@flusys/nestjs-iam 0.1.0-beta.1 → 0.1.0-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +665 -0
- package/cjs/config/iam.constants.js +11 -0
- package/cjs/config/index.js +18 -0
- package/cjs/controllers/action.controller.js +117 -0
- package/cjs/controllers/company-action-permission.controller.js +110 -0
- package/cjs/controllers/index.js +23 -0
- package/cjs/controllers/my-permission.controller.js +90 -0
- package/cjs/controllers/role-permission.controller.js +160 -0
- package/cjs/controllers/role.controller.js +58 -0
- package/cjs/controllers/user-action-permission.controller.js +110 -0
- package/cjs/docs/iam-swagger.config.js +202 -0
- package/cjs/docs/index.js +18 -0
- package/cjs/dtos/action.dto.js +347 -0
- package/cjs/dtos/index.js +21 -0
- package/cjs/dtos/permission.dto.js +554 -0
- package/cjs/dtos/role.dto.js +238 -0
- package/cjs/entities/action-base.entity.js +135 -0
- package/cjs/entities/action.entity.js +28 -0
- package/cjs/entities/index.js +81 -0
- package/cjs/entities/permission-base.entity.js +156 -0
- package/cjs/entities/permission-with-company.entity.js +99 -0
- package/cjs/entities/role-base.entity.js +86 -0
- package/cjs/entities/role-with-company.entity.js +55 -0
- package/cjs/entities/role.entity.js +25 -0
- package/cjs/entities/user-iam-permission.entity.js +57 -0
- package/cjs/enums/action-type.enum.js +22 -0
- package/cjs/enums/index.js +19 -0
- package/cjs/enums/permission-type.enum.js +16 -0
- package/cjs/helpers/index.js +19 -0
- package/cjs/helpers/permission-evaluator.helper.js +175 -0
- package/cjs/helpers/permission-mode.helper.js +49 -0
- package/cjs/index.js +28 -79
- package/cjs/interfaces/action.interface.js +4 -0
- package/cjs/interfaces/iam-module-async-options.interface.js +4 -0
- package/cjs/interfaces/iam-module-options.interface.js +18 -0
- package/cjs/interfaces/index.js +21 -0
- package/cjs/interfaces/role.interface.js +7 -0
- package/cjs/modules/iam.module.js +237 -0
- package/cjs/modules/index.js +18 -0
- package/cjs/services/action.service.js +253 -0
- package/cjs/services/iam-config.service.js +107 -0
- package/cjs/services/iam-datasource.provider.js +205 -0
- package/cjs/services/index.js +23 -0
- package/cjs/services/permission-cache.service.js +308 -0
- package/cjs/services/permission.service.js +1020 -0
- package/cjs/services/role.service.js +181 -0
- package/cjs/types/index.js +18 -0
- package/cjs/types/logic-node.type.js +54 -0
- package/fesm/config/iam.constants.js +1 -0
- package/fesm/config/index.js +1 -0
- package/fesm/controllers/action.controller.js +107 -0
- package/fesm/controllers/company-action-permission.controller.js +100 -0
- package/fesm/controllers/index.js +7 -0
- package/fesm/controllers/my-permission.controller.js +80 -0
- package/fesm/controllers/role-permission.controller.js +150 -0
- package/fesm/controllers/role.controller.js +48 -0
- package/fesm/controllers/user-action-permission.controller.js +100 -0
- package/fesm/docs/iam-swagger.config.js +192 -0
- package/fesm/docs/index.js +1 -0
- package/fesm/dtos/action.dto.js +317 -0
- package/fesm/dtos/index.js +4 -0
- package/fesm/dtos/permission.dto.js +490 -0
- package/fesm/dtos/role.dto.js +214 -0
- package/fesm/entities/action-base.entity.js +128 -0
- package/fesm/entities/action.entity.js +18 -0
- package/fesm/entities/index.js +56 -0
- package/fesm/entities/permission-base.entity.js +138 -0
- package/fesm/entities/permission-with-company.entity.js +89 -0
- package/fesm/entities/role-base.entity.js +79 -0
- package/fesm/entities/role-with-company.entity.js +45 -0
- package/fesm/entities/role.entity.js +15 -0
