@flusys/nestjs-iam 0.1.0-beta.1 → 0.1.0-beta.2

package/cjs/controllers/action.controller.js

@@ -0,0 +1,117 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "ActionController", {
+    enumerable: true,
+    get: function() {
+        return ActionController;
+    }
+});
+const _guards = require("@flusys/nestjs-shared/guards");
+const _nestjsshared = require("@flusys/nestjs-shared");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _actiondto = require("../dtos/action.dto");
+const _actionservice = require("../services/action.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let ActionController = class ActionController extends (0, _nestjsshared.createApiController)(_actiondto.CreateActionDto, _actiondto.UpdateActionDto, _actiondto.ActionResponseDto) {
+    async getActionsForPermission(user) {
+        const actions = await this.actionService.getActionsForPermission(user);
+        return {
+            success: true,
+            message: 'Actions retrieved successfully',
+            data: actions
+        };
+    }
+    async getActionTree(query, user) {
+        const tree = await this.actionService.getActionTree(user, query.search, query.isActive, query.withDeleted);
+        return {
+            success: true,
+            message: 'Action tree retrieved successfully',
+            data: tree
+        };
+    }
+    constructor(actionService){
+        super(actionService), _define_property(this, "actionService", void 0), this.actionService = actionService;
+    }
+};
+_ts_decorate([
+    (0, _common.Get)('tree-for-permission'),
+    (0, _common.UseGuards)(_guards.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get actions for permission assignment',
+        description: 'Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _nestjsshared.SingleResponseDto
+    }),
+    _ts_param(0, (0, _nestjsshared.CurrentUser)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], ActionController.prototype, "getActionsForPermission", null);
+_ts_decorate([
+    (0, _common.Post)('tree'),
+    (0, _common.UseGuards)(_guards.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get actions in hierarchical tree structure',
+        description: 'Returns all actions organized in a parent-child tree structure. Supports optional search and filtering.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        description: 'Actions tree retrieved successfully',
+        type: _nestjsshared.SingleResponseDto
+    }),
+    (0, _swagger.ApiBody)({
+        type: _actiondto.ActionTreeQueryDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_param(1, (0, _nestjsshared.CurrentUser)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _actiondto.ActionTreeQueryDto === "undefined" ? Object : _actiondto.ActionTreeQueryDto,
+        typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], ActionController.prototype, "getActionTree", null);
+ActionController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - Actions'),
+    (0, _common.Controller)('iam/actions'),
+    _ts_param(0, (0, _common.Inject)(_actionservice.ActionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _actionservice.ActionService === "undefined" ? Object : _actionservice.ActionService
+    ])
+], ActionController);

package/cjs/controllers/company-action-permission.controller.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "CompanyActionPermissionController", {
+    enumerable: true,
+    get: function() {
+        return CompanyActionPermissionController;
+    }
+});
+const _nestjsshared = require("@flusys/nestjs-shared");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _permissiondto = require("../dtos/permission.dto");
+const _permissionservice = require("../services/permission.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let CompanyActionPermissionController = class CompanyActionPermissionController {
+    async assignCompanyActions(dto) {
+        return this.permissionService.assignCompanyActions(dto);
+    }
+    async getCompanyActions(companyId, query) {
+        const actions = await this.permissionService.getCompanyActions(companyId);
+        return {
+            success: true,
+            message: 'Company actions retrieved successfully',
+            data: actions
+        };
+    }
+    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
+    constructor(permissionService){
+        _define_property(this, "permissionService", void 0);
+        this.permissionService = permissionService;
+    }
+};
+_ts_decorate([
+    (0, _common.Post)('company-actions/assign'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Whitelist actions for company',
+        description: 'Controls which actions are available to company users/roles.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _permissiondto.PermissionOperationResultDto
+    }),
+    (0, _swagger.ApiBody)({
+        type: _permissiondto.AssignCompanyActionsDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissiondto.AssignCompanyActionsDto === "undefined" ? Object : _permissiondto.AssignCompanyActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
+_ts_decorate([
+    (0, _common.Get)('company-actions/:companyId'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get company whitelisted actions',
+        description: 'Returns actions available to company.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _nestjsshared.SingleResponseDto
+    }),
+    _ts_param(0, (0, _common.Param)('companyId')),
+    _ts_param(1, (0, _common.Query)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        String,
+        typeof _permissiondto.GetCompanyActionsDto === "undefined" ? Object : _permissiondto.GetCompanyActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], CompanyActionPermissionController.prototype, "getCompanyActions", null);
+CompanyActionPermissionController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - Company Action Permissions'),
+    (0, _common.Controller)('iam/permissions'),
+    (0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
+    ])
+], CompanyActionPermissionController);

