {
50
+ const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
51
+ return enableCompanyFeature ? _rolewithcompanyentity.RoleWithCompany : _roleentity.Role;
52
+ }
53
+ /**
54
+ * Get DataSource provider for this service
55
+ * @returns IAMDataSourceProvider instance
56
+ */ getDataSourceProvider() {
57
+ return this.dataSourceProvider;
58
+ }
59
+ // ==================== Entity Conversion ====================
60
+ async convertSingleDtoToEntity(dto, user) {
61
+ const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
62
+ let role = {};
63
+ let isUpdate = false;
64
+ if ('id' in dto && dto.id && typeof dto.id === 'string') {
65
+ const dbData = await this.repository.findOne({
66
+ where: {
67
+ id: dto.id
68
+ }
69
+ });
70
+ if (!dbData) {
71
+ throw new _common.NotFoundException('Role not found');
72
+ }
73
+ role = dbData;
74
+ isUpdate = true;
75
+ }
76
+ // Merge DTO into role
77
+ role = {
78
+ ...role,
79
+ ...dto
80
+ };
81
+ // If company feature is enabled, handle companyId
82
+ if (enableCompanyFeature) {
83
+ if (isUpdate) {
84
+ // During update: Only set companyId if explicitly provided in DTO, otherwise keep existing
85
+ if (dto.companyId !== undefined) {
86
+ role.companyId = dto.companyId;
87
+ }
88
+ // If companyId is not in role at all (shouldn't happen), set from user
89
+ if (!('companyId' in role) || role.companyId === undefined) {
90
+ role.companyId = user?.companyId ?? null;
91
+ }
92
+ } else {
93
+ // During creation: Use DTO's companyId if provided, otherwise use user's companyId
94
+ role.companyId = dto.companyId ?? user?.companyId ?? null;
95
+ }
96
+ }
97
+ return role;
98
+ }
99
+ async getSelectQuery(query, _user, select) {
100
+ if (!select || !select.length) {
101
+ select = [
102
+ 'id',
103
+ 'name',
104
+ 'description',
105
+ 'isActive',
106
+ 'companyId',
107
+ 'serial',
108
+ 'createdAt'
109
+ ];
110
+ }
111
+ const selectFields = select.map((field)=>`${this.entityName}.${field}`);
112
+ query.select(selectFields);
113
+ return {
114
+ query,
115
+ isRaw: false
116
+ };
117
+ }
118
+ async getGlobalSearchQuery(query, search, _user) {
119
+ query.andWhere('(role.name LIKE :search OR role.description LIKE :search)', {
120
+ search: `%${search}%`
121
+ });
122
+ return {
123
+ query,
124
+ isRaw: false
125
+ };
126
+ }
127
+ /**
128
+ * Override: Extra query manipulation - Auto-filter by user's company
129
+ */ async getExtraManipulateQuery(query, filterDto, user) {
130
+ const result = await super.getExtraManipulateQuery(query, filterDto, user);
131
+ // If company feature enabled and user has companyId, filter by user's company
132
+ const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
133
+ if (enableCompanyFeature && user?.companyId) {
134
+ query.andWhere('role.companyId = :companyId', {
135
+ companyId: user.companyId
136
+ });
137
+ }
138
+ return result;
139
+ }
140
+ /**
141
+ * Override: Convert entity to response DTO
142
+ */ convertEntityToResponseDto(entity, _isRaw) {
143
+ return {
144
+ id: entity.id,
145
+ readOnly: entity.readOnly,
146
+ name: entity.name,
147
+ description: entity.description,
148
+ isActive: entity.isActive,
149
+ serial: entity.serial,
150
+ companyId: ('companyId' in entity ? entity.companyId : null) ?? null,
151
+ metadata: entity.metadata,
152
+ createdAt: entity.createdAt,
153
+ updatedAt: entity.updatedAt,
154
+ deletedAt: entity.deletedAt,
155
+ createdById: entity.createdById,
156
+ updatedById: entity.updatedById,
157
+ deletedById: entity.deletedById
158
+ };
159
+ }
160
+ // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
161
+ constructor(cacheManager, utilsService, iamConfigService, dataSourceProvider){
162
+ // Repository will be set asynchronously by RequestScopedApiService
163
+ super('role', null, cacheManager, utilsService, RoleService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "iamConfigService", void 0), _define_property(this, "dataSourceProvider", void 0), _define_property(this, "logger", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.iamConfigService = iamConfigService, this.dataSourceProvider = dataSourceProvider, this.logger = new _common.Logger(RoleService.name);
164
+ }
165
+ };
166
+ RoleService = _ts_decorate([
167
+ (0, _common.Injectable)({
168
+ scope: _common.Scope.REQUEST
169
+ }),
170
+ _ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
171
+ _ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
172
+ _ts_param(2, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
173
+ _ts_param(3, (0, _common.Inject)(_iamdatasourceprovider.IAMDataSourceProvider)),
174
+ _ts_metadata("design:type", Function),
175
+ _ts_metadata("design:paramtypes", [
176
+ typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
177
+ typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
178
+ typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService,
179
+ typeof _iamdatasourceprovider.IAMDataSourceProvider === "undefined" ? Object : _iamdatasourceprovider.IAMDataSourceProvider
180
+ ])
181
+ ], RoleService);
@@ -0,0 +1,18 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", {
3
+ value: true
4
+ });
5
+ _export_star(require("./logic-node.type"), exports);
6
+ function _export_star(from, to) {
7
+ Object.keys(from).forEach(function(k) {
8
+ if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
9
+ Object.defineProperty(to, k, {
10
+ enumerable: true,
11
+ get: function() {
12
+ return from[k];
13
+ }
14
+ });
15
+ }
16
+ });
17
+ return from;
18
+ }
@@ -0,0 +1,54 @@
1
+ /**
2
+ * LogicNode - Represents a node in a permission logic tree
3
+ *
4
+ * Used for complex permission evaluation with AND/OR logic.