- package/fesm/entities/user-iam-permission.entity.js +38 -0
- package/fesm/enums/action-type.enum.js +12 -0
- package/fesm/enums/index.js +2 -0
- package/fesm/enums/permission-type.enum.js +6 -0
- package/fesm/helpers/index.js +2 -0
- package/fesm/helpers/permission-evaluator.helper.js +165 -0
- package/fesm/helpers/permission-mode.helper.js +49 -0
- package/fesm/index.js +11 -79
- package/fesm/interfaces/action.interface.js +3 -0
- package/fesm/interfaces/iam-module-async-options.interface.js +3 -0
- package/fesm/interfaces/iam-module-options.interface.js +1 -0
- package/fesm/interfaces/index.js +4 -0
- package/fesm/interfaces/role.interface.js +4 -0
- package/fesm/modules/iam.module.js +227 -0
- package/fesm/modules/index.js +1 -0
- package/fesm/services/action.service.js +243 -0
- package/fesm/services/iam-config.service.js +97 -0
- package/fesm/services/iam-datasource.provider.js +154 -0
- package/fesm/services/index.js +6 -0
- package/fesm/services/permission-cache.service.js +298 -0
- package/fesm/services/permission.service.js +1010 -0
- package/fesm/services/role.service.js +171 -0
- package/fesm/types/index.js +1 -0
- package/fesm/types/logic-node.type.js +36 -0
- package/package.json +25 -25
- package/cjs/config-index.js +0 -1
- package/cjs/controllers-index.js +0 -1
- package/cjs/docs-index.js +0 -79
- package/cjs/dtos-index.js +0 -1
- package/cjs/entities-index.js +0 -1
- package/cjs/enums-index.js +0 -1
- package/cjs/helpers-index.js +0 -1
- package/cjs/interfaces-index.js +0 -1
- package/cjs/modules-index.js +0 -1
- package/cjs/services-index.js +0 -1
- package/cjs/types-index.js +0 -1
- package/fesm/config-index.js +0 -1
- package/fesm/controllers-index.js +0 -1
- package/fesm/docs-index.js +0 -79
- package/fesm/dtos-index.js +0 -1
- package/fesm/entities-index.js +0 -1
- package/fesm/enums-index.js +0 -1
- package/fesm/helpers-index.js +0 -1
- package/fesm/interfaces-index.js +0 -0
- package/fesm/modules-index.js +0 -1
- package/fesm/services-index.js +0 -1
- package/fesm/types-index.js +0 -1
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", {
|
|
3
|
+
value: true
|
|
4
|
+
});
|
|
5
|
+
Object.defineProperty(exports, "RoleService", {
|
|
6
|
+
enumerable: true,
|
|
7
|
+
get: function() {
|
|
8
|
+
return RoleService;
|
|
9
|
+
}
|
|
10
|
+
});
|
|
11
|
+
const _classes = require("@flusys/nestjs-shared/classes");
|
|
12
|
+
const _modules = require("@flusys/nestjs-shared/modules");
|
|
13
|
+
const _common = require("@nestjs/common");
|
|
14
|
+
const _rolewithcompanyentity = require("../entities/role-with-company.entity");
|
|
15
|
+
const _roleentity = require("../entities/role.entity");
|
|
16
|
+
const _iamconfigservice = require("./iam-config.service");
|
|
17
|
+
const _iamdatasourceprovider = require("./iam-datasource.provider");
|
|
18
|
+
function _define_property(obj, key, value) {
|
|
19
|
+
if (key in obj) {
|
|
20
|
+
Object.defineProperty(obj, key, {
|
|
21
|
+
value: value,
|
|
22
|
+
enumerable: true,
|
|
23
|
+
configurable: true,
|
|
24
|
+
writable: true
|
|
25
|
+
});
|
|
26
|
+
} else {
|
|
27
|
+
obj[key] = value;
|
|
28
|
+
}
|
|
29
|
+
return obj;
|
|
30
|
+
}
|
|
31
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
32
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
33
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
34
|
+
else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
35
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
36
|
+
}
|
|
37
|
+
function _ts_metadata(k, v) {
|
|
38
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
39
|
+
}
|
|
40