package/cjs/controllers/index.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+_export_star(require("./action.controller"), exports);
+_export_star(require("./role.controller"), exports);
+_export_star(require("./company-action-permission.controller"), exports);
+_export_star(require("./my-permission.controller"), exports);
+_export_star(require("./role-permission.controller"), exports);
+_export_star(require("./user-action-permission.controller"), exports);
+function _export_star(from, to) {
+    Object.keys(from).forEach(function(k) {
+        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
+            Object.defineProperty(to, k, {
+                enumerable: true,
+                get: function() {
+                    return from[k];
+                }
+            });
+        }
+    });
+    return from;
+}

package/cjs/controllers/my-permission.controller.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "MyPermissionController", {
+    enumerable: true,
+    get: function() {
+        return MyPermissionController;
+    }
+});
+const _nestjsshared = require("@flusys/nestjs-shared");
+const _guards = require("@flusys/nestjs-shared/guards");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _permissiondto = require("../dtos/permission.dto");
+const _permissionservice = require("../services/permission.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let MyPermissionController = class MyPermissionController {
+    async getMyPermissions(query, user) {
+        return this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
+    }
+    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
+    constructor(permissionService){
+        _define_property(this, "permissionService", void 0);
+        this.permissionService = permissionService;
+    }
+};
+_ts_decorate([
+    (0, _common.Post)('my-permissions'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get current user permissions',
+        description: 'Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _permissiondto.MyPermissionsResponseDto
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 401,
+        description: 'Unauthorized'
+    }),
+    (0, _swagger.ApiBody)({
+        type: _permissiondto.MyPermissionsQueryDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_param(1, (0, _nestjsshared.CurrentUser)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissiondto.MyPermissionsQueryDto === "undefined" ? Object : _permissiondto.MyPermissionsQueryDto,
+        typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], MyPermissionController.prototype, "getMyPermissions", null);
+MyPermissionController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - My Permissions'),
+    (0, _common.Controller)('iam/permissions'),
+    (0, _common.UseGuards)(_guards.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
+    ])
+], MyPermissionController);

package/cjs/controllers/role-permission.controller.js

@@ -0,0 +1,160 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "RolePermissionController", {
+    enumerable: true,
+    get: function() {
+        return RolePermissionController;
+    }
+});
+const _nestjsshared = require("@flusys/nestjs-shared");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _permissiondto = require("../dtos/permission.dto");
+const _permissionservice = require("../services/permission.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let RolePermissionController = class RolePermissionController {
+    async assignRoleActions(dto) {
+        return this.permissionService.assignRoleActions(dto);
+    }
+    async getRoleActions(roleId, query) {
+        const actions = await this.permissionService.getRoleActions(roleId);
+        return {
+            success: true,
+            message: 'Role actions retrieved successfully',
+            data: actions
+        };
+    }
+    async assignUserRoles(dto) {
+        return this.permissionService.assignUserRoles(dto);
+    }
+    async getUserRoles(userId, query) {
+        const roles = await this.permissionService.getUserRoles(userId, query.branchId, query.companyId);
+        return {
+            success: true,
+            message: 'User roles retrieved successfully',
+            data: roles
+        };
+    }
+    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
+    constructor(permissionService){
+        _define_property(this, "permissionService", void 0);
+        this.permissionService = permissionService;
+    }
+};
+_ts_decorate([
+    (0, _common.Post)('role-actions/assign'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Assign/remove actions to/from role',
+        description: 'RBAC mode. No branch scoping.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _permissiondto.PermissionOperationResultDto
+    }),
+    (0, _swagger.ApiBody)({
+        type: _permissiondto.AssignRoleActionsDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissiondto.AssignRoleActionsDto === "undefined" ? Object : _permissiondto.AssignRoleActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], RolePermissionController.prototype, "assignRoleActions", null);
+_ts_decorate([
+    (0, _common.Get)('role-actions/:roleId'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get role actions',
+        description: 'Returns actions assigned to role.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _nestjsshared.SingleResponseDto
+    }),
+    _ts_param(0, (0, _common.Param)('roleId')),
+    _ts_param(1, (0, _common.Query)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        String,
+        typeof _permissiondto.GetRoleActionsDto === "undefined" ? Object : _permissiondto.GetRoleActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], RolePermissionController.prototype, "getRoleActions", null);
+_ts_decorate([
+    (0, _common.Post)('user-roles/assign'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Assign/remove roles to/from user',
+        description: 'RBAC mode. If company feature enabled, branchId is required.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _permissiondto.PermissionOperationResultDto
+    }),
+    (0, _swagger.ApiBody)({
+        type: _permissiondto.AssignUserRolesDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissiondto.AssignUserRolesDto === "undefined" ? Object : _permissiondto.AssignUserRolesDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], RolePermissionController.prototype, "assignUserRoles", null);
+_ts_decorate([
+    (0, _common.Get)('user-roles/:userId'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get user roles',
+        description: 'Returns roles assigned to user. Filter by companyId and branchId.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _nestjsshared.SingleResponseDto
+    }),
+    _ts_param(0, (0, _common.Param)('userId')),
+    _ts_param(1, (0, _common.Query)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        String,
+        typeof _permissiondto.GetUserRolesDto === "undefined" ? Object : _permissiondto.GetUserRolesDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], RolePermissionController.prototype, "getUserRoles", null);
+RolePermissionController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - Role Permissions'),
+    (0, _common.Controller)('iam/permissions'),
+    (0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
+    ])
+], RolePermissionController);

