npm - @flusys/nestjs-iam - Versions diffs - 0.1.0-beta.1 → 0.1.0-beta.2 - Mend

@flusys/nestjs-iam 0.1.0-beta.1 → 0.1.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/README.md +665 -0
package/cjs/config/iam.constants.js +11 -0
package/cjs/config/index.js +18 -0
package/cjs/controllers/action.controller.js +117 -0
package/cjs/controllers/company-action-permission.controller.js +110 -0
package/cjs/controllers/index.js +23 -0
package/cjs/controllers/my-permission.controller.js +90 -0
package/cjs/controllers/role-permission.controller.js +160 -0
package/cjs/controllers/role.controller.js +58 -0
package/cjs/controllers/user-action-permission.controller.js +110 -0
package/cjs/docs/iam-swagger.config.js +202 -0
package/cjs/docs/index.js +18 -0
package/cjs/dtos/action.dto.js +347 -0
package/cjs/dtos/index.js +21 -0
package/cjs/dtos/permission.dto.js +554 -0
package/cjs/dtos/role.dto.js +238 -0
package/cjs/entities/action-base.entity.js +135 -0
package/cjs/entities/action.entity.js +28 -0
package/cjs/entities/index.js +81 -0
package/cjs/entities/permission-base.entity.js +156 -0
package/cjs/entities/permission-with-company.entity.js +99 -0
package/cjs/entities/role-base.entity.js +86 -0
package/cjs/entities/role-with-company.entity.js +55 -0
package/cjs/entities/role.entity.js +25 -0
package/cjs/entities/user-iam-permission.entity.js +57 -0
package/cjs/enums/action-type.enum.js +22 -0
package/cjs/enums/index.js +19 -0
package/cjs/enums/permission-type.enum.js +16 -0
package/cjs/helpers/index.js +19 -0
package/cjs/helpers/permission-evaluator.helper.js +175 -0
package/cjs/helpers/permission-mode.helper.js +49 -0
package/cjs/index.js +28 -79
package/cjs/interfaces/action.interface.js +4 -0
package/cjs/interfaces/iam-module-async-options.interface.js +4 -0
package/cjs/interfaces/iam-module-options.interface.js +18 -0
package/cjs/interfaces/index.js +21 -0
package/cjs/interfaces/role.interface.js +7 -0
package/cjs/modules/iam.module.js +237 -0
package/cjs/modules/index.js +18 -0
package/cjs/services/action.service.js +253 -0
package/cjs/services/iam-config.service.js +107 -0
package/cjs/services/iam-datasource.provider.js +205 -0
package/cjs/services/index.js +23 -0
package/cjs/services/permission-cache.service.js +308 -0
package/cjs/services/permission.service.js +1020 -0
package/cjs/services/role.service.js +181 -0
package/cjs/types/index.js +18 -0
package/cjs/types/logic-node.type.js +54 -0
package/fesm/config/iam.constants.js +1 -0
package/fesm/config/index.js +1 -0
package/fesm/controllers/action.controller.js +107 -0
package/fesm/controllers/company-action-permission.controller.js +100 -0
package/fesm/controllers/index.js +7 -0
package/fesm/controllers/my-permission.controller.js +80 -0
package/fesm/controllers/role-permission.controller.js +150 -0
package/fesm/controllers/role.controller.js +48 -0
package/fesm/controllers/user-action-permission.controller.js +100 -0
package/fesm/docs/iam-swagger.config.js +192 -0
package/fesm/docs/index.js +1 -0
package/fesm/dtos/action.dto.js +317 -0
package/fesm/dtos/index.js +4 -0
package/fesm/dtos/permission.dto.js +490 -0
package/fesm/dtos/role.dto.js +214 -0
package/fesm/entities/action-base.entity.js +128 -0
package/fesm/entities/action.entity.js +18 -0
package/fesm/entities/index.js +56 -0
package/fesm/entities/permission-base.entity.js +138 -0
package/fesm/entities/permission-with-company.entity.js +89 -0
package/fesm/entities/role-base.entity.js +79 -0
package/fesm/entities/role-with-company.entity.js +45 -0
package/fesm/entities/role.entity.js +15 -0
package/fesm/entities/user-iam-permission.entity.js +38 -0
package/fesm/enums/action-type.enum.js +12 -0
package/fesm/enums/index.js +2 -0
package/fesm/enums/permission-type.enum.js +6 -0
package/fesm/helpers/index.js +2 -0
package/fesm/helpers/permission-evaluator.helper.js +165 -0
package/fesm/helpers/permission-mode.helper.js +49 -0
package/fesm/index.js +11 -79
package/fesm/interfaces/action.interface.js +3 -0
package/fesm/interfaces/iam-module-async-options.interface.js +3 -0
package/fesm/interfaces/iam-module-options.interface.js +1 -0
package/fesm/interfaces/index.js +4 -0
package/fesm/interfaces/role.interface.js +4 -0
package/fesm/modules/iam.module.js +227 -0
package/fesm/modules/index.js +1 -0
package/fesm/services/action.service.js +243 -0
package/fesm/services/iam-config.service.js +97 -0
package/fesm/services/iam-datasource.provider.js +154 -0
package/fesm/services/index.js +6 -0
package/fesm/services/permission-cache.service.js +298 -0
package/fesm/services/permission.service.js +1010 -0
package/fesm/services/role.service.js +171 -0
package/fesm/types/index.js +1 -0
package/fesm/types/logic-node.type.js +36 -0
package/package.json +25 -25
package/cjs/config-index.js +0 -1
package/cjs/controllers-index.js +0 -1
package/cjs/docs-index.js +0 -79
package/cjs/dtos-index.js +0 -1
package/cjs/entities-index.js +0 -1
package/cjs/enums-index.js +0 -1
package/cjs/helpers-index.js +0 -1
package/cjs/interfaces-index.js +0 -1
package/cjs/modules-index.js +0 -1
package/cjs/services-index.js +0 -1
package/cjs/types-index.js +0 -1
package/fesm/config-index.js +0 -1
package/fesm/controllers-index.js +0 -1
package/fesm/docs-index.js +0 -79
package/fesm/dtos-index.js +0 -1
package/fesm/entities-index.js +0 -1
package/fesm/enums-index.js +0 -1
package/fesm/helpers-index.js +0 -1
package/fesm/interfaces-index.js +0 -0
package/fesm/modules-index.js +0 -1
package/fesm/services-index.js +0 -1
package/fesm/types-index.js +0 -1

package/cjs/index.js CHANGED Viewed

@@ -1,79 +1,28 @@
-"use strict";var __defProp=Object.defineProperty;var __getOwnPropDesc=Object.getOwnPropertyDescriptor;var __getOwnPropNames=Object.getOwnPropertyNames;var __hasOwnProp=Object.prototype.hasOwnProperty;var __defNormalProp=(obj,key,value)=>key in obj?__defProp(obj,key,{enumerable:true,configurable:true,writable:true,value}):obj[key]=value;var __name=(target,value)=>__defProp(target,"name",{value,configurable:true});var __esm=(fn,res)=>function __init(){return fn&&(res=(0,fn[__getOwnPropNames(fn)[0]])(fn=0)),res};var __export=(target,all)=>{for(var name in all)__defProp(target,name,{get:all[name],enumerable:true})};var __copyProps=(to,from,except,desc)=>{if(from&&typeof from==="object"||typeof from==="function"){for(let key of __getOwnPropNames(from))if(!__hasOwnProp.call(to,key)&&key!==except)__defProp(to,key,{get:()=>from[key],enumerable:!(desc=__getOwnPropDesc(from,key))||desc.enumerable})}return to};var __toCommonJS=mod=>__copyProps(__defProp({},"__esModule",{value:true}),mod);var __decorateClass=(decorators,target,key,kind)=>{var result=kind>1?void 0:kind?__getOwnPropDesc(target,key):target;for(var i=decorators.length-1,decorator;i>=0;i--)if(decorator=decorators[i])result=(kind?decorator(target,key,result):decorator(result))||result;if(kind&&result)__defProp(target,key,result);return result};var __decorateParam=(index,decorator)=>(target,key)=>decorator(target,key,index);var __publicField=(obj,key,value)=>__defNormalProp(obj,typeof key!=="symbol"?key+"":key,value);var ActionType;var init_action_type_enum=__esm({"projects/nestjs-iam/src/enums/action-type.enum.ts"(){"use strict";ActionType=(ActionType2=>{ActionType2["BACKEND"]="backend";ActionType2["FRONTEND"]="frontend";ActionType2["BOTH"]="both";return ActionType2})(ActionType||{})}});var IAMPermissionMode;var init_permission_type_enum=__esm({"projects/nestjs-iam/src/enums/permission-type.enum.ts"(){"use strict";IAMPermissionMode=(IAMPermissionMode2=>{IAMPermissionMode2[IAMPermissionMode2["RBAC"]=1]="RBAC";IAMPermissionMode2[IAMPermissionMode2["DIRECT"]=2]="DIRECT";IAMPermissionMode2[IAMPermissionMode2["FULL"]=3]="FULL";return IAMPermissionMode2})(IAMPermissionMode||{})}});var init_enums=__esm({"projects/nestjs-iam/src/enums/index.ts"(){"use strict";init_action_type_enum();init_permission_type_enum()}});var import_nestjs_shared,import_typeorm,ActionBase;var init_action_base_entity=__esm({"projects/nestjs-iam/src/entities/action-base.entity.ts"(){"use strict";import_nestjs_shared=require("@flusys/nestjs-shared");import_typeorm=require("typeorm");init_enums();ActionBase=class extends import_nestjs_shared.Identity{static{__name(this,"ActionBase")}readOnly;name;description;code;actionType;permissionLogic;serial;isActive;parent;parentId;children;metadata};__decorateClass([(0,import_typeorm.Column)({type:"boolean",nullable:false,default:false,name:"read_only"})],ActionBase.prototype,"readOnly",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:255,nullable:false})],ActionBase.prototype,"name",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:500,nullable:true})],ActionBase.prototype,"description",2);__decorateClass([(0,import_typeorm.Column)({type:"varchar",length:255,nullable:true,unique:true})],ActionBase.prototype,"code",2);__decorateClass([(0,import_typeorm.Column)({type:"enum",enum:ActionType,nullable:false,default:"backend",name:"action_type"})],ActionBase.prototype,"actionType",2);__decorateClass([(0,import_typeorm.Column)("simple-json",{nullable:true,name:"permission_logic"})],ActionBase.prototype,"permissionLogic",2);__decorateClass([(0,import_typeorm.Column)({type:"int",nullable:true})],ActionBase.prototype,"serial",2);__decorateClass([(0,import_typeorm.Column)({type:"boolean",nullable:false,default:true,name:"is_active"})],ActionBase.prototype,"isActive",2);__decorateClass([(0,import_typeorm.ManyToOne)("Action","children",{nullable:true,onDelete:"CASCADE"}),(0,import_typeorm.JoinColumn)({name:"parent_id"})],ActionBase.prototype,"parent",2);__decorateClass([(0,import_typeorm.Column)({type:"uuid",nullable:true,name:"parent_id"})],ActionBase.prototype,"parentId",2);__decorateClass([(0,import_typeorm.OneToMany)("Action","parent")],ActionBase.prototype,"children",2);__decorateClass([(0,import_typeorm.Column)("simple-json",{nullable:true})],ActionBase.prototype,"metadata",2)}});var import_typeorm2,Action;var init_action_entity=__esm({"projects/nestjs-iam/src/entities/action.entity.ts"(){"use strict";import_typeorm2=require("typeorm");init_action_base_entity();Action=class extends ActionBase{};__name(Action,"Action");Action=__decorateClass([(0,import_typeorm2.Entity)({name:"action"}),(0,import_typeorm2.Index)(["parentId"])],Action)}});var import_nestjs_shared2,import_typeorm3,IamPermissionType,IamEntityType,PermissionBase;var init_permission_base_entity=__esm({"projects/nestjs-iam/src/entities/permission-base.entity.ts"(){"use strict";import_nestjs_shared2=require("@flusys/nestjs-shared");import_typeorm3=require("typeorm");IamPermissionType=(IamPermissionType2=>{IamPermissionType2["USER_ROLE"]="user_role";IamPermissionType2["ROLE_ACTION"]="role_action";IamPermissionType2["USER_ACTION"]="user_action";IamPermissionType2["COMPANY_ACTION"]="company_action";return IamPermissionType2})(IamPermissionType||{});IamEntityType=(IamEntityType2=>{IamEntityType2["USER"]="user";IamEntityType2["ROLE"]="role";IamEntityType2["ACTION"]="action";IamEntityType2["COMPANY"]="company";return IamEntityType2})(IamEntityType||{});PermissionBase=class extends import_nestjs_shared2.Identity{static{__name(this,"PermissionBase")}permissionType;sourceType;sourceId;targetType;targetId;userId;validFrom;validUntil;reason;metadata;isUserRole(){return this.permissionType==="user_role"}isRoleAction(){return this.permissionType==="role_action"}isUserAction(){return this.permissionType==="user_action"}isCompanyAction(){return this.permissionType==="company_action"}isValid(now=new Date){if(this.validFrom&&now<this.validFrom)return false;if(this.validUntil&&now>this.validUntil)return false;return true}};__decorateClass([(0,import_typeorm3.Column)({type:"enum",enum:IamPermissionType,name:"permission_type"})],PermissionBase.prototype,"permissionType",2);__decorateClass([(0,import_typeorm3.Column)({type:"enum",enum:IamEntityType,name:"source_type"})],PermissionBase.prototype,"sourceType",2);__decorateClass([(0,import_typeorm3.Column)({type:"uuid",name:"source_id"})],PermissionBase.prototype,"sourceId",2);__decorateClass([(0,import_typeorm3.Column)({type:"enum",enum:IamEntityType,name:"target_type"})],PermissionBase.prototype,"targetType",2);__decorateClass([(0,import_typeorm3.Column)({type:"uuid",name:"target_id"})],PermissionBase.prototype,"targetId",2);__decorateClass([(0,import_typeorm3.Column)({type:"uuid",nullable:true,name:"user_id"})],PermissionBase.prototype,"userId",2);__decorateClass([(0,import_typeorm3.Column)({type:"timestamp",nullable:true,name:"valid_from"})],PermissionBase.prototype,"validFrom",2);__decorateClass([(0,import_typeorm3.Column)({type:"timestamp",nullable:true,name:"valid_until"})],PermissionBase.prototype,"validUntil",2);__decorateClass([(0,import_typeorm3.Column)({type:"text",nullable:true})],PermissionBase.prototype,"reason",2);__decorateClass([(0,import_typeorm3.Column)("simple-json",{nullable:true})],PermissionBase.prototype,"metadata",2)}});var