|
+
function _ts_param(paramIndex, decorator) {
|
|
41
|
+
return function(target, key) {
|
|
42
|
+
decorator(target, key, paramIndex);
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
let RoleService = class RoleService extends _classes.RequestScopedApiService {
|
|
46
|
+
/**
|
|
47
|
+
* Resolve entity class for this service
|
|
48
|
+
* @returns Role or RoleWithCompany based on configuration
|
|
49
|
+
*/ resolveEntity() {
|
|
50
|
+
const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
|
|
51
|
+
return enableCompanyFeature ? _rolewithcompanyentity.RoleWithCompany : _roleentity.Role;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Get DataSource provider for this service
|
|
55
|
+
* @returns IAMDataSourceProvider instance
|
|
56
|
+
*/ getDataSourceProvider() {
|
|
57
|
+
return this.dataSourceProvider;
|
|
58
|
+
}
|
|
59
|
+
// ==================== Entity Conversion ====================
|
|
60
|
+
async convertSingleDtoToEntity(dto, user) {
|
|
61
|
+
const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
|
|
62
|
+
let role = {};
|
|
63
|
+
let isUpdate = false;
|
|
64
|
+
if ('id' in dto && dto.id && typeof dto.id === 'string') {
|
|
65
|
+
const dbData = await this.repository.findOne({
|
|
66
|
+
where: {
|
|
67
|
+
id: dto.id
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
if (!dbData) {
|
|
71
|
+
throw new _common.NotFoundException('Role not found');
|
|
72
|
+
}
|
|
73
|
+
role = dbData;
|
|
74
|
+
isUpdate = true;
|
|
75
|
+
}
|
|
76
|
+
// Merge DTO into role
|
|
77
|
+
role = {
|
|
78
|
+
...role,
|
|
79
|
+
...dto
|
|
80
|
+
};
|
|
81
|
+
// If company feature is enabled, handle companyId
|
|
82
|
+
if (enableCompanyFeature) {
|
|
83
|
+
if (isUpdate) {
|
|
84
|
+
// During update: Only set companyId if explicitly provided in DTO, otherwise keep existing
|
|
85
|
+
if (dto.companyId !== undefined) {
|
|
86
|
+
role.companyId = dto.companyId;
|
|
87
|
+
}
|
|
88
|
+
// If companyId is not in role at all (shouldn't happen), set from user
|
|
89
|
+
if (!('companyId' in role) || role.companyId === undefined) {
|
|
90
|
+
role.companyId = user?.companyId ?? null;
|
|
91
|
+
}
|
|
92
|
+
} else {
|
|
93
|
+
// During creation: Use DTO's companyId if provided, otherwise use user's companyId
|
|
94
|
+
role.companyId = dto.companyId ?? user?.companyId ?? null;
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return role;
|
|
98
|
+
}
|
|
99
|
+
async getSelectQuery(query, _user, select) {
|
|
100
|
+
if (!select || !select.length) {
|
|
101
|
+
select = [
|
|
102
|
+
'id',
|
|
103
|
+
'name',
|
|
104
|
+
'description',
|
|
105
|
+
'isActive',
|
|
106
|
+
'companyId',
|
|
107
|
+
'serial',
|
|
108
|
+
'createdAt'
|
|
109
|
+
];
|
|
110
|
+
}
|
|
111
|
+
const selectFields = select.map((field)=>`${this.entityName}.${field}`);
|
|
112
|
+
query.select(selectFields);
|
|
113
|
+
return {
|
|
114
|
+
query,
|
|
115
|
+
isRaw: false
|
|
116
|
+
};
|
|
117
|
+
}
|
|
118
|
+
async getGlobalSearchQuery(query, search, _user) {
|
|
119
|
+
query.andWhere('(role.name LIKE :search OR role.description LIKE :search)', {
|
|
120
|
+
search: `%${search}%`
|
|
121
|
+
});
|
|
122
|
+
return {
|
|
123
|
+
query,
|
|
124
|
+
isRaw: false
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
/**
|
|
128
|
+
* Override: Extra query manipulation - Auto-filter by user's company
|
|
129
|
+
*/ async getExtraManipulateQuery(query, filterDto, user) {
|
|
130
|
+
const result = await super.getExtraManipulateQuery(query, filterDto, user);
|
|
131
|
+
// If company feature enabled and user has companyId, filter by user's company