5
+ * Supports hierarchical permission structures.
6
+ *
7
+ * Example:
8
+ * ```typescript
9
+ * const logic: LogicNode = {
10
+ * id: 'root',
11
+ * type: 'group',
12
+ * operator: 'AND',
13
+ * children: [
14
+ * { id: '1', type: 'action', actionId: 'create-user' },
15
+ * {
16
+ * id: '2',
17
+ * type: 'group',
18
+ * operator: 'OR',
19
+ * children: [
20
+ * { id: '2-1', type: 'action', actionId: 'view-reports' },
21
+ * { id: '2-2', type: 'action', actionId: 'view-dashboard' }
22
+ * ]
23
+ * }
24
+ * ]
25
+ * };
26
+ * ```
27
+ */ "use strict";
28
+ Object.defineProperty(exports, "__esModule", {
29
+ value: true
30
+ });
31
+ function _export(target, all) {
32
+ for(var name in all)Object.defineProperty(target, name, {
33
+ enumerable: true,
34
+ get: Object.getOwnPropertyDescriptor(all, name).get
35
+ });
36
+ }
37
+ _export(exports, {
38
+ get LogicNodeType () {
39
+ return LogicNodeType;
40
+ },
41
+ get LogicOperator () {
42
+ return LogicOperator;
43
+ }
44
+ });
45
+ var LogicOperator = /*#__PURE__*/ function(LogicOperator) {
46
+ LogicOperator["AND"] = "AND";
47
+ LogicOperator["OR"] = "OR";
48
+ return LogicOperator;
49
+ }({});
50
+ var LogicNodeType = /*#__PURE__*/ function(LogicNodeType) {
51
+ LogicNodeType["GROUP"] = "group";
52
+ LogicNodeType["ACTION"] = "action";
53
+ return LogicNodeType;
54
+ }({});
@@ -0,0 +1 @@
1
+ export const IAM_MODULE_OPTIONS = 'IAM_MODULE_OPTIONS';
@@ -0,0 +1 @@
1
+ export * from './iam.constants';
@@ -0,0 +1,107 @@
1
+ function _define_property(obj, key, value) {
2
+ if (key in obj) {
3
+ Object.defineProperty(obj, key, {
4
+ value: value,
5
+ enumerable: true,
6
+ configurable: true,
7
+ writable: true
8
+ });
9
+ } else {
10
+ obj[key] = value;
11
+ }
12
+ return obj;
13
+ }
14
+ function _ts_decorate(decorators, target, key, desc) {
15
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
16
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
17
+ else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
18
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
19
+ }
20
+ function _ts_metadata(k, v) {
21
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
22
+ }
23
+ function _ts_param(paramIndex, decorator) {
24
+ return function(target, key) {
25
+ decorator(target, key, paramIndex);
26
+ };
27
+ }
28
+ import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
29
+ import { createApiController, CurrentUser, ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
30
+ import { Body, Controller, Get, Inject, Post, UseGuards } from '@nestjs/common';
31
+ import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
32
+ import { ActionResponseDto, ActionTreeQueryDto, CreateActionDto, UpdateActionDto } from '../dtos/action.dto';
33
+ import { ActionService } from '../services/action.service';
34
+ export class ActionController extends createApiController(CreateActionDto, UpdateActionDto, ActionResponseDto) {
35
+ async getActionsForPermission(user) {
36
+ const actions = await this.actionService.getActionsForPermission(user);
37
+ return {
38
+ success: true,
39
+ message: 'Actions retrieved successfully',
40
+ data: actions
41
+ };
42
+ }
43
+ async getActionTree(query, user) {
44
+ const tree = await this.actionService.getActionTree(user, query.search, query.isActive, query.withDeleted);
45
+ return {
46
+ success: true,
47
+ message: 'Action tree retrieved successfully',
48
+ data: tree
49
+ };
50
+ }
51
+ constructor(actionService){
52
+ super(actionService), _define_property(this, "actionService", void 0), this.actionService = actionService;
53
+ }
54
+ }
55
+ _ts_decorate([
56
+ Get('tree-for-permission'),
57
+ UseGuards(JwtAuthGuard),
58
+ ApiBearerAuth(),
59
+ ApiOperation({
60
+ summary: 'Get actions for permission assignment',
61
+ description: 'Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist.'
