@flusys/nestjs-iam 1.0.0-beta → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +284 -113
- package/cjs/controllers/action.controller.js +45 -2
- package/cjs/controllers/company-action-permission.controller.js +16 -10
- package/cjs/controllers/my-permission.controller.js +7 -3
- package/cjs/controllers/role-permission.controller.js +35 -17
- package/cjs/controllers/role.controller.js +46 -3
- package/cjs/controllers/user-action-permission.controller.js +26 -11
- package/cjs/dtos/action.dto.js +0 -27
- package/cjs/dtos/permission.dto.js +117 -27
- package/cjs/dtos/role.dto.js +0 -27
- package/cjs/entities/action-base.entity.js +3 -3
- package/cjs/entities/permission-base.entity.js +6 -18
- package/cjs/helpers/company-access.helper.js +19 -0
- package/cjs/helpers/index.js +1 -1
- package/cjs/interfaces/iam-module-options.interface.js +0 -14
- package/cjs/interfaces/index.js +0 -1
- package/cjs/modules/iam.module.js +50 -102
- package/cjs/services/action.service.js +30 -41
- package/cjs/services/iam-config.service.js +2 -5
- package/cjs/services/{iam-datasource.provider.js → iam-datasource.service.js} +33 -36
- package/cjs/services/index.js +1 -1
- package/cjs/services/permission-cache.service.js +31 -61
- package/cjs/services/permission.service.js +160 -188
- package/cjs/services/role.service.js +8 -8
- package/cjs/types/logic-node.type.js +0 -24
- package/controllers/company-action-permission.controller.d.ts +3 -3
- package/controllers/my-permission.controller.d.ts +2 -2
- package/controllers/role-permission.controller.d.ts +7 -5
- package/controllers/user-action-permission.controller.d.ts +6 -4
- package/dtos/action.dto.d.ts +0 -7
- package/dtos/permission.dto.d.ts +4 -0
- package/dtos/role.dto.d.ts +0 -7
- package/entities/permission-base.entity.d.ts +3 -7
- package/fesm/controllers/action.controller.js +47 -4
- package/fesm/controllers/company-action-permission.controller.js +18 -12
- package/fesm/controllers/index.js +1 -1
- package/fesm/controllers/my-permission.controller.js +7 -3
- package/fesm/controllers/role-permission.controller.js +37 -19
- package/fesm/controllers/role.controller.js +45 -2
- package/fesm/controllers/user-action-permission.controller.js +28 -13
- package/fesm/dtos/action.dto.js +0 -24
- package/fesm/dtos/permission.dto.js +117 -29
- package/fesm/dtos/role.dto.js +0 -24
- package/fesm/entities/action-base.entity.js +3 -3
- package/fesm/entities/permission-base.entity.js +6 -18
- package/fesm/helpers/company-access.helper.js +14 -0
- package/fesm/helpers/index.js +1 -1
- package/fesm/interfaces/iam-module-options.interface.js +3 -1
- package/fesm/interfaces/index.js +0 -1
- package/fesm/modules/iam.module.js +52 -104
- package/fesm/services/action.service.js +32 -43
- package/fesm/services/iam-config.service.js +2 -5
- package/fesm/services/{iam-datasource.provider.js → iam-datasource.service.js} +31 -34
- package/fesm/services/index.js +1 -1
- package/fesm/services/permission-cache.service.js +31 -61
- package/fesm/services/permission.service.js +161 -189
- package/fesm/services/role.service.js +8 -8
- package/fesm/types/logic-node.type.js +1 -10
- package/helpers/company-access.helper.d.ts +3 -0
- package/helpers/index.d.ts +1 -1
- package/interfaces/iam-module-options.interface.d.ts +9 -1
- package/interfaces/index.d.ts +0 -1
- package/modules/iam.module.d.ts +2 -2
- package/package.json +3 -3