|
|
132
|
+
const enableCompanyFeature = this.iamConfigService.isCompanyFeatureEnabled();
|
|
133
|
+
if (enableCompanyFeature && user?.companyId) {
|
|
134
|
+
query.andWhere('role.companyId = :companyId', {
|
|
135
|
+
companyId: user.companyId
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
return result;
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* Override: Convert entity to response DTO
|
|
142
|
+
*/ convertEntityToResponseDto(entity, _isRaw) {
|
|
143
|
+
return {
|
|
144
|
+
id: entity.id,
|
|
145
|
+
readOnly: entity.readOnly,
|
|
146
|
+
name: entity.name,
|
|
147
|
+
description: entity.description,
|
|
148
|
+
isActive: entity.isActive,
|
|
149
|
+
serial: entity.serial,
|
|
150
|
+
companyId: ('companyId' in entity ? entity.companyId : null) ?? null,
|
|
151
|
+
metadata: entity.metadata,
|
|
152
|
+
createdAt: entity.createdAt,
|
|
153
|
+
updatedAt: entity.updatedAt,
|
|
154
|
+
deletedAt: entity.deletedAt,
|
|
155
|
+
createdById: entity.createdById,
|
|
156
|
+
updatedById: entity.updatedById,
|
|
157
|
+
deletedById: entity.deletedById
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
161
|
+
constructor(cacheManager, utilsService, iamConfigService, dataSourceProvider){
|
|
162
|
+
// Repository will be set asynchronously by RequestScopedApiService
|
|
163
|
+
super('role', null, cacheManager, utilsService, RoleService.name, true), _define_property(this, "cacheManager", void 0), _define_property(this, "utilsService", void 0), _define_property(this, "iamConfigService", void 0), _define_property(this, "dataSourceProvider", void 0), _define_property(this, "logger", void 0), this.cacheManager = cacheManager, this.utilsService = utilsService, this.iamConfigService = iamConfigService, this.dataSourceProvider = dataSourceProvider, this.logger = new _common.Logger(RoleService.name);
|
|
164
|
+
}
|
|
165
|
+
};
|
|
166
|
+
RoleService = _ts_decorate([
|
|
167
|
+
(0, _common.Injectable)({
|
|
168
|
+
scope: _common.Scope.REQUEST
|
|
169
|
+
}),
|
|
170
|
+
_ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
|
|
171
|
+
_ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
|
|
172
|
+
_ts_param(2, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
|
|
173
|
+
_ts_param(3, (0, _common.Inject)(_iamdatasourceprovider.IAMDataSourceProvider)),
|
|
174
|
+
_ts_metadata("design:type", Function),
|
|
175
|
+
_ts_metadata("design:paramtypes", [
|
|
176
|
+
typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
|
|
177
|
+
typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
|
|
178
|
+
typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService,
|
|
179
|
+
typeof _iamdatasourceprovider.IAMDataSourceProvider === "undefined" ? Object : _iamdatasourceprovider.IAMDataSourceProvider
|
|
180
|
+
])
|
|
181
|
+
], RoleService);
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", {
|
|
3
|
+
value: true
|
|
4
|
+
});
|
|
5
|
+
_export_star(require("./logic-node.type"), exports);
|
|
6
|
+
function _export_star(from, to) {
|
|
7
|
+
Object.keys(from).forEach(function(k) {
|
|
8
|
+
if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
|
|
9
|
+
Object.defineProperty(to, k, {
|
|
10
|
+
enumerable: true,
|
|
11
|
+
get: function() {
|
|
12
|
+
return from[k];
|
|
13
|
+
}
|
|
14
|
+
});
|
|
15
|
+
}
|
|
16
|
+
});
|
|
17
|
+
return from;
|
|
18
|
+
}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* LogicNode - Represents a node in a permission logic tree
|
|
3
|
+
*
|
|
4
|
+
* Used for complex permission evaluation with AND/OR logic.
|
|
5
|
+
* Supports hierarchical permission structures.