import_typeorm4,UserIamPermissionWithCompany;var init_permission_with_company_entity=__esm({"projects/nestjs-iam/src/entities/permission-with-company.entity.ts"(){"use strict";import_typeorm4=require("typeorm");init_permission_base_entity();UserIamPermissionWithCompany=class extends PermissionBase{companyId;branchId};__name(UserIamPermissionWithCompany,"UserIamPermissionWithCompany");__decorateClass([(0,import_typeorm4.Column)({type:"uuid",nullable:true,name:"company_id"})],UserIamPermissionWithCompany.prototype,"companyId",2);__decorateClass([(0,import_typeorm4.Column)({type:"uuid",nullable:true,name:"branch_id"})],UserIamPermissionWithCompany.prototype,"branchId",2);UserIamPermissionWithCompany=__decorateClass([(0,import_typeorm4.Entity)({name:"user_iam_permission"}),(0,import_typeorm4.Index)(["permissionType","sourceId","targetId"],{unique:true}),(0,import_typeorm4.Index)(["sourceId","sourceType"]),(0,import_typeorm4.Index)(["targetId","targetType"]),(0,import_typeorm4.Index)(["permissionType"]),(0,import_typeorm4.Index)(["userId"]),(0,import_typeorm4.Index)(["companyId"]),(0,import_typeorm4.Index)(["branchId"]),(0,import_typeorm4.Index)(["companyId","branchId"])],UserIamPermissionWithCompany)}});var import_nestjs_shared3,import_typeorm5,RoleBase;var init_role_base_entity=__esm({"projects/nestjs-iam/src/entities/role-base.entity.ts"(){"use strict";import_nestjs_shared3=require("@flusys/nestjs-shared");import_typeorm5=require("typeorm");RoleBase=class extends import_nestjs_shared3.Identity{static{__name(this,"RoleBase")}readOnly;name;description;isActive;serial;metadata};__decorateClass([(0,import_typeorm5.Column)({type:"boolean",nullable:false,default:false,name:"read_only"})],RoleBase.prototype,"readOnly",2);__decorateClass([(0,import_typeorm5.Column)({type:"varchar",length:255,nullable:false})],RoleBase.prototype,"name",2);__decorateClass([(0,import_typeorm5.Column)({type:"varchar",length:500,nullable:true})],RoleBase.prototype,"description",2);__decorateClass([(0,import_typeorm5.Column)({type:"boolean",nullable:false,default:true,name:"is_active"})],RoleBase.prototype,"isActive",2);__decorateClass([(0,import_typeorm5.Column)({type:"int",nullable:true})],RoleBase.prototype,"serial",2);__decorateClass([(0,import_typeorm5.Column)("simple-json",{nullable:true})],RoleBase.prototype,"metadata",2)}});var import_typeorm6,RoleWithCompany;var init_role_with_company_entity=__esm({"projects/nestjs-iam/src/entities/role-with-company.entity.ts"(){"use strict";import_typeorm6=require("typeorm");init_role_base_entity();RoleWithCompany=class extends RoleBase{companyId};__name(RoleWithCompany,"RoleWithCompany");__decorateClass([(0,import_typeorm6.Column)({type:"uuid",nullable:true,name:"company_id"})],RoleWithCompany.prototype,"companyId",2);RoleWithCompany=__decorateClass([(0,import_typeorm6.Entity)({name:"role"}),(0,import_typeorm6.Index)(["companyId"])],RoleWithCompany)}});var import_typeorm7,Role;var init_role_entity=__esm({"projects/nestjs-iam/src/entities/role.entity.ts"(){"use strict";import_typeorm7=require("typeorm");init_role_base_entity();Role=class extends RoleBase{};__name(Role,"Role");Role=__decorateClass([(0,import_typeorm7.Entity)({name:"role"})],Role)}});var import_typeorm8,UserIamPermission;var init_user_iam_permission_entity=__esm({"projects/nestjs-iam/src/entities/user-iam-permission.entity.ts"(){"use strict";import_typeorm8=require("typeorm");init_permission_base_entity();init_permission_base_entity();UserIamPermission=class extends PermissionBase{};__name(UserIamPermission,"UserIamPermission");UserIamPermission=__decorateClass([(0,import_typeorm8.Entity)({name:"user_iam_permission"}),(0,import_typeorm8.Index)(["permissionType","sourceId","targetId"],{unique:true}),(0,import_typeorm8.Index)(["sourceId","sourceType"]),(0,import_typeorm8.Index)(["targetId","targetType"]),(0,import_typeorm8.Index)(["permissionType"]),(0,import_typeorm8.Index)(["userId"])],UserIamPermission)}});var entities_exports={};__export(entities_exports,{Action:()=>Action,ActionBase:()=>ActionBase,IAMAllEntities:()=>IAMAllEntities,IAMCompanyEntities:()=>IAMCompanyEntities,IAMCoreEntities:()=>IAMCoreEntities,IamEntityType:()=>IamEntityType,IamPermissionType:()=>IamPermissionType,PermissionBase:()=>PermissionBase,Role:()=>Role,RoleBase:()=>RoleBase,RoleWithCompany:()=>RoleWithCompany,UserIamPermission:()=>UserIamPermission,UserIamPermissionWithCompany:()=>UserIamPermissionWithCompany,getIAMEntitiesByConfig:()=>getIAMEntitiesByConfig});function getIAMEntitiesByConfig(enableCompanyFeature,permissionMode="FULL"){const entities=[Action];if(enableCompanyFeature){entities.push(UserIamPermissionWithCompany)}else{entities.push(UserIamPermission)}if(permissionMode==="RBAC"||permissionMode==="FULL"){if(enableCompanyFeature){entities.push(RoleWithCompany)}else{entities.push(Role)}}return entities}var IAMCoreEntities,IAMCompanyEntities,IAMAllEntities;var init_entities=__esm({"projects/nestjs-iam/src/entities/index.ts"(){"use strict";init_action_base_entity();init_action_entity();init_permission_base_entity();init_permission_with_company_entity();init_role_base_entity();init_role_with_company_entity();init_role_entity();init_user_iam_permission_entity();init_action_entity();init_role_entity();init_role_with_company_entity();init_user_iam_permission_entity();init_permission_with_company_entity();IAMCoreEntities=[Action,Role,UserIamPermission];IAMCompanyEntities=[RoleWithCompany,UserIamPermissionWithCompany];IAMAllEntities=[Action,Role,RoleWithCompany,UserIamPermission,UserIamPermissionWithCompany];__name(getIAMEntitiesByConfig,"getIAMEntitiesByConfig")}});var index_exports={};__export(index_exports,{Action:()=>Action,ActionBase:()=>ActionBase,ActionController:()=>ActionController,ActionQueryDto:()=>ActionQueryDto,ActionResponseDto:()=>ActionResponseDto,ActionService:()=>ActionService,ActionTreeDto:()=>ActionTreeDto,ActionTreeQueryDto:()=>ActionTreeQueryDto,ActionType:()=>ActionType,AssignCompanyActionsDto:()=>AssignCompanyActionsDto,AssignRoleActionsDto:()=>AssignRoleActionsDto,AssignUserActionsDto:()=>AssignUserActionsDto,AssignUserRolesDto:()=>AssignUserRolesDto,CompanyActionPermissionController:()=>CompanyActionPermissionController,CompanyActionResponseDto:()=>CompanyActionResponseDto,CreateActionDto:()=>CreateActionDto,CreateRoleDto:()=>CreateRoleDto,FrontendActionDto:()=>FrontendActionDto,GetCompanyActionsDto:()=>GetCompanyActionsDto,GetRoleActionsDto:()=>GetRoleActionsDto,GetUserActionsDto:()=>GetUserActionsDto,GetUserRolesDto:()=>GetUserRolesDto,IAMAllEntities:()=>IAMAllEntities,IAMCompanyEntities:()=>IAMCompanyEntities,IAMConfigService:()=>IAMConfigService,IAMCoreEntities:()=>IAMCoreEntities,IAMDataSourceProvider:()=>IAMDataSourceProvider,IAMModule:()=>IAMModule,IAMPermissionMode:()=>IAMPermissionMode,IAM_MODULE_OPTIONS:()=>IAM_MODULE_OPTIONS,IamEntityType:()=>IamEntityType,IamPermissionType:()=>IamPermissionType,LogicNodeType:()=>LogicNodeType,LogicOperator:()=>LogicOperator,MyPermissionController:()=>MyPermissionController,MyPermissionsQueryDto:()=>MyPermissionsQueryDto,MyPermissionsResponseDto:()=>MyPermissionsResponseDto,PermissionAction:()=>PermissionAction,PermissionBase:()=>PermissionBase,PermissionCacheService:()=>PermissionCacheService,PermissionEvaluatorHelper:()=>PermissionEvaluatorHelper,PermissionItemDto:()=>PermissionItemDto,PermissionModeHelper:()=>PermissionModeHelper,PermissionOperationResultDto:()=>PermissionOperationResultDto,PermissionService:()=>PermissionService,Role:()=>Role,RoleActionResponseDto:()=>RoleActionResponseDto,RoleBase:()=>RoleBase,RoleController:()=>RoleController,RolePermissionController:()=>RolePermissionController,RoleQueryDto:()=>RoleQueryDto,RoleResponseDto:()=>RoleResponseDto,RoleService:()=>RoleService,RoleWithCompany:()=>RoleWithCompany,UpdateActionDto:()=>UpdateActionDto,UpdateRoleDto:()=>UpdateRoleDto,UserActionPermissionController:()=>UserActionPermissionController,UserActionResponseDto:()=>UserActionResponseDto,UserIamPermission:()=>UserIamPermission,UserIamPermissionWithCompany:()=>UserIamPermissionWithCompany,UserRoleResponseDto:()=>UserRoleResponseDto,getIAMEntitiesByConfig:()=>getIAMEntitiesByConfig,iamSwaggerConfig:()=>iamSwaggerConfig});module.exports=__toCommonJS(index_exports);var IAM_MODULE_OPTIONS="IAM_MODULE_OPTIONS";var import_guards=require("@flusys/nestjs-shared/guards");var import_nestjs_shared4=require("@flusys/nestjs-shared");var import_common7=require("@nestjs/common");var import_swagger3=require("@nestjs/swagger");var import_swagger=require("@nestjs/swagger");var import_class_validator=require("class-validator");init_enums();var CreateActionDto=class{static{__name(this,"CreateActionDto")}name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata};__decorateClass([(0,import_swagger.ApiProperty)({description:"Action name",example:"View Users"}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsNotEmpty)(),(0,import_class_validator.MaxLength)(255)],CreateActionDto.prototype,"name",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Action description",example:"Permission to view user list",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)(),(0,import_class_validator.MaxLength)(500)],CreateActionDto.prototype,"description",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Unique code for programmatic reference",example:"user.view",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)(),(0,import_class_validator.MaxLength)(255)],CreateActionDto.prototype,"code",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Action type (backend for API endpoints, frontend for UI features)",enum:ActionType,example:"backend",default:"backend",required:false}),(0,import_class_validator.IsEnum)(ActionType),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"actionType",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Permission logic (AND/OR rules)",required:false}),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"permissionLogic",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Parent action ID for hierarchy",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"parentId",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Display order",required:false}),(0,import_class_validator.IsInt)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"serial",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Active status",default:true,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Additional metadata",required:false}),(0,import_class_validator.IsOptional)()],CreateActionDto.prototype,"metadata",2);var UpdateActionDto=class extends(0,import_swagger.PartialType)(CreateActionDto){static{__name(this,"UpdateActionDto")}id};__decorateClass([(0,import_swagger.ApiProperty)({description:"Action ID",example:"123e4567-e89b-12d3-a456-426614174000"}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsNotEmpty)()],UpdateActionDto.prototype,"id",2);var ActionResponseDto=class{static{__name(this,"ActionResponseDto")}id;readOnly;name;description;code;actionType;permissionLogic;parentId;serial;isActive;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"readOnly",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"name",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"description",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"code",2);__decorateClass([(0,import_swagger.ApiProperty)({enum:ActionType})],ActionResponseDto.prototype,"actionType",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"permissionLogic",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"parentId",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"serial",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"metadata",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"createdAt",2);__decorateClass([(0,import_swagger.ApiProperty)()],ActionResponseDto.prototype,"updatedAt",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"deletedAt",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"createdById",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"updatedById",2);__decorateClass([(0,import_swagger.ApiProperty)({required:false})],ActionResponseDto.prototype,"deletedById",2);var _ActionTreeDto=class _ActionTreeDto extends ActionResponseDto{static{__name(this,"ActionTreeDto")}children};__decorateClass([(0,import_swagger.ApiProperty)({type:__name(()=>[_ActionTreeDto],"type")})],_ActionTreeDto.prototype,"children",2);var ActionTreeDto=_ActionTreeDto;var ActionQueryDto=class{static{__name(this,"ActionQueryDto")}isActive;parentId};__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by active status",required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionQueryDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by parent ID",required:false}),(0,import_class_validator.IsUUID)(),(0,import_class_validator.IsOptional)()],ActionQueryDto.prototype,"parentId",2);var