- package/services/action.service.d.ts +6 -4
- package/services/iam-config.service.d.ts +2 -2
- package/services/{iam-datasource.provider.d.ts → iam-datasource.service.d.ts} +4 -5
- package/services/index.d.ts +1 -1
- package/services/permission-cache.service.d.ts +4 -6
- package/services/permission.service.d.ts +8 -4
- package/services/role.service.d.ts +3 -3
- package/types/logic-node.type.d.ts +0 -8
- package/cjs/helpers/permission-evaluator.helper.js +0 -175
- package/cjs/interfaces/iam-module-async-options.interface.js +0 -4
- package/fesm/helpers/permission-evaluator.helper.js +0 -165
- package/fesm/interfaces/iam-module-async-options.interface.js +0 -3
- package/helpers/permission-evaluator.helper.d.ts +0 -26
- package/interfaces/iam-module-async-options.interface.d.ts +0 -11
|
@@ -41,18 +41,17 @@ function _ts_param(paramIndex, decorator) {
|
|
|
41
41
|
};
|
|
42
42
|
}
|
|
43
43
|
let CompanyActionPermissionController = class CompanyActionPermissionController {
|
|
44
|
-
async assignCompanyActions(dto) {
|
|
44
|
+
async assignCompanyActions(dto, user) {
|
|
45
45
|
return this.permissionService.assignCompanyActions(dto);
|
|
46
46
|
}
|
|
47
|
-
async getCompanyActions(
|
|
48
|
-
const actions = await this.permissionService.getCompanyActions(companyId);
|
|
47
|
+
async getCompanyActions(dto, user) {
|
|
48
|
+
const actions = await this.permissionService.getCompanyActions(dto.companyId);
|
|
49
49
|
return {
|
|
50
50
|
success: true,
|
|
51
51
|
message: 'Company actions retrieved successfully',
|
|
52
52
|
data: actions
|
|
53
53
|
};
|
|
54
54
|
}
|
|
55
|
-
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
56
55
|
constructor(permissionService){
|
|
57
56
|
_define_property(this, "permissionService", void 0);
|
|
58
57
|
this.permissionService = permissionService;
|
|
@@ -60,6 +59,7 @@ let CompanyActionPermissionController = class CompanyActionPermissionController
|
|
|
60
59
|
};
|
|
61
60
|
_ts_decorate([
|
|
62
61
|
(0, _common.Post)('company-actions/assign'),
|
|
62
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.COMPANY_ACTION_PERMISSIONS.ASSIGN),
|
|
63
63
|
(0, _swagger.ApiOperation)({
|
|
64
64
|
summary: 'Whitelist actions for company',
|
|
65
65
|
description: 'Controls which actions are available to company users/roles.'
|
|
@@ -72,14 +72,17 @@ _ts_decorate([
|
|
|
72
72
|
type: _permissiondto.AssignCompanyActionsDto
|
|
73
73
|
}),
|
|
74
74
|
_ts_param(0, (0, _common.Body)()),
|
|
75
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
75
76
|
_ts_metadata("design:type", Function),
|
|
76
77
|
_ts_metadata("design:paramtypes", [
|
|
77
|
-
typeof _permissiondto.AssignCompanyActionsDto === "undefined" ? Object : _permissiondto.AssignCompanyActionsDto
|
|
78
|
+
typeof _permissiondto.AssignCompanyActionsDto === "undefined" ? Object : _permissiondto.AssignCompanyActionsDto,
|
|
79
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
78
80
|
]),
|
|
79
81
|
_ts_metadata("design:returntype", Promise)
|
|
80
82
|
], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
|
|
81
83
|
_ts_decorate([
|
|
82
|
-
(0, _common.
|
|
84
|
+
(0, _common.Post)('get-company-actions'),
|
|
85
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.COMPANY_ACTION_PERMISSIONS.READ),
|
|
83
86
|
(0, _swagger.ApiOperation)({
|
|
84
87
|
summary: 'Get company whitelisted actions',
|
|
85
88
|
description: 'Returns actions available to company.'