62
+ }),
63
+ ApiResponse({
64
+ status: 200,
65
+ type: SingleResponseDto
66
+ }),
67
+ _ts_param(0, CurrentUser()),
68
+ _ts_metadata("design:type", Function),
69
+ _ts_metadata("design:paramtypes", [
70
+ typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
71
+ ]),
72
+ _ts_metadata("design:returntype", Promise)
73
+ ], ActionController.prototype, "getActionsForPermission", null);
74
+ _ts_decorate([
75
+ Post('tree'),
76
+ UseGuards(JwtAuthGuard),
77
+ ApiBearerAuth(),
78
+ ApiOperation({
79
+ summary: 'Get actions in hierarchical tree structure',
80
+ description: 'Returns all actions organized in a parent-child tree structure. Supports optional search and filtering.'
81
+ }),
82
+ ApiResponse({
83
+ status: 200,
84
+ description: 'Actions tree retrieved successfully',
85
+ type: SingleResponseDto
86
+ }),
87
+ ApiBody({
88
+ type: ActionTreeQueryDto
89
+ }),
90
+ _ts_param(0, Body()),
91
+ _ts_param(1, CurrentUser()),
92
+ _ts_metadata("design:type", Function),
93
+ _ts_metadata("design:paramtypes", [
94
+ typeof ActionTreeQueryDto === "undefined" ? Object : ActionTreeQueryDto,
95
+ typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
96
+ ]),
97
+ _ts_metadata("design:returntype", Promise)
98
+ ], ActionController.prototype, "getActionTree", null);
99
+ ActionController = _ts_decorate([
100
+ ApiTags('IAM - Actions'),
101
+ Controller('iam/actions'),
102
+ _ts_param(0, Inject(ActionService)),
103
+ _ts_metadata("design:type", Function),
104
+ _ts_metadata("design:paramtypes", [
105
+ typeof ActionService === "undefined" ? Object : ActionService
106
+ ])
107
+ ], ActionController);
@@ -0,0 +1,100 @@
1
+ function _define_property(obj, key, value) {
2
+ if (key in obj) {
3
+ Object.defineProperty(obj, key, {
4
+ value: value,
5
+ enumerable: true,
6
+ configurable: true,
7
+ writable: true
8
+ });
9
+ } else {
10
+ obj[key] = value;
11
+ }
12
+ return obj;
13
+ }
14
+ function _ts_decorate(decorators, target, key, desc) {
15
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
16
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
17
+ else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
18
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
19
+ }
20
+ function _ts_metadata(k, v) {
21
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
22
+ }
23
+ function _ts_param(paramIndex, decorator) {
24
+ return function(target, key) {
25
+ decorator(target, key, paramIndex);
26
+ };
27
+ }
28
+ import { JwtAuthGuard, SingleResponseDto } from '@flusys/nestjs-shared';
29
+ import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
30
+ import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
31
+ import { AssignCompanyActionsDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
32
+ import { PermissionService } from '../services/permission.service';
33
+ export class CompanyActionPermissionController {
34
+ async assignCompanyActions(dto) {
35
+ return this.permissionService.assignCompanyActions(dto);
36
+ }
37
+ async getCompanyActions(companyId, query) {
38
+ const actions = await this.permissionService.getCompanyActions(companyId);
39
+ return {
40
+ success: true,
41
+ message: 'Company actions retrieved successfully',
42
+ data: actions
43
+ };
44
+ }
45
+ // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
46
+ constructor(permissionService){
47
+ _define_property(this, "permissionService", void 0);
48
+ this.permissionService = permissionService;
49
+ }
50
+ }
51
+ _ts_decorate([
52
+ Post('company-actions/assign'),
53
+ ApiOperation({
54
+ summary: 'Whitelist actions for company',
55
+ description: 'Controls which actions are available to company users/roles.'