ActionTreeQueryDto=class{static{__name(this,"ActionTreeQueryDto")}search;isActive;withDeleted};__decorateClass([(0,import_swagger.ApiProperty)({description:"Search by name or code",example:"user",required:false}),(0,import_class_validator.IsString)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"search",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Filter by active status",example:true,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"isActive",2);__decorateClass([(0,import_swagger.ApiProperty)({description:"Include deleted actions",default:false,required:false}),(0,import_class_validator.IsBoolean)(),(0,import_class_validator.IsOptional)()],ActionTreeQueryDto.prototype,"withDeleted",2);var import_classes=require("@flusys/nestjs-shared/classes");var import_modules2=require("@flusys/nestjs-shared/modules");var import_common6=require("@nestjs/common");var import_typeorm10=require("typeorm");init_action_entity();var import_common2=require("@nestjs/common");init_permission_type_enum();var import_common=require("@nestjs/common");var PermissionEvaluatorHelper=class{evaluate(logic,context){if(!logic){return true}return this.evaluateNode(logic,context)}evaluateNode(node,context){switch(node.type){case"action":return this.evaluateAction(node.actionId,context);case"group":return this.evaluateGroup(node,context);default:return false}}evaluateAction(actionId,context){if(context.deniedActionIds.has(actionId)){return false}if(context.grantedActionIds.has(actionId)){return true}if(context.inheritedActionIds?.has(actionId)){return true}return false}evaluateGroup(node,context){if(!node.children||node.children.length===0){return false}const results=node.children.map(child=>this.evaluateNode(child,context));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}batchEvaluate(logics,context){const results=new Map;for(const item of logics){results.set(item.id,this.evaluate(item.logic,context))}return results}hasAnyAction(actionIds,context){return actionIds.some(actionId=>this.evaluateAction(actionId,context))}hasAllActions(actionIds,context){return actionIds.every(actionId=>this.evaluateAction(actionId,context))}hasAnyRole(roleIds,context){return roleIds.some(roleId=>context.roleIds.has(roleId))}hasAllRoles(roleIds,context){return roleIds.every(roleId=>context.roleIds.has(roleId))}evaluateLogicNode(logic,actionCodes){if(!logic){return true}return this.evaluateNodeSimple(logic,actionCodes)}evaluateNodeSimple(node,actionCodes){switch(node.type){case"action":return node.actionId?actionCodes.has(node.actionId):false;case"group":return this.evaluateGroupSimple(node,actionCodes);default:return false}}evaluateGroupSimple(node,actionCodes){if(!node.children||node.children.length===0){return node.operator==="AND"}const results=node.children.map(child=>this.evaluateNodeSimple(child,actionCodes));if(node.operator==="AND"){return results.every(result=>result===true)}else if(node.operator==="OR"){return results.some(result=>result===true)}return false}};__name(PermissionEvaluatorHelper,"PermissionEvaluatorHelper");PermissionEvaluatorHelper=__decorateClass([(0,import_common.Injectable)()],PermissionEvaluatorHelper);init_permission_type_enum();var PermissionModeHelper=class{static{__name(this,"PermissionModeHelper")}static fromString(modeStr){if(!modeStr){return 3}const mode=IAMPermissionMode[modeStr];return mode??3}static toString(mode){return IAMPermissionMode[mode]}};var IAMConfigService=class{options;constructor(injectedOptions){this.options=injectedOptions??{global:false,includeController:false}}getDatabaseMode(){return this.options.bootstrapAppConfig?.databaseMode??"single"}isMultiTenant(){return this.getDatabaseMode()==="multi-tenant"}getEnableCompanyFeature(){return this.options.bootstrapAppConfig?.enableCompanyFeature??false}isCompanyFeatureEnabled(){return this.getEnableCompanyFeature()}getPermissionMode(){return PermissionModeHelper.fromString(this.options.bootstrapAppConfig?.permissionMode)}isRbacEnabled(){const mode=this.getPermissionMode();return mode===1||mode===3}isDirectPermissionEnabled(){const mode=this.getPermissionMode();return mode===2||mode===3}getOptions(){return this.options}};__name(IAMConfigService,"IAMConfigService");IAMConfigService=__decorateClass([(0,import_common2.Injectable)(),__decorateParam(0,(0,import_common2.Optional)()),__decorateParam(0,(0,import_common2.Inject)(IAM_MODULE_OPTIONS))],IAMConfigService);var import_modules=require("@flusys/nestjs-shared/modules");var import_common3=require("@nestjs/common");var import_core=require("@nestjs/core");var IAMDataSourceProvider=class extends import_modules.MultiTenantDataSourceService{constructor(iamOptions,request){super(IAMDataSourceProvider.buildParentOptions(iamOptions),request);this.iamOptions=iamOptions}logger=new import_common3.Logger(IAMDataSourceProvider.name);static buildParentOptions(options){return{bootstrapAppConfig:options.bootstrapAppConfig,defaultDatabaseConfig:options.config?.defaultDatabaseConfig,tenantDefaultDatabaseConfig:options.config?.tenantDefaultDatabaseConfig,tenants:options.config?.tenants}}getEnableCompanyFeature(){return this.iamOptions.bootstrapAppConfig?.enableCompanyFeature??false}getEnableCompanyFeatureForTenant(tenant){return tenant?.enableCompanyFeature??this.getEnableCompanyFeature()}getEnableCompanyFeatureForCurrentTenant(){return this.getEnableCompanyFeatureForTenant(this.getCurrentTenant()??void 0)}async getIAMEntities(){const{Action:Action2,Role:Role2,RoleWithCompany:RoleWithCompany2,UserIamPermission:UserIamPermission2,UserIamPermissionWithCompany:UserIamPermissionWithCompany2,getIAMEntitiesByConfig:getIAMEntitiesByConfig2}=await Promise.resolve().then(()=>(init_entities(),entities_exports));const enableCompanyFeature=this.getEnableCompanyFeatureForCurrentTenant();const permissionMode=this.iamOptions.bootstrapAppConfig?.permissionMode||"FULL";return getIAMEntitiesByConfig2(enableCompanyFeature,permissionMode)}async createDataSourceFromConfig(config){const entities=await this.getIAMEntities();return super.createDataSourceFromConfig(config,entities)}async getSingleDataSource(){if(!IAMDataSourceProvider.singleDataSource){if(IAMDataSourceProvider.singleConnectionLock){return IAMDataSourceProvider.singleConnectionLock}const lockPromise=(async()=>{const config=this.getDefaultDatabaseConfig();if(!config){throw new Error("Default database config is not available")}const ds=await this.createDataSourceFromConfig(config);IAMDataSourceProvider.singleDataSource=ds;IAMDataSourceProvider.initialized=true;return ds})();IAMDataSourceProvider.singleConnectionLock=lockPromise;try{return await lockPromise}finally{IAMDataSourceProvider.singleConnectionLock=null}}return IAMDataSourceProvider.singleDataSource}async getOrCreateTenantConnection(tenant){const existing=IAMDataSourceProvider.tenantConnections.get(tenant.id);if(existing?.isInitialized){return existing}const pendingConnection=IAMDataSourceProvider.connectionLocks.get(tenant.id);if(pendingConnection){return pendingConnection}const config=this.buildTenantDatabaseConfig(tenant);const connectionPromise=this.createDataSourceFromConfig(config);IAMDataSourceProvider.connectionLocks.set(tenant.id,connectionPromise);try{const dataSource=await connectionPromise;IAMDataSourceProvider.tenantConnections.set(tenant.id,dataSource);return dataSource}finally{IAMDataSourceProvider.connectionLocks.delete(tenant.id)}}};__name(IAMDataSourceProvider,"IAMDataSourceProvider");__publicField(IAMDataSourceProvider,"tenantConnections",new Map);__publicField(IAMDataSourceProvider,"singleDataSource",null);__publicField(IAMDataSourceProvider,"tenantsRegistry",new Map);__publicField(IAMDataSourceProvider,"initialized",false);__publicField(IAMDataSourceProvider,"connectionLocks",new Map);__publicField(IAMDataSourceProvider,"singleConnectionLock",null);IAMDataSourceProvider=__decorateClass([(0,import_common3.Injectable)({scope:import_common3.Scope.REQUEST}),__decorateParam(0,(0,import_common3.Inject)(IAM_MODULE_OPTIONS)),__decorateParam(1,(0,import_common3.Optional)()),__decorateParam(1,(0,import_common3.Inject)(import_core.REQUEST))],IAMDataSourceProvider);var import_common5=require("@nestjs/common");var import_typeorm9=require("typeorm");var import_swagger2=require("@nestjs/swagger");var import_class_transformer=require("class-transformer");var import_class_validator2=require("class-validator");var PermissionAction=(PermissionAction2=>{PermissionAction2["ADD"]="add";PermissionAction2["REMOVE"]="remove";return PermissionAction2})(PermissionAction||{});var PermissionItemDto=class{static{__name(this,"PermissionItemDto")}id;action};__decorateClass([(0,import_swagger2.ApiProperty)({description:"ID of the target (action or role)"}),(0,import_class_validator2.IsUUID)()],PermissionItemDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Action to perform",enum:PermissionAction,example:"add"}),(0,import_class_validator2.IsEnum)(PermissionAction)],PermissionItemDto.prototype,"action",2);var AssignUserActionsDto=class{static{__name(this,"AssignUserActionsDto")}userId;companyId;branchId;items};__decorateClass([(0,import_swagger2.ApiProperty)({description:"User ID"}),(0,import_class_validator2.IsUUID)()],AssignUserActionsDto.prototype,"userId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Company ID (for company-wide or branch-specific assignments)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],AssignUserActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Branch ID (null = company-wide, set = branch-specific)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],AssignUserActionsDto.prototype,"branchId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator2.IsArray)(),(0,import_class_validator2.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignUserActionsDto.prototype,"items",2);var AssignCompanyActionsDto=class{static{__name(this,"AssignCompanyActionsDto")}companyId;items};__decorateClass([(0,import_swagger2.ApiProperty)({description:"Company ID"}),(0,import_class_validator2.IsUUID)()],AssignCompanyActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Array of actions to assign/remove to company (whitelist)",type:[PermissionItemDto]}),(0,import_class_validator2.IsArray)(),(0,import_class_validator2.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignCompanyActionsDto.prototype,"items",2);var AssignRoleActionsDto=class{static{__name(this,"AssignRoleActionsDto")}roleId;items};__decorateClass([(0,import_swagger2.ApiProperty)({description:"Role ID"}),(0,import_class_validator2.IsUUID)()],AssignRoleActionsDto.prototype,"roleId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Array of actions to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator2.IsArray)(),(0,import_class_validator2.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignRoleActionsDto.prototype,"items",2);var AssignUserRolesDto=class{static{__name(this,"AssignUserRolesDto")}userId;companyId;branchId;items};__decorateClass([(0,import_swagger2.ApiProperty)({description:"User ID"}),(0,import_class_validator2.IsUUID)()],AssignUserRolesDto.prototype,"userId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Company ID (for company-wide or branch-specific assignments)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],AssignUserRolesDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Branch ID (null = company-wide, set = branch-specific)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],AssignUserRolesDto.prototype,"branchId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Array of roles to assign/remove",type:[PermissionItemDto]}),(0,import_class_validator2.IsArray)(),(0,import_class_validator2.ValidateNested)({each:true}),(0,import_class_transformer.Type)(()=>PermissionItemDto)],AssignUserRolesDto.prototype,"items",2);var GetUserActionsDto=class{static{__name(this,"GetUserActionsDto")}companyId;branchId};__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Company ID (ignored when enableCompanyFeature is false)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],GetUserActionsDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],GetUserActionsDto.prototype,"branchId",2);var GetRoleActionsDto=class{static{__name(this,"GetRoleActionsDto")}};var GetCompanyActionsDto=class{static{__name(this,"GetCompanyActionsDto")}};var GetUserRolesDto=class{static{__name(this,"GetUserRolesDto")}companyId;branchId};__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Company ID (ignored when enableCompanyFeature is false)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],GetUserRolesDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Branch ID to filter by branch (ignored when enableCompanyFeature is false)"}),(0,import_class_validator2.IsUUID)(),(0,import_class_validator2.IsOptional)()],GetUserRolesDto.prototype,"branchId",2);var UserActionResponseDto=class{static{__name(this,"UserActionResponseDto")}id;userId;actionId;actionCode;actionName;branchId;createdAt};__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"userId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)()],UserActionResponseDto.prototype,"branchId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserActionResponseDto.prototype,"createdAt",2);var