|
|
6
|
+
*
|
|
7
|
+
* Example:
|
|
8
|
+
* ```typescript
|
|
9
|
+
* const logic: LogicNode = {
|
|
10
|
+
* id: 'root',
|
|
11
|
+
* type: 'group',
|
|
12
|
+
* operator: 'AND',
|
|
13
|
+
* children: [
|
|
14
|
+
* { id: '1', type: 'action', actionId: 'create-user' },
|
|
15
|
+
* {
|
|
16
|
+
* id: '2',
|
|
17
|
+
* type: 'group',
|
|
18
|
+
* operator: 'OR',
|
|
19
|
+
* children: [
|
|
20
|
+
* { id: '2-1', type: 'action', actionId: 'view-reports' },
|
|
21
|
+
* { id: '2-2', type: 'action', actionId: 'view-dashboard' }
|
|
22
|
+
* ]
|
|
23
|
+
* }
|
|
24
|
+
* ]
|
|
25
|
+
* };
|
|
26
|
+
* ```
|
|
27
|
+
*/ "use strict";
|
|
28
|
+
Object.defineProperty(exports, "__esModule", {
|
|
29
|
+
value: true
|
|
30
|
+
});
|
|
31
|
+
function _export(target, all) {
|
|
32
|
+
for(var name in all)Object.defineProperty(target, name, {
|
|
33
|
+
enumerable: true,
|
|
34
|
+
get: Object.getOwnPropertyDescriptor(all, name).get
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
_export(exports, {
|
|
38
|
+
get LogicNodeType () {
|
|
39
|
+
return LogicNodeType;
|
|
40
|
+
},
|
|
41
|
+
get LogicOperator () {
|
|
42
|
+
return LogicOperator;
|
|
43
|
+
}
|
|
44
|
+
});
|
|
45
|
+
var LogicOperator = /*#__PURE__*/ function(LogicOperator) {
|
|
46
|
+
LogicOperator["AND"] = "AND";
|
|
47
|
+
LogicOperator["OR"] = "OR";
|
|
48
|
+
return LogicOperator;
|
|
49
|
+
}({});
|
|
50
|
+
var LogicNodeType = /*#__PURE__*/ function(LogicNodeType) {
|
|
51
|
+
LogicNodeType["GROUP"] = "group";
|
|
52
|
+
LogicNodeType["ACTION"] = "action";
|
|
53
|
+
return LogicNodeType;
|
|
54
|
+
}({});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export const IAM_MODULE_OPTIONS = 'IAM_MODULE_OPTIONS';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from './iam.constants';
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
function _define_property(obj, key, value) {
|
|
2
|
+
if (key in obj) {
|
|
3
|
+
Object.defineProperty(obj, key, {
|
|
4
|
+
value: value,
|
|
5
|
+
enumerable: true,
|
|
6
|
+
configurable: true,
|
|
7
|
+
writable: true
|
|
8
|
+
});
|
|
9
|
+
} else {
|
|
10
|
+
obj[key] = value;
|
|
11
|
+
}
|
|
12
|
+
return obj;
|
|
13
|
+
}
|
|
14
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
15
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
16
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
17
|
+
else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
18
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
19
|
+
}
|
|
20
|
+
function _ts_metadata(k, v) {
|
|
21
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
22
|
+
}
|
|
23
|
+
function _ts_param(paramIndex, decorator) {
|
|
24
|
+
return function(target, key) {
|
|
25
|
+
decorator(target, key, paramIndex);
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
|
|
29
|
+
import { createApiController, CurrentUser, ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
|
|
30
|
+
import { Body, Controller, Get, Inject, Post, UseGuards } from '@nestjs/common';
|
|
31
|
+
import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
|
|
32
|
+
import { ActionResponseDto, ActionTreeQueryDto, CreateActionDto, UpdateActionDto } from '../dtos/action.dto';
|
|
33
|
+
import { ActionService } from '../services/action.service';
|
|
34
|
+
export class ActionController extends createApiController(CreateActionDto, UpdateActionDto, ActionResponseDto) {
|
|
35
|
+
async getActionsForPermission(user) {
|
|
36
|
+
const actions = await this.actionService.getActionsForPermission(user);
|
|
37
|
+
return {
|
|
38
|
+
success: true,
|
|
39
|
+
message: 'Actions retrieved successfully',
|
|
40
|
+
data: actions
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
async getActionTree(query, user) {
|
|
44
|
+
const tree = await this.actionService.getActionTree(user, query.search, query.isActive, query.withDeleted);
|
|
45
|
+
return {
|
|
46
|
+
success: true,
|
|
47
|
+
message: 'Action tree retrieved successfully',
|
|
48
|
+
data: tree
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
constructor(actionService){
|
|
52
|
+
super(actionService), _define_property(this, "actionService", void 0), this.actionService = actionService;
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
_ts_decorate([
|
|
56
|
+
Get('tree-for-permission'),
|
|
57
|
+
UseGuards(JwtAuthGuard),
|
|
58
|
+
ApiBearerAuth(),
|
|
59
|
+
ApiOperation({
|
|
60
|
+
summary: 'Get actions for permission assignment',
|
|
61
|
+
description: 'Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist.'