|
|
@@ -88,12 +91,15 @@ _ts_decorate([
|
|
|
88
91
|
status: 200,
|
|
89
92
|
type: _nestjsshared.SingleResponseDto
|
|
90
93
|
}),
|
|
91
|
-
|
|
92
|
-
|
|
94
|
+
(0, _swagger.ApiBody)({
|
|
95
|
+
type: _permissiondto.GetCompanyActionsDto
|
|
96
|
+
}),
|
|
97
|
+
_ts_param(0, (0, _common.Body)()),
|
|
98
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
93
99
|
_ts_metadata("design:type", Function),
|
|
94
100
|
_ts_metadata("design:paramtypes", [
|
|
95
|
-
|
|
96
|
-
typeof
|
|
101
|
+
typeof _permissiondto.GetCompanyActionsDto === "undefined" ? Object : _permissiondto.GetCompanyActionsDto,
|
|
102
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
97
103
|
]),
|
|
98
104
|
_ts_metadata("design:returntype", Promise)
|
|
99
105
|
], CompanyActionPermissionController.prototype, "getCompanyActions", null);
|
|
@@ -9,7 +9,6 @@ Object.defineProperty(exports, "MyPermissionController", {
|
|
|
9
9
|
}
|
|
10
10
|
});
|
|
11
11
|
const _nestjsshared = require("@flusys/nestjs-shared");
|
|
12
|
-
const _guards = require("@flusys/nestjs-shared/guards");
|
|
13
12
|
const _common = require("@nestjs/common");
|
|
14
13
|
const _swagger = require("@nestjs/swagger");
|
|
15
14
|
const _permissiondto = require("../dtos/permission.dto");
|
|
@@ -43,7 +42,12 @@ function _ts_param(paramIndex, decorator) {
|
|
|
43
42
|
}
|
|
44
43
|
let MyPermissionController = class MyPermissionController {
|
|
45
44
|
async getMyPermissions(query, user) {
|
|
46
|
-
|
|
45
|
+
const data = await this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
|
|
46
|
+
return {
|
|
47
|
+
success: true,
|
|
48
|
+
message: 'Permissions loaded successfully',
|
|
49
|
+
data
|
|
50
|
+
};
|
|
47
51
|
}
|
|
48
52
|
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
49
53
|
constructor(permissionService){
|
|
@@ -80,7 +84,7 @@ _ts_decorate([
|
|
|
80
84
|
MyPermissionController = _ts_decorate([
|
|
81
85
|
(0, _swagger.ApiTags)('IAM - My Permissions'),
|
|
82
86
|
(0, _common.Controller)('iam/permissions'),
|
|
83
|
-
(0, _common.UseGuards)(
|
|
87
|
+
(0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
|
|
84
88
|
(0, _swagger.ApiBearerAuth)(),
|
|
85
89
|
_ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
|
|
86
90
|
_ts_metadata("design:type", Function),
|
|
@@ -12,7 +12,9 @@ const _nestjsshared = require("@flusys/nestjs-shared");
|
|
|
12
12
|
const _common = require("@nestjs/common");
|
|
13
13
|
const _swagger = require("@nestjs/swagger");
|
|
14
14
|
const _permissiondto = require("../dtos/permission.dto");
|
|
15
|
+
const _helpers = require("../helpers");
|
|
15
16
|
const _permissionservice = require("../services/permission.service");
|
|
17
|
+
const _iamconfigservice = require("../services/iam-config.service");
|
|
16
18
|
function _define_property(obj, key, value) {
|
|
17
19
|
if (key in obj) {
|
|
18
20
|
Object.defineProperty(obj, key, {
|
|
@@ -44,19 +46,21 @@ let RolePermissionController = class RolePermissionController {
|
|
|
44
46
|
async assignRoleActions(dto) {
|
|
45
47
|
return this.permissionService.assignRoleActions(dto);
|
|
46
48
|
}
|
|
47
|
-
async getRoleActions(
|
|
48
|
-
const actions = await this.permissionService.getRoleActions(roleId);
|
|
49
|
+
async getRoleActions(dto) {
|
|
50
|
+
const actions = await this.permissionService.getRoleActions(dto.roleId);
|
|
49
51
|
return {
|
|
50
52
|
success: true,
|
|
51
53
|
message: 'Role actions retrieved successfully',
|
|
52
54
|
data: actions
|
|
53
55
|
};
|
|
54
56
|
}
|
|
55
|
-
async assignUserRoles(dto) {
|
|
57
|
+
async assignUserRoles(dto, user) {
|
|
58
|
+
(0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
|
|
56
59
|
return this.permissionService.assignUserRoles(dto);
|
|
57
60
|
}
|
|
58
|
-
async getUserRoles(
|
|
59
|
-
|
|
61
|
+
async getUserRoles(dto, user) {
|
|
62
|
+
(0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
|
|
63
|
+
const roles = await this.permissionService.getUserRoles(dto.userId, dto.branchId, dto.companyId);
|
|
60
64
|
return {
|
|
61
65
|
success: true,
|
|
62
66
|
message: 'User roles retrieved successfully',
|
|
@@ -64,13 +68,16 @@ let RolePermissionController = class RolePermissionController {
|
|
|
64
68
|
};
|
|
65
69
|
}
|
|
66
70
|
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
67
|
-
constructor(permissionService){
|
|
71
|
+
constructor(permissionService, config){
|
|
68
72
|
_define_property(this, "permissionService", void 0);
|
|
73
|
+
_define_property(this, "config", void 0);
|
|
69
74
|
this.permissionService = permissionService;
|
|
75
|
+
this.config = config;
|
|
70
76
|
}
|
|
71
77
|
};
|
|
72
78
|
_ts_decorate([
|
|
73
79
|
(0, _common.Post)('role-actions/assign'),
|
|
80
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.ROLE_ACTION_PERMISSIONS.ASSIGN),
|
|
74
81
|
(0, _swagger.ApiOperation)({
|
|
75
82
|
summary: 'Assign/remove actions to/from role',
|
|
76
83
|
description: 'RBAC mode. No branch scoping.'