RoleActionResponseDto=class{static{__name(this,"RoleActionResponseDto")}id;roleId;actionId;actionCode;actionName;createdAt};__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"roleId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger2.ApiProperty)()],RoleActionResponseDto.prototype,"createdAt",2);var CompanyActionResponseDto=class{static{__name(this,"CompanyActionResponseDto")}id;companyId;actionId;actionCode;actionName;createdAt};__decorateClass([(0,import_swagger2.ApiProperty)({description:"Permission ID"})],CompanyActionResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Company ID"})],CompanyActionResponseDto.prototype,"companyId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Action ID"})],CompanyActionResponseDto.prototype,"actionId",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Action Code"})],CompanyActionResponseDto.prototype,"actionCode",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Action Name"})],CompanyActionResponseDto.prototype,"actionName",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"When this permission was created"})],CompanyActionResponseDto.prototype,"createdAt",2);var UserRoleResponseDto=class{static{__name(this,"UserRoleResponseDto")}id;userId;roleId;roleName;branchId;createdAt};__decorateClass([(0,import_swagger2.ApiProperty)()],UserRoleResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserRoleResponseDto.prototype,"userId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserRoleResponseDto.prototype,"roleId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserRoleResponseDto.prototype,"roleName",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)()],UserRoleResponseDto.prototype,"branchId",2);__decorateClass([(0,import_swagger2.ApiProperty)()],UserRoleResponseDto.prototype,"createdAt",2);var FrontendActionDto=class{static{__name(this,"FrontendActionDto")}id;code;name;description};__decorateClass([(0,import_swagger2.ApiProperty)()],FrontendActionDto.prototype,"id",2);__decorateClass([(0,import_swagger2.ApiProperty)()],FrontendActionDto.prototype,"code",2);__decorateClass([(0,import_swagger2.ApiProperty)()],FrontendActionDto.prototype,"name",2);__decorateClass([(0,import_swagger2.ApiPropertyOptional)()],FrontendActionDto.prototype,"description",2);var MyPermissionsQueryDto=class{static{__name(this,"MyPermissionsQueryDto")}parentCodes};__decorateClass([(0,import_swagger2.ApiPropertyOptional)({description:"Filter by parent action codes",example:["user","role"],type:[String]}),(0,import_class_validator2.IsArray)(),(0,import_class_validator2.IsString)({each:true}),(0,import_class_validator2.IsOptional)()],MyPermissionsQueryDto.prototype,"parentCodes",2);var MyPermissionsResponseDto=class{static{__name(this,"MyPermissionsResponseDto")}frontendActions;cachedEndpoints};__decorateClass([(0,import_swagger2.ApiProperty)({type:[FrontendActionDto]})],MyPermissionsResponseDto.prototype,"frontendActions",2);__decorateClass([(0,import_swagger2.ApiProperty)({description:"Number of endpoint actions cached for PermissionGuard"})],MyPermissionsResponseDto.prototype,"cachedEndpoints",2);var PermissionOperationResultDto=class{static{__name(this,"PermissionOperationResultDto")}success;added;removed;message};__decorateClass([(0,import_swagger2.ApiProperty)()],PermissionOperationResultDto.prototype,"success",2);__decorateClass([(0,import_swagger2.ApiProperty)()],PermissionOperationResultDto.prototype,"added",2);__decorateClass([(0,import_swagger2.ApiProperty)()],PermissionOperationResultDto.prototype,"removed",2);__decorateClass([(0,import_swagger2.ApiProperty)()],PermissionOperationResultDto.prototype,"message",2);init_action_entity();init_permission_with_company_entity();init_role_with_company_entity();init_role_entity();init_user_iam_permission_entity();init_action_type_enum();init_permission_type_enum();var import_common4=require("@nestjs/common");var PermissionCacheService=class{constructor(cacheManager){this.cacheManager=cacheManager}logger=new import_common4.Logger(PermissionCacheService.name);TTL=36e5;ACTION_CODE_TTL=72e5;CACHE_PREFIX="permissions";MY_PERMISSIONS_PREFIX="my-permissions";ACTION_CODE_PREFIX="action-codes";generateCacheKey(options){const{userId,companyId,branchId,enableCompanyFeature}=options;if(enableCompanyFeature&&companyId){return`${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`}return`${this.CACHE_PREFIX}:user:${userId}`}generateMyPermissionsCacheKey(options){const{userId,companyId,branchId,enableCompanyFeature}=options;if(enableCompanyFeature&&companyId){return`${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`}return`${this.MY_PERMISSIONS_PREFIX}:user:${userId}`}async setPermissions(options,permissions){try{const key=this.generateCacheKey(options);await this.cacheManager.set(key,permissions,this.TTL);this.logger.debug(`Cached ${permissions.length} permissions for key: ${key}`)}catch(error){this.logger.error(`Failed to cache permissions: ${error}`)}}async getPermissions(options){try{const key=this.generateCacheKey(options);const result=await this.cacheManager.get(key);return result||null}catch(error){this.logger.error(`Failed to get permissions from cache: ${error}`);return null}}async setMyPermissions(options,data){try{const key=this.generateMyPermissionsCacheKey(options);await this.cacheManager.set(key,data,this.TTL);this.logger.debug(`Cached my-permissions for key: ${key} (${data.frontendActions.length} frontend, ${data.backendCodes.length} backend)`)}catch(error){this.logger.error(`Failed to cache my-permissions: ${error}`)}}async getMyPermissions(options){try{const key=this.generateMyPermissionsCacheKey(options);const result=await this.cacheManager.get(key);if(result){this.logger.debug(`Cache hit for my-permissions: ${key}`)}return result||null}catch(error){this.logger.error(`Failed to get my-permissions from cache: ${error}`);return null}}async setActionCodeMap(codeToIdMap){try{const key=`${this.ACTION_CODE_PREFIX}:map`;await this.cacheManager.set(key,codeToIdMap,this.ACTION_CODE_TTL);this.logger.debug(`Cached ${Object.keys(codeToIdMap).length} action code mappings`)}catch(error){this.logger.error(`Failed to cache action code map: ${error}`)}}async getActionIdsByCodes(codes){try{const key=`${this.ACTION_CODE_PREFIX}:map`;const fullMap=await this.cacheManager.get(key);if(!fullMap){return null}const result={};for(const code of codes){if(fullMap[code]){result[code]=fullMap[code]}}return Object.keys(result).length>0?result:null}catch(error){this.logger.error(`Failed to get action IDs from cache: ${error}`);return null}}async invalidateActionCodeCache(){try{const key=`${this.ACTION_CODE_PREFIX}:map`;await this.cacheManager.del(key);this.logger.debug("Invalidated action code cache")}catch(error){this.logger.warn(`Failed to invalidate action code cache: ${error}`)}}async invalidateUser(userId,companyId,branchIds){try{const keysToDelete=[`${this.CACHE_PREFIX}:user:${userId}`,`${this.MY_PERMISSIONS_PREFIX}:user:${userId}`];if(companyId){const branches=branchIds?.length?branchIds:[null];for(const branchId of branches){keysToDelete.push(`${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`,`${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId||"null"}:user:${userId}`)}}await Promise.all(keysToDelete.map(key=>this.cacheManager.del(key)));this.logger.debug(`Invalidated ${keysToDelete.length} cache keys for user ${userId}`)}catch(error){this.logger.warn(`Failed to invalidate user cache for ${userId}: ${error}`)}}async invalidateUsers(userIds,companyId,branchIds){if(userIds.length===0){return 0}const results=await Promise.allSettled(userIds.map(userId=>this.invalidateUser(userId,companyId,branchIds)));const successCount=results.filter(r=>r.status==="fulfilled").length;const failedCount=results.filter(r=>r.status==="rejected").length;if(failedCount>0){this.logger.warn(`Failed to invalidate cache for ${failedCount} users`)}if(successCount>0){this.logger.log(`Invalidated cache for ${successCount} users`)}return successCount}async invalidateCompany(companyId){this.logger.warn(`invalidateCompany called for ${companyId}, but pattern matching is not supported. Use invalidateUsers() with specific user IDs instead.`);return 0}async invalidateRole(roleId,userIds,companyId,branchIds){if(userIds.length===0){this.logger.debug(`No users found for role ${roleId}`);return 0}const count=await this.invalidateUsers(userIds,companyId,branchIds);if(count>0){this.logger.log(`Invalidated cache for ${count} users with role ${roleId}`)}return count}async clearAll(){try{await this.cacheManager.reset();await this.cacheManager.resetL2();this.logger.warn("Cleared all cache entries (memory and redis)")}catch(error){this.logger.error(`Failed to clear all caches: ${error}`)}}};__name(PermissionCacheService,"PermissionCacheService");PermissionCacheService=__decorateClass([(0,import_common4.Injectable)(),__decorateParam(0,(0,import_common4.Inject)("CACHE_INSTANCE"))],PermissionCacheService);var PermissionService=class{constructor(permissionEvaluator,permissionCacheService,iamConfigService,dataSourceProvider){this.permissionEvaluator=permissionEvaluator;this.permissionCacheService=permissionCacheService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new import_common5.Logger(PermissionService.name);async getPermissionRepository(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const entity=enableCompanyFeature?UserIamPermissionWithCompany:UserIamPermission;return this.dataSourceProvider.getRepository(entity)}async getActionRepository(){return this.dataSourceProvider.getRepository(Action)}async getRoleRepository(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const entity=enableCompanyFeature?RoleWithCompany:Role;return this.dataSourceProvider.getRepository(entity)}async assignUserActions(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const branchId=dto.branchId??null;const companyId=dto.companyId??null;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const actionIdsToAdd=itemsToAdd.map(item=>item.id);const whereFind={permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIdsToAdd)};if(enableCompanyFeature){if(companyId)whereFind.companyId=companyId;if(branchId)whereFind.branchId=branchId}const existingPermissions=await permissionRepo.find({where:whereFind,select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingActionIds.has(item.id)).map(item=>({permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:item.id,userId:dto.userId,companyId:enableCompanyFeature?companyId:null,branchId:enableCompanyFeature?branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const whereDelete={permissionType:"user_action",sourceType:"user",sourceId:dto.userId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIdsToRemove)};if(enableCompanyFeature){if(companyId)whereDelete.companyId=companyId;if(branchId)whereDelete.branchId=branchId}const result=await permissionRepo.delete(whereDelete);removed=result.affected||0}await this.invalidateUserPermissionCache(dto.userId,branchId,companyId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed`}}async getUserActions(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const where={permissionType:"user_action",sourceType:"user",sourceId:userId};if(enableCompanyFeature){if(companyId){where.companyId=companyId}if(branchId){where.branchId=branchId}else{where.branchId=null}}const permissions=await permissionRepo.find({where});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actionWhere={id:(0,import_typeorm9.In)(actionIds)};const actions=await actionRepo.find({where:actionWhere});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,userId:p.userId,actionId:action.id,actionCode:action.code??"",actionName:action.name,branchId:("branchId"in p?p.branchId:null)??null,createdAt:p.createdAt}})}async assignRoleActions(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let roleCompanyId=null;if(enableCompanyFeature){const roleRepo=await this.getRoleRepository();const role=await roleRepo.findOne({where:{id:dto.roleId},select:["id","companyId"]});roleCompanyId=role?.companyId??null}const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const actionIdsToAdd=itemsToAdd.map(item=>item.id);const existingPermissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIdsToAdd)},select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingActionIds.has(item.id)).map(item=>({permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:item.id,userId:null,companyId:enableCompanyFeature?roleCompanyId:null,branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const result=await permissionRepo.delete({permissionType:"role_action",sourceType:"role",sourceId:dto.roleId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIdsToRemove)});removed=result.affected||0}const affectedUsers=await this.invalidateRoleMembersCache(dto.roleId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed. Invalidated cache for ${affectedUsers} users.