|
|
62
|
+
}),
|
|
63
|
+
ApiResponse({
|
|
64
|
+
status: 200,
|
|
65
|
+
type: SingleResponseDto
|
|
66
|
+
}),
|
|
67
|
+
_ts_param(0, CurrentUser()),
|
|
68
|
+
_ts_metadata("design:type", Function),
|
|
69
|
+
_ts_metadata("design:paramtypes", [
|
|
70
|
+
typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
|
|
71
|
+
]),
|
|
72
|
+
_ts_metadata("design:returntype", Promise)
|
|
73
|
+
], ActionController.prototype, "getActionsForPermission", null);
|
|
74
|
+
_ts_decorate([
|
|
75
|
+
Post('tree'),
|
|
76
|
+
UseGuards(JwtAuthGuard),
|
|
77
|
+
ApiBearerAuth(),
|
|
78
|
+
ApiOperation({
|
|
79
|
+
summary: 'Get actions in hierarchical tree structure',
|
|
80
|
+
description: 'Returns all actions organized in a parent-child tree structure. Supports optional search and filtering.'
|
|
81
|
+
}),
|
|
82
|
+
ApiResponse({
|
|
83
|
+
status: 200,
|
|
84
|
+
description: 'Actions tree retrieved successfully',
|
|
85
|
+
type: SingleResponseDto
|
|
86
|
+
}),
|
|
87
|
+
ApiBody({
|
|
88
|
+
type: ActionTreeQueryDto
|
|
89
|
+
}),
|
|
90
|
+
_ts_param(0, Body()),
|
|
91
|
+
_ts_param(1, CurrentUser()),
|
|
92
|
+
_ts_metadata("design:type", Function),
|
|
93
|
+
_ts_metadata("design:paramtypes", [
|
|
94
|
+
typeof ActionTreeQueryDto === "undefined" ? Object : ActionTreeQueryDto,
|
|
95
|
+
typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
|
|
96
|
+
]),
|
|
97
|
+
_ts_metadata("design:returntype", Promise)
|
|
98
|
+
], ActionController.prototype, "getActionTree", null);
|
|
99
|
+
ActionController = _ts_decorate([
|
|
100
|
+
ApiTags('IAM - Actions'),
|
|
101
|
+
Controller('iam/actions'),
|
|
102
|
+
_ts_param(0, Inject(ActionService)),
|
|
103
|
+
_ts_metadata("design:type", Function),
|
|
104
|
+
_ts_metadata("design:paramtypes", [
|
|
105
|
+
typeof ActionService === "undefined" ? Object : ActionService
|
|
106
|
+
])
|
|
107
|
+
], ActionController);
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
function _define_property(obj, key, value) {
|
|
2
|
+
if (key in obj) {
|
|
3
|
+
Object.defineProperty(obj, key, {
|
|
4
|
+
value: value,
|
|
5
|
+
enumerable: true,
|
|
6
|
+
configurable: true,
|
|
7
|
+
writable: true
|
|
8
|
+
});
|
|
9
|
+
} else {
|
|
10
|
+
obj[key] = value;
|
|
11
|
+
}
|
|
12
|
+
return obj;
|
|
13
|
+
}
|
|
14
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
15
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
16
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
17
|
+
else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
18
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
19
|
+
}
|
|
20
|
+
function _ts_metadata(k, v) {
|
|
21
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
22
|
+
}
|
|
23
|
+
function _ts_param(paramIndex, decorator) {
|
|
24
|
+
return function(target, key) {
|
|
25
|
+
decorator(target, key, paramIndex);
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
import { JwtAuthGuard, SingleResponseDto } from '@flusys/nestjs-shared';
|
|
29
|
+
import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
|
|
30
|
+
import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
|
|
31
|
+
import { AssignCompanyActionsDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
|
|
32
|
+
import { PermissionService } from '../services/permission.service';
|
|
33
|
+