package/cjs/controllers/role.controller.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "RoleController", {
+    enumerable: true,
+    get: function() {
+        return RoleController;
+    }
+});
+const _classes = require("@flusys/nestjs-shared/classes");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _roledto = require("../dtos/role.dto");
+const _roleservice = require("../services/role.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let RoleController = class RoleController extends (0, _classes.createApiController)(_roledto.CreateRoleDto, _roledto.UpdateRoleDto, _roledto.RoleResponseDto, {
+    security: 'jwt'
+}) {
+    constructor(roleService){
+        super(roleService), _define_property(this, "roleService", void 0), this.roleService = roleService;
+    }
+};
+RoleController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - Roles'),
+    (0, _common.Controller)('iam/roles'),
+    _ts_param(0, (0, _common.Inject)(_roleservice.RoleService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _roleservice.RoleService === "undefined" ? Object : _roleservice.RoleService
+    ])
+], RoleController);

package/cjs/controllers/user-action-permission.controller.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "UserActionPermissionController", {
+    enumerable: true,
+    get: function() {
+        return UserActionPermissionController;
+    }
+});
+const _nestjsshared = require("@flusys/nestjs-shared");
+const _common = require("@nestjs/common");
+const _swagger = require("@nestjs/swagger");
+const _permissiondto = require("../dtos/permission.dto");
+const _permissionservice = require("../services/permission.service");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let UserActionPermissionController = class UserActionPermissionController {
+    async assignUserActions(dto) {
+        return this.permissionService.assignUserActions(dto);
+    }
+    async getUserActions(userId, query) {
+        const actions = await this.permissionService.getUserActions(userId, query.branchId, query.companyId);
+        return {
+            success: true,
+            message: 'User actions retrieved successfully',
+            data: actions
+        };
+    }
+    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
+    constructor(permissionService){
+        _define_property(this, "permissionService", void 0);
+        this.permissionService = permissionService;
+    }
+};
+_ts_decorate([
+    (0, _common.Post)('user-actions/assign'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Assign/remove actions to/from user',
+        description: 'Direct permissions. If company feature enabled, branchId is required.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _permissiondto.PermissionOperationResultDto
+    }),
+    (0, _swagger.ApiBody)({
+        type: _permissiondto.AssignUserActionsDto
+    }),
+    _ts_param(0, (0, _common.Body)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissiondto.AssignUserActionsDto === "undefined" ? Object : _permissiondto.AssignUserActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], UserActionPermissionController.prototype, "assignUserActions", null);
+_ts_decorate([
+    (0, _common.Get)('user-actions/:userId'),
+    (0, _swagger.ApiOperation)({
+        summary: 'Get user direct actions',
+        description: 'Returns direct action permissions for user. Filter by companyId and branchId.'
+    }),
+    (0, _swagger.ApiResponse)({
+        status: 200,
+        type: _nestjsshared.SingleResponseDto
+    }),
+    _ts_param(0, (0, _common.Param)('userId')),
+    _ts_param(1, (0, _common.Query)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        String,
+        typeof _permissiondto.GetUserActionsDto === "undefined" ? Object : _permissiondto.GetUserActionsDto
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], UserActionPermissionController.prototype, "getUserActions", null);
+UserActionPermissionController = _ts_decorate([
+    (0, _swagger.ApiTags)('IAM - User Action Permissions'),
+    (0, _common.Controller)('iam/permissions'),
+    (0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
+    (0, _swagger.ApiBearerAuth)(),
+    _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
+    ])
+], UserActionPermissionController);