`}}async getRoleActions(roleId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const permissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:roleId}});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actionWhere={id:(0,import_typeorm9.In)(actionIds)};const actions=await actionRepo.find({where:actionWhere});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,roleId:p.sourceId,actionId:action.id,actionCode:action.code??"",actionName:action.name,createdAt:p.createdAt}})}async assignCompanyActions(dto){const permissionRepo=await this.getPermissionRepository();const dataSource=permissionRepo.manager.connection;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;let removedRoleActions=0;let removedUserActions=0;await dataSource.transaction(async manager=>{const transactionalPermissionRepo=manager.getRepository(permissionRepo.target);if(itemsToAdd.length>0){added=await this.addCompanyActions(transactionalPermissionRepo,dto.companyId,itemsToAdd.map(item=>item.id))}if(itemsToRemove.length>0){const actionIdsToRemove=itemsToRemove.map(item=>item.id);const cascadeResult=await this.removeCompanyActionsWithCascade(manager,dto.companyId,actionIdsToRemove);removed=cascadeResult.removedCompanyActions;removedRoleActions=cascadeResult.removedRoleActions;removedUserActions=cascadeResult.removedUserActions}});const affectedCacheEntries=await this.invalidateCompanyMembersCache(dto.companyId);const cascadeInfo=removedRoleActions>0||removedUserActions>0?` Cascaded removal: ${removedRoleActions} role permissions, ${removedUserActions} user permissions.`:"";return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed.${cascadeInfo} Invalidated ${affectedCacheEntries} cache entries.`}}async addCompanyActions(permissionRepo,companyId,actionIds){const existingPermissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIds)},select:["targetId"]});const existingActionIds=new Set(existingPermissions.map(p=>p.targetId));const newActionIds=actionIds.filter(id=>!existingActionIds.has(id));if(newActionIds.length===0){return 0}const newPermissions=newActionIds.map(actionId=>permissionRepo.create({permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:actionId,userId:null}));await permissionRepo.save(newPermissions);return newPermissions.length}async removeCompanyActionsWithCascade(manager,companyId,actionIds){const permissionEntity=this.iamConfigService.isCompanyFeatureEnabled()?UserIamPermissionWithCompany:UserIamPermission;const permissionRepo=manager.getRepository(permissionEntity);const companyResult=await permissionRepo.delete({permissionType:"company_action",sourceType:"company",sourceId:companyId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIds)});const roleEntity=this.iamConfigService.isCompanyFeatureEnabled()?RoleWithCompany:Role;const roleRepo=manager.getRepository(roleEntity);const companyRoles=await roleRepo.find({where:{companyId,deletedAt:(0,import_typeorm9.IsNull)()},select:["id"]});let removedRoleActions=0;let removedUserActions=0;if(companyRoles.length>0){const roleIds=companyRoles.map(role=>role.id);const roleResult=await permissionRepo.delete({permissionType:"role_action",sourceType:"role",sourceId:(0,import_typeorm9.In)(roleIds),targetType:"action",targetId:(0,import_typeorm9.In)(actionIds)});removedRoleActions=roleResult.affected||0}if(this.iamConfigService.isCompanyFeatureEnabled()){const userResult=await permissionRepo.delete({permissionType:"user_action",companyId,targetType:"action",targetId:(0,import_typeorm9.In)(actionIds)});removedUserActions=userResult.affected||0}if(removedRoleActions>0||removedUserActions>0){this.logger.log(`Cascade deleted for company ${companyId}: ${removedRoleActions} role actions, ${removedUserActions} user actions`)}return{removedCompanyActions:companyResult.affected||0,removedRoleActions,removedUserActions}}async getCompanyActions(companyId){const permissionRepo=await this.getPermissionRepository();const actionRepo=await this.getActionRepository();const permissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId}});if(permissions.length===0){return[]}const actionIds=permissions.map(p=>p.targetId);const actions=await actionRepo.find({where:{id:(0,import_typeorm9.In)(actionIds)}});const actionMap=new Map(actions.map(a=>[a.id,a]));return permissions.filter(p=>actionMap.has(p.targetId)).map(p=>{const action=actionMap.get(p.targetId);return{id:p.id,companyId,actionId:action.id,actionCode:action.code??"",actionName:action.name,createdAt:p.createdAt}})}async getCompanyActionIds(companyId){const permissionRepo=await this.getPermissionRepository();const permissions=await permissionRepo.find({where:{permissionType:"company_action",sourceType:"company",sourceId:companyId},select:["targetId"]});return permissions.map(p=>p.targetId)}async assignUserRoles(dto){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const branchId=dto.branchId??null;const companyId=dto.companyId??null;const itemsToAdd=dto.items.filter(item=>item.action==="add");const itemsToRemove=dto.items.filter(item=>item.action==="remove");let added=0;let removed=0;if(itemsToAdd.length>0){const roleIdsToAdd=itemsToAdd.map(item=>item.id);const whereFind={permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:(0,import_typeorm9.In)(roleIdsToAdd)};if(enableCompanyFeature){if(companyId)whereFind.companyId=companyId;if(branchId)whereFind.branchId=branchId}const existingPermissions=await permissionRepo.find({where:whereFind,select:["targetId"]});const existingRoleIds=new Set(existingPermissions.map(p=>p.targetId));const newPermissions=itemsToAdd.filter(item=>!existingRoleIds.has(item.id)).map(item=>({permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:item.id,userId:dto.userId,companyId:enableCompanyFeature?companyId:null,branchId:enableCompanyFeature?branchId:null}));if(newPermissions.length>0){await permissionRepo.save(newPermissions);added=newPermissions.length}}if(itemsToRemove.length>0){const roleIdsToRemove=itemsToRemove.map(item=>item.id);const whereDelete={permissionType:"user_role",sourceType:"user",sourceId:dto.userId,targetType:"role",targetId:(0,import_typeorm9.In)(roleIdsToRemove)};if(enableCompanyFeature){if(companyId)whereDelete.companyId=companyId;if(branchId)whereDelete.branchId=branchId}const result=await permissionRepo.delete(whereDelete);removed=result.affected||0}await this.invalidateUserPermissionCache(dto.userId,branchId,companyId);return{success:true,added,removed,message:`Successfully processed ${dto.items.length} items: ${added} added, ${removed} removed`}}async getUserRoles(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const roleRepo=await this.getRoleRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const where={permissionType:"user_role",sourceType:"user",sourceId:userId};if(enableCompanyFeature){if(companyId){where.companyId=companyId}if(branchId){where.branchId=branchId}else{where.branchId=null}}const permissions=await permissionRepo.find({where});if(permissions.length===0){return[]}const roleIds=permissions.map(p=>p.targetId);const roleWhere={id:(0,import_typeorm9.In)(roleIds)};const roles=await roleRepo.find({where:roleWhere});const roleMap=new Map(roles.map(r=>[r.id,r]));return permissions.filter(p=>roleMap.has(p.targetId)).map(p=>{const role=roleMap.get(p.targetId);const permissionEntity=p;return{id:p.id,userId:p.userId,roleId:role.id,roleName:role.name,branchId:enableCompanyFeature?permissionEntity.branchId??null:null,createdAt:p.createdAt}})}async getMyPermissions(userId,branchId,companyId,parentCodes){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const cacheOptions={userId,companyId,branchId,enableCompanyFeature};const cachedData=await this.permissionCacheService.getMyPermissions(cacheOptions);if(cachedData){return this.buildResponseFromCache(cachedData,parentCodes)}const freshData=await this.fetchAndCachePermissions(userId,branchId,companyId);return this.buildResponseFromCache(freshData,parentCodes)}async buildResponseFromCache(cachedData,parentCodes){let frontendActions=cachedData.frontendActions;if(parentCodes?.length){const parentIds=await this.getParentIdsByCodesWithCache(parentCodes);if(parentIds.size>0){frontendActions=frontendActions.filter(a=>a.parentId&&parentIds.has(a.parentId))}else{frontendActions=[]}}return{frontendActions:frontendActions.map(a=>({id:a.id,code:a.code,name:a.name,description:a.description})),cachedEndpoints:cachedData.backendCodes.length}}async getParentIdsByCodesWithCache(codes){const cachedMap=await this.permissionCacheService.getActionIdsByCodes(codes);if(cachedMap){return new Set(Object.values(cachedMap))}const actionRepo=await this.getActionRepository();const allActions=await actionRepo.find({select:["id","code"]});const fullMap={};for(const action of allActions){if(action.code){fullMap[action.code]=action.id}}await this.permissionCacheService.setActionCodeMap(fullMap);return new Set(codes.map(code=>fullMap[code]).filter(Boolean))}async fetchAndCachePermissions(userId,branchId,companyId){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const permissionMode=this.iamConfigService.getPermissionMode();const cacheOptions={userId,companyId,branchId,enableCompanyFeature};const emptyData={frontendActions:[],backendCodes:[]};const allActionIds=new Set;if(permissionMode===1||permissionMode===3){const userRoleIds=await this.getUserRoleIds(userId,branchId,companyId);if(userRoleIds.length>0){const roleActionIds=await this.getRoleActionIds(userRoleIds);roleActionIds.forEach(id=>allActionIds.add(id))}}if(permissionMode===2||permissionMode===3){const userActionIds=await this.getUserActionIds(userId,branchId,companyId);userActionIds.forEach(id=>allActionIds.add(id))}if(allActionIds.size===0){await this.permissionCacheService.setMyPermissions(cacheOptions,emptyData);return emptyData}if(enableCompanyFeature&&companyId){const companyActionIds=await this.getCompanyActionIds(companyId);if(companyActionIds.length>0){const allowedActionIds=new Set(companyActionIds);for(const actionId of allActionIds){if(!allowedActionIds.has(actionId)){allActionIds.delete(actionId)}}}}if(allActionIds.size===0){await this.permissionCacheService.setMyPermissions(cacheOptions,emptyData);return emptyData}const actionRepo=await this.getActionRepository();const actions=await actionRepo.find({where:{id:(0,import_typeorm9.In)(Array.from(allActionIds))}});const backendActions=actions.filter(a=>a.actionType==="backend"||a.actionType==="both");const frontendActions=actions.filter(a=>a.actionType==="frontend"||a.actionType==="both");const backendCodes=backendActions.map(a=>a.code).filter(c=>!!c);const cacheData={frontendActions:frontendActions.map(a=>({id:a.id,code:a.code??"",name:a.name,description:a.description,parentId:a.parentId})),backendCodes};await Promise.all([this.permissionCacheService.setMyPermissions(cacheOptions,cacheData),this.permissionCacheService.setPermissions(cacheOptions,backendCodes)]);return cacheData}async getUserRoleIds(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(!enableCompanyFeature){const permissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId}});return permissions.map(p=>p.targetId)}const roleIds=new Set;const companyWidePermissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId,branchId:(0,import_typeorm9.IsNull)(),companyId}});companyWidePermissions.forEach(p=>roleIds.add(p.targetId));if(branchId){const branchPermissions=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",sourceId:userId,branchId,companyId}});branchPermissions.forEach(p=>roleIds.add(p.targetId))}return Array.from(roleIds)}async getRoleActionIds(roleIds){const permissionRepo=await this.getPermissionRepository();const permissions=await permissionRepo.find({where:{permissionType:"role_action",sourceType:"role",sourceId:(0,import_typeorm9.In)(roleIds)}});return permissions.map(p=>p.targetId)}async getUserActionIds(userId,branchId,companyId){const permissionRepo=await this.getPermissionRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(!enableCompanyFeature){const permissions=await permissionRepo.find({where:{permissionType:"user_action",sourceType:"user",sourceId:userId}});return permissions.map(p=>p.targetId)}const actionIds=new Set;const companyWideWhere={permissionType:"user_action",sourceType:"user",sourceId:userId,branchId:(0,import_typeorm9.IsNull)()};if(companyId){companyWideWhere.companyId=companyId}const companyWidePermissions=await permissionRepo.find({where:companyWideWhere});companyWidePermissions.forEach(p=>actionIds.add(p.targetId));if(branchId){const branchWhere={permissionType:"user_action",sourceType:"user",sourceId:userId,branchId};if(companyId){branchWhere.companyId=companyId}const branchPermissions=await permissionRepo.find({where:branchWhere});branchPermissions.forEach(p=>actionIds.add(p.targetId))}return Array.from(actionIds)}async invalidateUserPermissionCache(userId,branchId,companyId){const branchIds=branchId!