export class CompanyActionPermissionController {
|
|
34
|
+
async assignCompanyActions(dto) {
|
|
35
|
+
return this.permissionService.assignCompanyActions(dto);
|
|
36
|
+
}
|
|
37
|
+
async getCompanyActions(companyId, query) {
|
|
38
|
+
const actions = await this.permissionService.getCompanyActions(companyId);
|
|
39
|
+
return {
|
|
40
|
+
success: true,
|
|
41
|
+
message: 'Company actions retrieved successfully',
|
|
42
|
+
data: actions
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
46
|
+
constructor(permissionService){
|
|
47
|
+
_define_property(this, "permissionService", void 0);
|
|
48
|
+
this.permissionService = permissionService;
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
_ts_decorate([
|
|
52
|
+
Post('company-actions/assign'),
|
|
53
|
+
ApiOperation({
|
|
54
|
+
summary: 'Whitelist actions for company',
|
|
55
|
+
description: 'Controls which actions are available to company users/roles.'
|
|
56
|
+
}),
|
|
57
|
+
ApiResponse({
|
|
58
|
+
status: 200,
|
|
59
|
+
type: PermissionOperationResultDto
|
|
60
|
+
}),
|
|
61
|
+
ApiBody({
|
|
62
|
+
type: AssignCompanyActionsDto
|
|
63
|
+
}),
|
|
64
|
+
_ts_param(0, Body()),
|
|
65
|
+
_ts_metadata("design:type", Function),
|
|
66
|
+
_ts_metadata("design:paramtypes", [
|
|
67
|
+
typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto
|
|
68
|
+
]),
|
|
69
|
+
_ts_metadata("design:returntype", Promise)
|
|
70
|
+
], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
|
|
71
|
+
_ts_decorate([
|
|
72
|
+
Get('company-actions/:companyId'),
|
|
73
|
+
ApiOperation({
|
|
74
|
+
summary: 'Get company whitelisted actions',
|
|
75
|
+
description: 'Returns actions available to company.'
|
|
76
|
+
}),
|
|
77
|
+
ApiResponse({
|
|
78
|
+
status: 200,
|
|
79
|
+
type: SingleResponseDto
|
|
80
|
+
}),
|
|
81
|
+
_ts_param(0, Param('companyId')),
|
|
82
|
+
_ts_param(1, Query()),
|
|
83
|
+
_ts_metadata("design:type", Function),
|
|
84
|
+
_ts_metadata("design:paramtypes", [
|
|
85
|
+
String,
|
|
86
|
+
typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto
|
|
87
|
+
]),
|
|
88
|
+
_ts_metadata("design:returntype", Promise)
|
|
89
|
+
], CompanyActionPermissionController.prototype, "getCompanyActions", null);
|
|
90
|
+
CompanyActionPermissionController = _ts_decorate([
|
|
91
|
+
ApiTags('IAM - Company Action Permissions'),
|
|
92
|
+
Controller('iam/permissions'),
|
|
93
|
+
UseGuards(JwtAuthGuard),
|
|
94
|
+
ApiBearerAuth(),
|
|
95
|
+
_ts_param(0, Inject(PermissionService)),
|
|
96
|
+
_ts_metadata("design:type", Function),
|
|
97
|
+
_ts_metadata("design:paramtypes", [
|
|
98
|
+
typeof PermissionService === "undefined" ? Object : PermissionService
|
|
99
|
+
])
|
|
100
|
+
], CompanyActionPermissionController);
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export * from './action.controller';
|
|
2
|
+
export * from './role.controller';
|
|
3
|
+
// Legacy permission controllers (deprecated - use PermissionController instead)
|
|
4
|
+
export * from './company-action-permission.controller';
|
|
5
|
+
export * from './my-permission.controller';
|
|
6
|
+
export * from './role-permission.controller';
|
|
7
|
+
export * from './user-action-permission.controller';
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
function _define_property(obj, key, value) {