56
+ }),
57
+ ApiResponse({
58
+ status: 200,
59
+ type: PermissionOperationResultDto
60
+ }),
61
+ ApiBody({
62
+ type: AssignCompanyActionsDto
63
+ }),
64
+ _ts_param(0, Body()),
65
+ _ts_metadata("design:type", Function),
66
+ _ts_metadata("design:paramtypes", [
67
+ typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto
68
+ ]),
69
+ _ts_metadata("design:returntype", Promise)
70
+ ], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
71
+ _ts_decorate([
72
+ Get('company-actions/:companyId'),
73
+ ApiOperation({
74
+ summary: 'Get company whitelisted actions',
75
+ description: 'Returns actions available to company.'
76
+ }),
77
+ ApiResponse({
78
+ status: 200,
79
+ type: SingleResponseDto
80
+ }),
81
+ _ts_param(0, Param('companyId')),
82
+ _ts_param(1, Query()),
83
+ _ts_metadata("design:type", Function),
84
+ _ts_metadata("design:paramtypes", [
85
+ String,
86
+ typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto
87
+ ]),
88
+ _ts_metadata("design:returntype", Promise)
89
+ ], CompanyActionPermissionController.prototype, "getCompanyActions", null);
90
+ CompanyActionPermissionController = _ts_decorate([
91
+ ApiTags('IAM - Company Action Permissions'),
92
+ Controller('iam/permissions'),
93
+ UseGuards(JwtAuthGuard),
94
+ ApiBearerAuth(),
95
+ _ts_param(0, Inject(PermissionService)),
96
+ _ts_metadata("design:type", Function),
97
+ _ts_metadata("design:paramtypes", [
98
+ typeof PermissionService === "undefined" ? Object : PermissionService
99
+ ])
100
+ ], CompanyActionPermissionController);
@@ -0,0 +1,7 @@
1
+ export * from './action.controller';
2
+ export * from './role.controller';
3
+ // Legacy permission controllers (deprecated - use PermissionController instead)
4
+ export * from './company-action-permission.controller';
5
+ export * from './my-permission.controller';
6
+ export * from './role-permission.controller';
7
+ export * from './user-action-permission.controller';
@@ -0,0 +1,80 @@
1
+ function _define_property(obj, key, value) {
2
+ if (key in obj) {
3
+ Object.defineProperty(obj, key, {
4
+ value: value,
5
+ enumerable: true,
6
+ configurable: true,
7
+ writable: true
8
+ });
9
+ } else {
10
+ obj[key] = value;
11
+ }
12
+ return obj;
13
+ }
14
+ function _ts_decorate(decorators, target, key, desc) {
15
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
16
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
17
+ else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
18
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
19
+ }
20
+ function _ts_metadata(k, v) {
21
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
22
+ }
23
+ function _ts_param(paramIndex, decorator) {
24
+ return function(target, key) {
25
+ decorator(target, key, paramIndex);
26
+ };
27
+ }
28
+ import { CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
29
+ import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
30
+ import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
31
+ import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
32
+ import { MyPermissionsQueryDto, MyPermissionsResponseDto } from '../dtos/permission.dto';
33
+ import { PermissionService } from '../services/permission.service';
34
+ export class MyPermissionController {
35
+ async getMyPermissions(query, user) {
36
+ return this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
37
+ }
38
+ // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
39
+ constructor(permissionService){
40
+ _define_property(this, "permissionService", void 0);
41
+ this.permissionService = permissionService;
42
+ }
43
+ }
44
+ _ts_decorate([
45
+ Post('my-permissions'),
46
+ ApiOperation({
47
+ summary: 'Get current user permissions',
48
+ description: 'Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes.'
49
+ }),
50
+ ApiResponse({
51
+ status: 200,
52
+ type: MyPermissionsResponseDto
53
+ }),
54
+ ApiResponse({
55
+ status: 401,
56
+ description: 'Unauthorized'
57
+ }),
58
+ ApiBody({
59
+ type: MyPermissionsQueryDto
60
+ }),
61
+ _ts_param(0, Body()),
62
+ _ts_param(1, CurrentUser()),
63
+ _ts_metadata("design:type", Function),
64
+ _ts_metadata("design:paramtypes", [
65
+ typeof MyPermissionsQueryDto === "undefined" ? Object : MyPermissionsQueryDto,
66
+ typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
67
+ ]),
68
+ _ts_metadata("design:returntype", Promise)
69
+ ], MyPermissionController.prototype, "getMyPermissions", null);
70
+ MyPermissionController = _ts_decorate([
71
+ ApiTags('IAM - My Permissions'),
72
+ Controller('iam/permissions'),
73
+ UseGuards(JwtAuthGuard),
74
+ ApiBearerAuth(),
75
+ _ts_param(0, Inject(PermissionService)),
76
+ _ts_metadata("design:type", Function),
77
+ _ts_metadata("design:paramtypes", [
78
+ typeof PermissionService === "undefined" ? Object : PermissionService
79
+ ])
80
+ ], MyPermissionController);