==void 0?[branchId]:[null];await this.permissionCacheService.invalidateUser(userId,companyId,branchIds)}async invalidateRoleMembersCache(roleId){const permissionRepo=await this.getPermissionRepository();const roleRepo=await this.getRoleRepository();const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();const userRoles=await permissionRepo.find({where:{permissionType:"user_role",sourceType:"user",targetType:"role",targetId:roleId}});const userIds=[...new Set(userRoles.map(ur=>ur.sourceId))];if(userIds.length===0){return 0}const role=await roleRepo.findOne({where:{id:roleId}});const companyId=role?.companyId||null;let branchIds=[null];if(enableCompanyFeature&&companyId){const userBranches=await permissionRepo.createQueryBuilder("p").select("DISTINCT p.branch_id","branchId").where("p.user_id IN (:...userIds)",{userIds}).andWhere("p.company_id = :companyId",{companyId}).getRawMany();branchIds=[...new Set(userBranches.map(p=>p.branchId))]}return await this.permissionCacheService.invalidateRole(roleId,userIds,companyId,branchIds)}async invalidateCompanyMembersCache(companyId){if(!this.iamConfigService.isCompanyFeatureEnabled()){return 0}const permissionRepo=await this.getPermissionRepository();const userPermissions=await permissionRepo.createQueryBuilder("p").select("DISTINCT p.user_id","userId").addSelect("p.branch_id","branchId").where("p.company_id = :companyId",{companyId}).andWhere("p.user_id IS NOT NULL").getRawMany();const userIds=[...new Set(userPermissions.map(p=>p.userId).filter(Boolean))];const branchIds=[...new Set(userPermissions.map(p=>p.branchId))];if(userIds.length===0){return 0}return await this.permissionCacheService.invalidateUsers(userIds,companyId,branchIds)}};__name(PermissionService,"PermissionService");PermissionService=__decorateClass([(0,import_common5.Injectable)({scope:import_common5.Scope.REQUEST}),__decorateParam(0,(0,import_common5.Inject)(PermissionEvaluatorHelper)),__decorateParam(1,(0,import_common5.Inject)(PermissionCacheService)),__decorateParam(2,(0,import_common5.Inject)(IAMConfigService)),__decorateParam(3,(0,import_common5.Inject)(IAMDataSourceProvider))],PermissionService);var ActionService=class extends import_classes.RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider,permissionService){super("action",null,cacheManager,utilsService,ActionService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider;this.permissionService=permissionService}logger=new import_common6.Logger(ActionService.name);resolveEntity(){return Action}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,_user){if(!("id"in dto)||!dto.id){return dto}const existingAction=await this.repository.findOne({where:{id:dto.id}});if(!existingAction){throw new import_common6.NotFoundException(`Action with ID ${dto.id} not found`)}return{...existingAction,...dto}}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","code","description","actionType","permissionLogic","isActive","parentId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(action.name LIKE :search OR action.code LIKE :search OR action.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,code:entity.code,actionType:entity.actionType,permissionLogic:entity.permissionLogic,serial:entity.serial,isActive:entity.isActive,parentId:entity.parentId,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}async getActionsForPermission(user){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionsForPermission")}const selectFields=["id","code","name","description","actionType","permissionLogic","isActive","parentId","serial"];const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user.companyId){const companyActionIds=await this.permissionService.getCompanyActionIds(user.companyId);if(companyActionIds.length===0){return[]}const actions2=await this.repository.find({where:{id:(0,import_typeorm10.In)(companyActionIds)},select:selectFields});return actions2.map(action=>this.convertEntityToResponseDto(action,false))}const actions=await this.repository.find({select:selectFields});return actions.map(action=>this.convertEntityToResponseDto(action,false))}async getActionTree(user,search,isActive,withDeleted=false){await this.ensureRepositoryInitialized();if(!user){throw new Error("User is required for getActionTree")}const query=this.repository.createQueryBuilder("action");if(!withDeleted){query.andWhere("action.deletedAt IS NULL")}if(isActive!==void 0){query.andWhere("action.isActive = :isActive",{isActive})}if(search?.trim()){query.andWhere("(action.name LIKE :search OR action.code LIKE :search)",{search:`%${search.trim()}%`})}const actions=await query.orderBy("action.serial","ASC").getMany();return this.buildActionTree(actions)}buildActionTree(actions){if(!actions?.length){return[]}const map=new Map;const rootNodes=[];for(const action of actions){const treeNode={...this.convertEntityToResponseDto(action,false),children:[]};map.set(action.id,treeNode)}for(const action of actions){const node=map.get(action.id);if(!node){continue}if(action.parentId&&map.has(action.parentId)){const parent=map.get(action.parentId);if(parent?.children){parent.children.push(node)}}else{rootNodes.push(node)}}return rootNodes}};__name(ActionService,"ActionService");ActionService=__decorateClass([(0,import_common6.Injectable)({scope:import_common6.Scope.REQUEST}),__decorateParam(0,(0,import_common6.Inject)("CACHE_INSTANCE")),__decorateParam(1,(0,import_common6.Inject)(import_modules2.UtilsService)),__decorateParam(2,(0,import_common6.Inject)(IAMConfigService)),__decorateParam(3,(0,import_common6.Inject)(IAMDataSourceProvider)),__decorateParam(4,(0,import_common6.Inject)(PermissionService))],ActionService);var ActionController=class extends(0,import_nestjs_shared4.createApiController)(CreateActionDto,UpdateActionDto,ActionResponseDto){constructor(actionService){super(actionService);this.actionService=actionService}async getActionsForPermission(user){const actions=await this.actionService.getActionsForPermission(user);return{success:true,message:"Actions retrieved successfully",data:actions}}async getActionTree(query,user){const tree=await this.actionService.getActionTree(user,query.search,query.isActive,query.withDeleted);return{success:true,message:"Action tree retrieved successfully",data:tree}}};__name(ActionController,"ActionController");__decorateClass([(0,import_common7.Get)("tree-for-permission"),(0,import_common7.UseGuards)(import_guards.JwtAuthGuard),(0,import_swagger3.ApiBearerAuth)(),(0,import_swagger3.ApiOperation)({summary:"Get actions for permission assignment",description:"Returns actions available for permission assignment. If company feature enabled, filtered by company whitelist."}),(0,import_swagger3.ApiResponse)({status:200,type:import_nestjs_shared4.SingleResponseDto}),__decorateParam(0,(0,import_nestjs_shared4.CurrentUser)())],ActionController.prototype,"getActionsForPermission",1);__decorateClass([(0,import_common7.Post)("tree"),(0,import_common7.UseGuards)(import_guards.JwtAuthGuard),(0,import_swagger3.ApiBearerAuth)(),(0,import_swagger3.ApiOperation)({summary:"Get actions in hierarchical tree structure",description:"Returns all actions organized in a parent-child tree structure. Supports optional search and filtering."}),(0,import_swagger3.ApiResponse)({status:200,description:"Actions tree retrieved successfully",type:import_nestjs_shared4.SingleResponseDto}),__decorateParam(0,(0,import_common7.Body)()),__decorateParam(1,(0,import_nestjs_shared4.CurrentUser)())],ActionController.prototype,"getActionTree",1);ActionController=__decorateClass([(0,import_swagger3.ApiTags)("IAM - Actions"),(0,import_common7.Controller)("iam/actions"),__decorateParam(0,(0,import_common7.Inject)(ActionService))],ActionController);var import_classes3=require("@flusys/nestjs-shared/classes");var import_common9=require("@nestjs/common");var import_swagger5=require("@nestjs/swagger");var import_swagger4=require("@nestjs/swagger");var import_class_validator3=require("class-validator");var CreateRoleDto=class{static{__name(this,"CreateRoleDto")}name;description;companyId;isActive;serial;metadata};__decorateClass([(0,import_swagger4.ApiProperty)({description:"Role name",example:"Manager"}),(0,import_class_validator3.IsString)(),(0,import_class_validator3.IsNotEmpty)(),(0,import_class_validator3.MaxLength)(255)],CreateRoleDto.prototype,"name",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Role description",example:"Management level access",required:false}),(0,import_class_validator3.IsString)(),(0,import_class_validator3.IsOptional)(),(0,import_class_validator3.MaxLength)(500)],CreateRoleDto.prototype,"description",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Company ID (scope role to specific company) - Only available when company feature is enabled",example:"123e4567-e89b-12d3-a456-426614174000",required:false}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],CreateRoleDto.prototype,"companyId",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Active status",default:true,required:false}),(0,import_class_validator3.IsBoolean)(),(0,import_class_validator3.IsOptional)()],CreateRoleDto.prototype,"isActive",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Display order",required:false}),(0,import_class_validator3.IsInt)(),(0,import_class_validator3.IsOptional)()],CreateRoleDto.prototype,"serial",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Additional metadata",required:false}),(0,import_class_validator3.IsOptional)()],CreateRoleDto.prototype,"metadata",2);var UpdateRoleDto=class extends(0,import_swagger4.PartialType)(CreateRoleDto){static{__name(this,"UpdateRoleDto")}id};__decorateClass([(0,import_swagger4.ApiProperty)({description:"Role ID",example:"123e4567-e89b-12d3-a456-426614174000"}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsNotEmpty)()],UpdateRoleDto.prototype,"id",2);var RoleQueryDto=class{static{__name(this,"RoleQueryDto")}companyId;isActive};__decorateClass([(0,import_swagger4.ApiProperty)({description:"Filter by company ID - Only available when company feature is enabled",required:false}),(0,import_class_validator3.IsUUID)(),(0,import_class_validator3.IsOptional)()],RoleQueryDto.prototype,"companyId",2);__decorateClass([(0,import_swagger4.ApiProperty)({description:"Filter by active status",required:false}),(0,import_class_validator3.IsBoolean)(),(0,import_class_validator3.IsOptional)()],RoleQueryDto.prototype,"isActive",2);var RoleResponseDto=class{static{__name(this,"RoleResponseDto")}id;readOnly;name;description;companyId;isActive;serial;metadata;createdAt;updatedAt;deletedAt;createdById;updatedById;deletedById};__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"id",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"readOnly",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"name",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"description",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"companyId",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"isActive",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"serial",2);__decorateClass([(0,import_swagger4.ApiProperty)({required:false})],RoleResponseDto.prototype,"metadata",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"createdAt",2);__decorateClass([(0,import_swagger4.ApiProperty)()],RoleResponseDto.prototype,"updatedAt",2);__decorateClass([(0,import_swagger4.ApiProperty)({required:false})],RoleResponseDto.prototype,"deletedAt",2);__decorateClass([(0,import_swagger4.ApiProperty)({required:false})],RoleResponseDto.prototype,"createdById",2);__decorateClass([(0,import_swagger4.ApiProperty)({required:false})],RoleResponseDto.prototype,"updatedById",2);__decorateClass([(0,import_swagger4.ApiProperty)({required:false})],RoleResponseDto.prototype,"deletedById",2);var import_classes2=require("@flusys/nestjs-shared/classes");var import_modules3=require("@flusys/nestjs-shared/modules");var import_common8=require("@nestjs/common");init_role_with_company_entity();init_role_entity();var RoleService=class extends import_classes2.RequestScopedApiService{constructor(cacheManager,utilsService,iamConfigService,dataSourceProvider){super("role",null,cacheManager,utilsService,RoleService.name,true);this.cacheManager=cacheManager;this.utilsService=utilsService;this.iamConfigService=iamConfigService;this.dataSourceProvider=dataSourceProvider}logger=new import_common8.Logger(RoleService.name);resolveEntity(){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();return enableCompanyFeature?RoleWithCompany:Role}getDataSourceProvider(){return this.dataSourceProvider}async convertSingleDtoToEntity(dto,user){const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();let role={};let isUpdate=false;if("id"in dto&&dto.id&&typeof dto.id==="string"){const dbData=await this.repository.findOne({where:{id:dto.id}});if(!dbData){throw new import_common8.NotFoundException("Role not found")}role=dbData;isUpdate=true}role={...role,...dto};if(enableCompanyFeature){if(isUpdate){if(dto.companyId!