|
|
2
|
+
if (key in obj) {
|
|
3
|
+
Object.defineProperty(obj, key, {
|
|
4
|
+
value: value,
|
|
5
|
+
enumerable: true,
|
|
6
|
+
configurable: true,
|
|
7
|
+
writable: true
|
|
8
|
+
});
|
|
9
|
+
} else {
|
|
10
|
+
obj[key] = value;
|
|
11
|
+
}
|
|
12
|
+
return obj;
|
|
13
|
+
}
|
|
14
|
+
function _ts_decorate(decorators, target, key, desc) {
|
|
15
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
16
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
17
|
+
else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
18
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
19
|
+
}
|
|
20
|
+
function _ts_metadata(k, v) {
|
|
21
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
22
|
+
}
|
|
23
|
+
function _ts_param(paramIndex, decorator) {
|
|
24
|
+
return function(target, key) {
|
|
25
|
+
decorator(target, key, paramIndex);
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
import { CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
|
|
29
|
+
import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
|
|
30
|
+
import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
|
|
31
|
+
import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
|
|
32
|
+
import { MyPermissionsQueryDto, MyPermissionsResponseDto } from '../dtos/permission.dto';
|
|
33
|
+
import { PermissionService } from '../services/permission.service';
|
|
34
|
+
export class MyPermissionController {
|
|
35
|
+
async getMyPermissions(query, user) {
|
|
36
|
+
return this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
|
|
37
|
+
}
|
|
38
|
+
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
39
|
+
constructor(permissionService){
|
|
40
|
+
_define_property(this, "permissionService", void 0);
|
|
41
|
+
this.permissionService = permissionService;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
_ts_decorate([
|
|
45
|
+
Post('my-permissions'),
|
|
46
|
+
ApiOperation({
|
|
47
|
+
summary: 'Get current user permissions',
|
|
48
|
+
description: 'Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes.'
|
|
49
|
+
}),
|
|
50
|
+
ApiResponse({
|
|
51
|
+
status: 200,
|
|
52
|
+
type: MyPermissionsResponseDto
|
|
53
|
+
}),
|
|
54
|
+
ApiResponse({
|
|
55
|
+
status: 401,
|
|
56
|
+
description: 'Unauthorized'
|
|
57
|
+
}),
|
|
58
|
+
ApiBody({
|
|
59
|
+
type: MyPermissionsQueryDto
|
|
60
|
+
}),
|
|
61
|
+
_ts_param(0, Body()),
|
|
62
|
+
_ts_param(1, CurrentUser()),
|
|
63
|
+
_ts_metadata("design:type", Function),
|
|
64
|
+
_ts_metadata("design:paramtypes", [
|
|
65
|
+
typeof MyPermissionsQueryDto === "undefined" ? Object : MyPermissionsQueryDto,
|
|
66
|
+
typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
|
|
67
|
+
]),
|
|
68
|
+
_ts_metadata("design:returntype", Promise)
|
|
69
|
+
], MyPermissionController.prototype, "getMyPermissions", null);
|
|
70
|
+
MyPermissionController = _ts_decorate([
|
|
71
|
+
ApiTags('IAM - My Permissions'),
|
|
72
|
+
Controller('iam/permissions'),
|
|
73
|
+
UseGuards(JwtAuthGuard),
|
|
74
|
+
ApiBearerAuth(),
|
|
75
|
+
_ts_param(0, Inject(PermissionService)),
|
|
76
|
+
_ts_metadata("design:type", Function),
|
|
77
|
+
_ts_metadata("design:paramtypes", [
|
|
78
|
+
typeof PermissionService === "undefined" ? Object : PermissionService
|
|
79
|
+
])
|
|
80
|
+
], MyPermissionController);
|