|
|
@@ -90,7 +97,8 @@ _ts_decorate([
|
|
|
90
97
|
_ts_metadata("design:returntype", Promise)
|
|
91
98
|
], RolePermissionController.prototype, "assignRoleActions", null);
|
|
92
99
|
_ts_decorate([
|
|
93
|
-
(0, _common.
|
|
100
|
+
(0, _common.Post)('get-role-actions'),
|
|
101
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.ROLE_ACTION_PERMISSIONS.READ),
|
|
94
102
|
(0, _swagger.ApiOperation)({
|
|
95
103
|
summary: 'Get role actions',
|
|
96
104
|
description: 'Returns actions assigned to role.'
|
|
@@ -99,17 +107,19 @@ _ts_decorate([
|
|
|
99
107
|
status: 200,
|
|
100
108
|
type: _nestjsshared.SingleResponseDto
|
|
101
109
|
}),
|
|
102
|
-
|
|
103
|
-
|
|
110
|
+
(0, _swagger.ApiBody)({
|
|
111
|
+
type: _permissiondto.GetRoleActionsDto
|
|
112
|
+
}),
|
|
113
|
+
_ts_param(0, (0, _common.Body)()),
|
|
104
114
|
_ts_metadata("design:type", Function),
|
|
105
115
|
_ts_metadata("design:paramtypes", [
|
|
106
|
-
String,
|
|
107
116
|
typeof _permissiondto.GetRoleActionsDto === "undefined" ? Object : _permissiondto.GetRoleActionsDto
|
|
108
117
|
]),
|
|
109
118
|
_ts_metadata("design:returntype", Promise)
|
|
110
119
|
], RolePermissionController.prototype, "getRoleActions", null);
|
|
111
120
|
_ts_decorate([
|
|
112
121
|
(0, _common.Post)('user-roles/assign'),
|
|
122
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.USER_ROLE_PERMISSIONS.ASSIGN),
|
|
113
123
|
(0, _swagger.ApiOperation)({
|
|
114
124
|
summary: 'Assign/remove roles to/from user',
|
|
115
125
|
description: 'RBAC mode. If company feature enabled, branchId is required.'
|
|
@@ -122,14 +132,17 @@ _ts_decorate([
|
|
|
122
132
|
type: _permissiondto.AssignUserRolesDto
|
|
123
133
|
}),
|
|
124
134
|
_ts_param(0, (0, _common.Body)()),
|
|
135
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
125
136
|
_ts_metadata("design:type", Function),
|
|
126
137
|
_ts_metadata("design:paramtypes", [
|
|
127
|
-
typeof _permissiondto.AssignUserRolesDto === "undefined" ? Object : _permissiondto.AssignUserRolesDto
|
|
138
|
+
typeof _permissiondto.AssignUserRolesDto === "undefined" ? Object : _permissiondto.AssignUserRolesDto,
|
|
139
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
128
140
|
]),
|
|
129
141
|
_ts_metadata("design:returntype", Promise)
|
|
130
142
|
], RolePermissionController.prototype, "assignUserRoles", null);
|
|
131
143
|
_ts_decorate([
|
|
132
|
-
(0, _common.
|
|
144
|
+
(0, _common.Post)('get-user-roles'),
|
|
145
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.USER_ROLE_PERMISSIONS.READ),
|
|
133
146
|
(0, _swagger.ApiOperation)({
|
|
134
147
|
summary: 'Get user roles',
|
|
135
148
|
description: 'Returns roles assigned to user. Filter by companyId and branchId.'