==void 0){role.companyId=dto.companyId}if(!("companyId"in role)||role.companyId===void 0){role.companyId=user?.companyId??null}}else{role.companyId=dto.companyId??user?.companyId??null}}return role}async getSelectQuery(query,_user,select){if(!select||!select.length){select=["id","name","description","isActive","companyId","serial","createdAt"]}const selectFields=select.map(field=>`${this.entityName}.${field}`);query.select(selectFields);return{query,isRaw:false}}async getGlobalSearchQuery(query,search,_user){query.andWhere("(role.name LIKE :search OR role.description LIKE :search)",{search:`%${search}%`});return{query,isRaw:false}}async getExtraManipulateQuery(query,filterDto,user){const result=await super.getExtraManipulateQuery(query,filterDto,user);const enableCompanyFeature=this.iamConfigService.isCompanyFeatureEnabled();if(enableCompanyFeature&&user?.companyId){query.andWhere("role.companyId = :companyId",{companyId:user.companyId})}return result}convertEntityToResponseDto(entity,_isRaw){return{id:entity.id,readOnly:entity.readOnly,name:entity.name,description:entity.description,isActive:entity.isActive,serial:entity.serial,companyId:("companyId"in entity?entity.companyId:null)??null,metadata:entity.metadata,createdAt:entity.createdAt,updatedAt:entity.updatedAt,deletedAt:entity.deletedAt,createdById:entity.createdById,updatedById:entity.updatedById,deletedById:entity.deletedById}}};__name(RoleService,"RoleService");RoleService=__decorateClass([(0,import_common8.Injectable)({scope:import_common8.Scope.REQUEST}),__decorateParam(0,(0,import_common8.Inject)("CACHE_INSTANCE")),__decorateParam(1,(0,import_common8.Inject)(import_modules3.UtilsService)),__decorateParam(2,(0,import_common8.Inject)(IAMConfigService)),__decorateParam(3,(0,import_common8.Inject)(IAMDataSourceProvider))],RoleService);var RoleController=class extends(0,import_classes3.createApiController)(CreateRoleDto,UpdateRoleDto,RoleResponseDto,{security:"jwt"}){constructor(roleService){super(roleService);this.roleService=roleService}};__name(RoleController,"RoleController");RoleController=__decorateClass([(0,import_swagger5.ApiTags)("IAM - Roles"),(0,import_common9.Controller)("iam/roles"),__decorateParam(0,(0,import_common9.Inject)(RoleService))],RoleController);var import_nestjs_shared5=require("@flusys/nestjs-shared");var import_common10=require("@nestjs/common");var import_swagger6=require("@nestjs/swagger");var CompanyActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignCompanyActions(dto){return this.permissionService.assignCompanyActions(dto)}async getCompanyActions(companyId,query){const actions=await this.permissionService.getCompanyActions(companyId);return{success:true,message:"Company actions retrieved successfully",data:actions}}};__name(CompanyActionPermissionController,"CompanyActionPermissionController");__decorateClass([(0,import_common10.Post)("company-actions/assign"),(0,import_swagger6.ApiOperation)({summary:"Whitelist actions for company",description:"Controls which actions are available to company users/roles."}),(0,import_swagger6.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common10.Body)())],CompanyActionPermissionController.prototype,"assignCompanyActions",1);__decorateClass([(0,import_common10.Get)("company-actions/:companyId"),(0,import_swagger6.ApiOperation)({summary:"Get company whitelisted actions",description:"Returns actions available to company."}),(0,import_swagger6.ApiResponse)({status:200,type:import_nestjs_shared5.SingleResponseDto}),__decorateParam(0,(0,import_common10.Param)("companyId")),__decorateParam(1,(0,import_common10.Query)())],CompanyActionPermissionController.prototype,"getCompanyActions",1);CompanyActionPermissionController=__decorateClass([(0,import_swagger6.ApiTags)("IAM - Company Action Permissions"),(0,import_common10.Controller)("iam/permissions"),(0,import_common10.UseGuards)(import_nestjs_shared5.JwtAuthGuard),(0,import_swagger6.ApiBearerAuth)(),__decorateParam(0,(0,import_common10.Inject)(PermissionService))],CompanyActionPermissionController);var import_nestjs_shared6=require("@flusys/nestjs-shared");var import_guards2=require("@flusys/nestjs-shared/guards");var import_common11=require("@nestjs/common");var import_swagger7=require("@nestjs/swagger");var MyPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async getMyPermissions(query,user){return this.permissionService.getMyPermissions(user.id,user.branchId??null,user.companyId??null,query.parentCodes)}};__name(MyPermissionController,"MyPermissionController");__decorateClass([(0,import_common11.Post)("my-permissions"),(0,import_swagger7.ApiOperation)({summary:"Get current user permissions",description:"Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes."}),(0,import_swagger7.ApiResponse)({status:200,type:MyPermissionsResponseDto}),(0,import_swagger7.ApiResponse)({status:401,description:"Unauthorized"}),__decorateParam(0,(0,import_common11.Body)()),__decorateParam(1,(0,import_nestjs_shared6.CurrentUser)())],MyPermissionController.prototype,"getMyPermissions",1);MyPermissionController=__decorateClass([(0,import_swagger7.ApiTags)("IAM - My Permissions"),(0,import_common11.Controller)("iam/permissions"),(0,import_common11.UseGuards)(import_guards2.JwtAuthGuard),(0,import_swagger7.ApiBearerAuth)(),__decorateParam(0,(0,import_common11.Inject)(PermissionService))],MyPermissionController);var import_nestjs_shared7=require("@flusys/nestjs-shared");var import_common12=require("@nestjs/common");var import_swagger8=require("@nestjs/swagger");var RolePermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignRoleActions(dto){return this.permissionService.assignRoleActions(dto)}async getRoleActions(roleId,query){const actions=await this.permissionService.getRoleActions(roleId);return{success:true,message:"Role actions retrieved successfully",data:actions}}async assignUserRoles(dto){return this.permissionService.assignUserRoles(dto)}async getUserRoles(userId,query){const roles=await this.permissionService.getUserRoles(userId,query.branchId,query.companyId);return{success:true,message:"User roles retrieved successfully",data:roles}}};__name(RolePermissionController,"RolePermissionController");__decorateClass([(0,import_common12.Post)("role-actions/assign"),(0,import_swagger8.ApiOperation)({summary:"Assign/remove actions to/from role",description:"RBAC mode. No branch scoping."}),(0,import_swagger8.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common12.Body)())],RolePermissionController.prototype,"assignRoleActions",1);__decorateClass([(0,import_common12.Get)("role-actions/:roleId"),(0,import_swagger8.ApiOperation)({summary:"Get role actions",description:"Returns actions assigned to role."}),(0,import_swagger8.ApiResponse)({status:200,type:import_nestjs_shared7.SingleResponseDto}),__decorateParam(0,(0,import_common12.Param)("roleId")),__decorateParam(1,(0,import_common12.Query)())],RolePermissionController.prototype,"getRoleActions",1);__decorateClass([(0,import_common12.Post)("user-roles/assign"),(0,import_swagger8.ApiOperation)({summary:"Assign/remove roles to/from user",description:"RBAC mode. If company feature enabled, branchId is required."}),(0,import_swagger8.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common12.Body)())],RolePermissionController.prototype,"assignUserRoles",1);__decorateClass([(0,import_common12.Get)("user-roles/:userId"),(0,import_swagger8.ApiOperation)({summary:"Get user roles",description:"Returns roles assigned to user. Filter by companyId and branchId."}),(0,import_swagger8.ApiResponse)({status:200,type:import_nestjs_shared7.SingleResponseDto}),__decorateParam(0,(0,import_common12.Param)("userId")),__decorateParam(1,(0,import_common12.Query)())],RolePermissionController.prototype,"getUserRoles",1);RolePermissionController=__decorateClass([(0,import_swagger8.ApiTags)("IAM - Role Permissions"),(0,import_common12.Controller)("iam/permissions"),(0,import_common12.UseGuards)(import_nestjs_shared7.JwtAuthGuard),(0,import_swagger8.ApiBearerAuth)(),__decorateParam(0,(0,import_common12.Inject)(PermissionService))],RolePermissionController);var import_nestjs_shared8=require("@flusys/nestjs-shared");var import_common13=require("@nestjs/common");var import_swagger9=require("@nestjs/swagger");var UserActionPermissionController=class{constructor(permissionService){this.permissionService=permissionService}async assignUserActions(dto){return this.permissionService.assignUserActions(dto)}async getUserActions(userId,query){const actions=await this.permissionService.getUserActions(userId,query.branchId,query.companyId);return{success:true,message:"User actions retrieved successfully",data:actions}}};__name(UserActionPermissionController,"UserActionPermissionController");__decorateClass([(0,import_common13.Post)("user-actions/assign"),(0,import_swagger9.ApiOperation)({summary:"Assign/remove actions to/from user",description:"Direct permissions. If company feature enabled, branchId is required."}),(0,import_swagger9.ApiResponse)({status:200,type:PermissionOperationResultDto}),__decorateParam(0,(0,import_common13.Body)())],UserActionPermissionController.prototype,"assignUserActions",1);__decorateClass([(0,import_common13.Get)("user-actions/:userId"),(0,import_swagger9.ApiOperation)({summary:"Get user direct actions",description:"Returns direct action permissions for user. Filter by companyId and branchId."}),(0,import_swagger9.ApiResponse)({status:200,type:import_nestjs_shared8.SingleResponseDto}),__decorateParam(0,(0,import_common13.Param)("userId")),__decorateParam(1,(0,import_common13.Query)())],UserActionPermissionController.prototype,"getUserActions",1);UserActionPermissionController=__decorateClass([(0,import_swagger9.ApiTags)("IAM - User Action Permissions"),(0,import_common13.Controller)("iam/permissions"),(0,import_common13.UseGuards)(import_nestjs_shared8.JwtAuthGuard),(0,import_swagger9.ApiBearerAuth)(),__decorateParam(0,(0,import_common13.Inject)(PermissionService))],UserActionPermissionController);init_permission_type_enum();var AUTH_RELATED_TAGS=["Authentication","Users","Companies","Branches","User Permissions","Company Selection"];function iamSwaggerConfig(enableCompanyFeature=false,permissionMode=3){const excludeSchemaProperties=enableCompanyFeature?[]:[{schemaName:"AssignUserActionsDto",properties:["companyId","branchId"]},{schemaName:"AssignUserRolesDto",properties:["companyId","branchId"]},{schemaName:"GetUserActionsDto",properties:["companyId","branchId"]},{schemaName:"GetUserRolesDto",properties:["companyId","branchId"]},{schemaName:"UserActionResponseDto",properties:["branchId"]},{schemaName:"UserRoleResponseDto",properties:["branchId"]},{schemaName:"AssignCompanyActionsDto",properties:["companyId"]},{schemaName:"CompanyActionResponseDto",properties:["companyId"]}];const excludeQueryParameters=enableCompanyFeature?[]:[{pathPattern:"/iam/permissions/user-actions/*",method:"get",parameters:["companyId","branchId"]},{pathPattern:"/iam/permissions/user-roles/*",method:"get",parameters:["companyId","branchId"]}];const excludeTags=[...AUTH_RELATED_TAGS];if(!enableCompanyFeature){excludeTags.push("IAM - Company Action Permissions")}if(permissionMode===1){excludeTags.push("IAM - Permissions (Direct)")}else if(permissionMode===2){excludeTags.push("IAM - Permissions (RBAC)");excludeTags.push("IAM - Roles")}return{title:"IAM API",description:`
-## Identity & Access Management API
-Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
-### Current Configuration
-- **Permission Mode**: ${permissionMode===1?"**RBAC** (Role-Based Access Control)":permissionMode===2?"**DIRECT** (Direct User Permissions)":"**FULL** (RBAC + Direct)"}${enableCompanyFeature?"\n- **Company Feature**: Enabled (Multi-tenant with company/branch scoping)":"\n- **Company Feature**: Disabled"}
-### Features Based on Mode
-${permissionMode===1||permissionMode===3?`#### RBAC Features (Active)
-- **Roles**: Create company-scoped roles${enableCompanyFeature?" (auto-filtered by user company)":""}
-- **Role-Actions**: Assign actions to roles
-- **User-Roles**: Assign roles to users${enableCompanyFeature?" at branch level":""}
-`:""}${permissionMode===2||permissionMode===3?`#### Direct Permission Features (Active)
-- **User-Actions**: Direct action assignment to users${enableCompanyFeature?" at branch level":""}
-`:""}${enableCompanyFeature?`#### Company Features (Active)
-- **Company-Action Whitelist**: Control which actions are available per company
-- **Branch-Based Scoping**: Permissions scoped to specific branches
-- **Auto-Filtering**: Roles automatically filtered by user's company
-- **Action Tree Filtering**: Available actions filtered by company whitelist
-`:""}
-### Core Concepts
-#### Actions
-Represent permissions in the system. Can be hierarchical.
-**Action Types:**
-- \`menu\` - Menu visibility (actions with type='menu' are used as menus)
-- \`endpoint\` - API endpoint access
-- \`frontend\` - Frontend feature toggles
-${permissionMode===1||permissionMode===3?`
-#### Roles
-Collections of actions that can be assigned to users.${enableCompanyFeature?" Scoped to companies.":" Global across the system."}
-`:""}${enableCompanyFeature?`
-#### Company-Action Whitelist
-Controls which actions are available to a company. Users/roles can only use whitelisted actions.
-**Flow:**
-1. Admin assigns actions to company (whitelist)
-2. Only whitelisted actions appear in permission assignment UIs
-3. Users/roles cannot be assigned non-whitelisted actions
-`:""}
-### Permission Resolution
-${permissionMode===3?`1. **Company-Action Whitelist** - Filter by company (if enabled)
-2. **UserAction (DENY)** - Explicit denials take precedence
-3. **UserAction (GRANT)** - Direct user grants
-4. **UserRole \u2192 RoleAction** - Inherited from assigned roles
-5. **Action Permission Logic** - Complex AND/OR rules`:permissionMode===1?`1. **Company-Action Whitelist** - Filter by company (if enabled)
-2. **UserRole \u2192 RoleAction** - Actions inherited from roles
-3. **Action Permission Logic** - Complex AND/OR rules`:`1. **Company-Action Whitelist** - Filter by company (if enabled)
-2. **UserAction (DENY)** - Explicit denials take precedence
-3. **UserAction (GRANT)** - Direct user grants
-4. **Action Permission Logic** - Complex AND/OR rules`}
-### API Endpoints Summary
-#### Available Endpoints
-- \u2705 **Actions**: CRUD operations, tree view${enableCompanyFeature?", filtered tree for permissions":""}${permissionMode===1||permissionMode===3?`
-- \u2705 **Roles**: CRUD operations${enableCompanyFeature?" (auto-filtered by company)":""}
-- \u2705 **Role-Actions**: Assign actions to roles, get role actions
-- \u2705 **User-Roles**: Assign roles to users, get user roles`:`
-- \u274C **Roles**: Disabled (RBAC mode not active)`}${permissionMode===2||permissionMode===3?`
-- \u2705 **User-Actions**: Direct action assignment to users`:`
-- \u274C **User-Actions**: Disabled (DIRECT mode not active)`}${enableCompanyFeature?`
-- \u2705 **Company-Actions**: Whitelist actions for companies`:`
-- \u274C **Company-Actions**: Disabled (company feature not enabled)`}
-- \u2705 **My Permissions**: Get current user's complete permissions (includes menu-type actions)
-### Best Practices
-1. **Action Codes**: Use meaningful codes like \`user.create\`, \`order.view\`
-2. **Hierarchical Actions**: Group related actions (use parentId for hierarchy)${permissionMode===1||permissionMode===3?`
-3. **Role Design**: Create roles for common permission patterns`:""}${permissionMode===2||permissionMode===3?`
-${permissionMode===3?"4":"3"}. **Direct Actions**: Use sparingly for exceptions`:""}${enableCompanyFeature?`
-${permissionMode===3?"5":"4"}. **Company Whitelisting**: Set up action whitelist before assigning permissions
-${permissionMode===3?"6":"5"}. **Branch Scoping**: Use branches for location-based access control`:""}
-  `,version:"1.0",path:"api/docs/iam",bearerAuth:true,excludeSchemaProperties,excludeTags,excludeQueryParameters}}__name(iamSwaggerConfig,"iamSwaggerConfig");init_entities();init_enums();var import_modules4=require("@flusys/nestjs-shared/modules");var import_common14=require("@nestjs/common");var import_typeorm11=require("@nestjs/typeorm");init_entities();init_permission_type_enum();var IAMModule=class{static getControllers(permissionMode,enableCompanyFeature){const baseControllers=[ActionController,MyPermissionController];if(permissionMode===2){baseControllers.push(UserActionPermissionController)}if(permissionMode===1){baseControllers.push(RoleController);baseControllers.push(RolePermissionController)}if(permissionMode===3){baseControllers.push(RoleController);baseControllers.push(UserActionPermissionController);baseControllers.push(RolePermissionController)}if(enableCompanyFeature){baseControllers.push(CompanyActionPermissionController)}return baseControllers}static getEntities(permissionMode,enableCompanyFeature){const entities=[];entities.push(Action);if(enableCompanyFeature){entities.push(UserIamPermissionWithCompany)}else{entities.push(UserIamPermission)}if(permissionMode===1||permissionMode===3){if(enableCompanyFeature){entities.push(RoleWithCompany)}else{entities.push(Role)}}return entities}static getServices(permissionMode){const services=[ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper];if(permissionMode===1||permissionMode===3){services.push(RoleService)}return services}static getRepositoryProviders(permissionMode,enableCompanyFeature){const entities=this.getEntities(permissionMode,enableCompanyFeature);return entities.map(entity=>({provide:(0,import_typeorm11.getRepositoryToken)(entity),scope:import_common14.Scope.REQUEST,useFactory:__name(async dataSourceProvider=>{return await dataSourceProvider.getRepository(entity)},"useFactory"),inject:[IAMDataSourceProvider]}))}static forRoot(options={}){const{global=false,includeController=false}=options;const databaseMode=options.bootstrapAppConfig?.databaseMode;const enableCompanyFeature=options.bootstrapAppConfig?.enableCompanyFeature??false;const permissionMode=PermissionModeHelper.fromString(options.bootstrapAppConfig?.permissionMode);const isMultiTenant=databaseMode==="multi-tenant";const entities=this.getEntities(permissionMode,enableCompanyFeature);const controllers=includeController?this.getControllers(permissionMode,enableCompanyFeature):[];const providers=[{provide:IAM_MODULE_OPTIONS,useValue:options},IAMConfigService,IAMDataSourceProvider,...this.getServices(permissionMode)];const imports=[import_modules4.CacheModule,import_modules4.UtilsModule];const module2={module:IAMModule,imports,controllers,providers,exports:[IAMConfigService,IAMDataSourceProvider,ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper,...permissionMode===1||permissionMode===3?[RoleService]:[]]};if(global){return{...module2,global:true}}return module2}static forRootAsync(asyncOptions){const{global=false,includeController=false,imports:externalImports=[]}=asyncOptions;const databaseMode=asyncOptions.bootstrapAppConfig?.databaseMode;const enableCompanyFeature=asyncOptions.bootstrapAppConfig?.enableCompanyFeature??false;const permissionMode=PermissionModeHelper.fromString(asyncOptions.bootstrapAppConfig?.permissionMode);const isMultiTenant=databaseMode==="multi-tenant";const entities=this.getEntities(permissionMode,enableCompanyFeature);const controllers=includeController?this.getControllers(permissionMode,enableCompanyFeature):[];const asyncProviders=this.createAsyncProviders(asyncOptions);const providers=[...asyncProviders,IAMConfigService,IAMDataSourceProvider,...this.getServices(permissionMode)];const imports=[...externalImports,import_modules4.CacheModule,import_modules4.UtilsModule];const module2={module:IAMModule,imports,controllers,providers,exports:[IAMConfigService,IAMDataSourceProvider,ActionService,PermissionService,PermissionCacheService,PermissionEvaluatorHelper,...permissionMode===1||permissionMode===3?[RoleService]:[]]};if(global){return{...module2,global:true}}return module2}static createAsyncProviders(options){if(options.useExisting||options.useFactory){return[this.createAsyncOptionsProvider(options)]}const useClass=options.useClass;return[this.createAsyncOptionsProvider(options),{provide:useClass,useClass}]}static createAsyncOptionsProvider(options){if(options.useFactory){return{provide:IAM_MODULE_OPTIONS,useFactory:options.useFactory,inject:options.inject||[]}}const inject=[options.useClass||options.useExisting];return{provide:IAM_MODULE_OPTIONS,useFactory:__name(async optionsFactory=>optionsFactory.createIAMOptions(),"useFactory"),inject}}static forFeature(options={}){return this.forRoot(options)}};__name(IAMModule,"IAMModule");IAMModule=__decorateClass([(0,import_common14.Module)({})],IAMModule);var LogicOperator=(LogicOperator2=>{LogicOperator2["AND"]="AND";LogicOperator2["OR"]="OR";return LogicOperator2})(LogicOperator||{});var LogicNodeType=(LogicNodeType2=>{LogicNodeType2["GROUP"]="group";LogicNodeType2["ACTION"]="action";return LogicNodeType2})(LogicNodeType||{});0&&(module.exports={Action,ActionBase,ActionController,ActionQueryDto,ActionResponseDto,ActionService,ActionTreeDto,ActionTreeQueryDto,ActionType,AssignCompanyActionsDto,AssignRoleActionsDto,AssignUserActionsDto,AssignUserRolesDto,CompanyActionPermissionController,CompanyActionResponseDto,CreateActionDto,CreateRoleDto,FrontendActionDto,GetCompanyActionsDto,GetRoleActionsDto,GetUserActionsDto,GetUserRolesDto,IAMAllEntities,IAMCompanyEntities,IAMConfigService,IAMCoreEntities,IAMDataSourceProvider,IAMModule,IAMPermissionMode,IAM_MODULE_OPTIONS,IamEntityType,IamPermissionType,LogicNodeType,LogicOperator,MyPermissionController,MyPermissionsQueryDto,MyPermissionsResponseDto,PermissionAction,PermissionBase,PermissionCacheService,PermissionEvaluatorHelper,PermissionItemDto,PermissionModeHelper,PermissionOperationResultDto,PermissionService,Role,RoleActionResponseDto,RoleBase,RoleController,RolePermissionController,RoleQueryDto,RoleResponseDto,RoleService,RoleWithCompany,UpdateActionDto,UpdateRoleDto,UserActionPermissionController,UserActionResponseDto,UserIamPermission,UserIamPermissionWithCompany,UserRoleResponseDto,getIAMEntitiesByConfig,iamSwaggerConfig});
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+_export_star(require("./config"), exports);
+_export_star(require("./controllers"), exports);
+_export_star(require("./docs"), exports);
+_export_star(require("./dtos"), exports);
+_export_star(require("./entities"), exports);
+_export_star(require("./enums"), exports);
+_export_star(require("./helpers"), exports);
+_export_star(require("./interfaces"), exports);
+_export_star(require("./modules"), exports);
+_export_star(require("./services"), exports);
+_export_star(require("./types"), exports);
+function _export_star(from, to) {
+    Object.keys(from).forEach(function(k) {
+        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
+            Object.defineProperty(to, k, {
+                enumerable: true,
+                get: function() {
+                    return from[k];
+                }
+            });
+        }
+    });
+    return from;
+}

package/cjs/interfaces/action.interface.js ADDED Viewed

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});

package/cjs/interfaces/iam-module-async-options.interface.js ADDED Viewed

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});

package/cjs/interfaces/iam-module-options.interface.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+_export_star(require("./iam-module-async-options.interface"), exports);
+function _export_star(from, to) {
+    Object.keys(from).forEach(function(k) {
+        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
+            Object.defineProperty(to, k, {
+                enumerable: true,
+                get: function() {
+                    return from[k];
+                }
+            });
+        }
+    });
+    return from;
+}

package/cjs/interfaces/index.js ADDED Viewed

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+_export_star(require("./action.interface"), exports);
+_export_star(require("./role.interface"), exports);
+_export_star(require("./iam-module-options.interface"), exports);
+_export_star(require("./iam-module-async-options.interface"), exports);
+function _export_star(from, to) {
+    Object.keys(from).forEach(function(k) {
+        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
+            Object.defineProperty(to, k, {
+                enumerable: true,
+                get: function() {
+                    return from[k];
+                }
+            });
+        }
+    });
+    return from;
+}

package/cjs/interfaces/role.interface.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Role Interface
+ * Represents a role entity in responses
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});