|
|
@@ -138,12 +151,15 @@ _ts_decorate([
|
|
|
138
151
|
status: 200,
|
|
139
152
|
type: _nestjsshared.SingleResponseDto
|
|
140
153
|
}),
|
|
141
|
-
|
|
142
|
-
|
|
154
|
+
(0, _swagger.ApiBody)({
|
|
155
|
+
type: _permissiondto.GetUserRolesDto
|
|
156
|
+
}),
|
|
157
|
+
_ts_param(0, (0, _common.Body)()),
|
|
158
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
143
159
|
_ts_metadata("design:type", Function),
|
|
144
160
|
_ts_metadata("design:paramtypes", [
|
|
145
|
-
|
|
146
|
-
typeof
|
|
161
|
+
typeof _permissiondto.GetUserRolesDto === "undefined" ? Object : _permissiondto.GetUserRolesDto,
|
|
162
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
147
163
|
]),
|
|
148
164
|
_ts_metadata("design:returntype", Promise)
|
|
149
165
|
], RolePermissionController.prototype, "getUserRoles", null);
|
|
@@ -153,8 +169,10 @@ RolePermissionController = _ts_decorate([
|
|
|
153
169
|
(0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
|
|
154
170
|
(0, _swagger.ApiBearerAuth)(),
|
|
155
171
|
_ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
|
|
172
|
+
_ts_param(1, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
|
|
156
173
|
_ts_metadata("design:type", Function),
|
|
157
174
|
_ts_metadata("design:paramtypes", [
|
|
158
|
-
typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
|
|
175
|
+
typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService,
|
|
176
|
+
typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService
|
|
159
177
|
])
|
|
160
178
|
], RolePermissionController);
|
|
@@ -8,7 +8,7 @@ Object.defineProperty(exports, "RoleController", {
|
|
|
8
8
|
return RoleController;
|
|
9
9
|
}
|
|
10
10
|
});
|
|
11
|
-
const
|
|
11
|
+
const _nestjsshared = require("@flusys/nestjs-shared");
|
|
12
12
|
const _common = require("@nestjs/common");
|
|
13
13
|
const _swagger = require("@nestjs/swagger");
|
|
14
14
|
const _roledto = require("../dtos/role.dto");
|
|
@@ -40,8 +40,51 @@ function _ts_param(paramIndex, decorator) {
|
|
|
40
40
|
decorator(target, key, paramIndex);
|
|
41
41
|
};
|
|
42
42
|
}
|
|
43
|
-
let RoleController = class RoleController extends (0,
|
|
44
|
-
security:
|
|
43
|
+
let RoleController = class RoleController extends (0, _nestjsshared.createApiController)(_roledto.CreateRoleDto, _roledto.UpdateRoleDto, _roledto.RoleResponseDto, {
|
|
44
|
+
security: {
|
|
45
|
+
insert: {
|
|
46
|
+
level: 'permission',
|
|
47
|
+
permissions: [
|
|
48
|
+
_nestjsshared.ROLE_PERMISSIONS.CREATE
|
|
49
|
+
]
|
|
50
|
+
},
|
|
51
|
+
insertMany: {
|
|
52
|
+
level: 'permission',
|
|
53
|
+
permissions: [
|
|
54
|
+
_nestjsshared.ROLE_PERMISSIONS.CREATE
|
|
55
|
+
]
|
|
56
|
+
},
|
|
57
|
+
getById: {
|
|
58
|
+
level: 'permission',
|
|
59
|
+
permissions: [
|
|
60
|
+
_nestjsshared.ROLE_PERMISSIONS.READ
|
|
61
|
+
]
|
|
62
|
+
},
|
|
63
|
+
getAll: {
|
|
64
|
+
level: 'permission',
|
|
65
|
+
permissions: [
|
|
66
|
+
_nestjsshared.ROLE_PERMISSIONS.READ
|
|
67
|
+
]
|
|
68
|
+
},
|
|
69
|
+
update: {
|
|
70
|
+
level: 'permission',
|
|
71
|
+
permissions: [
|
|
72
|
+
_nestjsshared.ROLE_PERMISSIONS.UPDATE
|
|
73
|
+
]
|
|
74
|
+
},
|
|
75
|
+
updateMany: {
|
|
76
|
+
level: 'permission',
|
|
77
|
+
permissions: [
|
|
78
|
+
_nestjsshared.ROLE_PERMISSIONS.UPDATE
|
|
79
|
+
]
|
|
80
|
+
},
|
|
81
|
+
delete: {
|
|
82
|
+
level: 'permission',
|
|
83
|
+
permissions: [
|
|
84
|
+
_nestjsshared.ROLE_PERMISSIONS.DELETE
|
|
85
|
+
]
|
|
86
|
+
}
|
|
87
|
+
}
|
|
45
88
|
}) {
|
|
46
89
|
constructor(roleService){
|
|
47
90
|
super(roleService), _define_property(this, "roleService", void 0), this.roleService = roleService;
|
|
@@ -12,7 +12,9 @@ const _nestjsshared = require("@flusys/nestjs-shared");
|
|
|
12
12
|
const _common = require("@nestjs/common");
|
|
13
13
|
const _swagger = require("@nestjs/swagger");
|
|
14
14
|
const _permissiondto = require("../dtos/permission.dto");
|
|
15
|
+
const _helpers = require("../helpers");
|
|
15
16
|
const _permissionservice = require("../services/permission.service");
|
|
17
|
+
const _iamconfigservice = require("../services/iam-config.service");
|
|
16
18
|
function _define_property(obj, key, value) {
|
|
17
19
|
if (key in obj) {
|
|
18
20
|
Object.defineProperty(obj, key, {
|
|
@@ -41,11 +43,13 @@ function _ts_param(paramIndex, decorator) {
|
|
|
41
43
|
};
|
|
42
44
|
}
|
|
43
45
|
let UserActionPermissionController = class UserActionPermissionController {
|
|
44
|
-
async assignUserActions(dto) {
|
|
46
|
+
async assignUserActions(dto, user) {
|
|
47
|
+
(0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
|
|
45
48
|
return this.permissionService.assignUserActions(dto);
|
|
46
49
|
}
|
|
47
|
-
async getUserActions(
|
|
48
|
-
|
|
50
|
+
async getUserActions(dto, user) {
|
|
51
|
+
(0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
|
|
52
|
+
const actions = await this.permissionService.getUserActions(dto.userId, dto.branchId, dto.companyId);
|
|
49
53
|
return {
|
|
50
54
|
success: true,
|
|
51
55
|
message: 'User actions retrieved successfully',
|
|
@@ -53,13 +57,16 @@ let UserActionPermissionController = class UserActionPermissionController {
|
|
|
53
57
|
};
|
|
54
58
|
}
|
|
55
59
|
// NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
|
|
56
|
-
constructor(permissionService){
|
|
60
|
+
constructor(permissionService, config){
|
|
57
61
|
_define_property(this, "permissionService", void 0);
|
|
62
|
+
_define_property(this, "config", void 0);
|
|
58
63
|
this.permissionService = permissionService;
|
|
64
|
+
this.config = config;
|
|
59
65
|
}
|
|
60
66
|
};
|
|
61
67
|
_ts_decorate([
|
|
62
68
|
(0, _common.Post)('user-actions/assign'),
|
|
69
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.USER_ACTION_PERMISSIONS.ASSIGN),
|
|
63
70
|
(0, _swagger.ApiOperation)({
|
|
64
71
|
summary: 'Assign/remove actions to/from user',
|
|
65
72
|
description: 'Direct permissions. If company feature enabled, branchId is required.'
|
|
@@ -72,14 +79,17 @@ _ts_decorate([
|
|
|
72
79
|
type: _permissiondto.AssignUserActionsDto
|
|
73
80
|
}),
|
|
74
81
|
_ts_param(0, (0, _common.Body)()),
|
|
82
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
75
83
|
_ts_metadata("design:type", Function),
|
|
76
84
|
_ts_metadata("design:paramtypes", [
|
|
77
|
-
typeof _permissiondto.AssignUserActionsDto === "undefined" ? Object : _permissiondto.AssignUserActionsDto
|
|
85
|
+
typeof _permissiondto.AssignUserActionsDto === "undefined" ? Object : _permissiondto.AssignUserActionsDto,
|
|
86
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
78
87
|
]),
|
|
79
88
|
_ts_metadata("design:returntype", Promise)
|
|
80
89
|
], UserActionPermissionController.prototype, "assignUserActions", null);
|
|
81
90
|
_ts_decorate([
|
|
82
|
-
(0, _common.
|
|
91
|
+
(0, _common.Post)('get-user-actions'),
|
|
92
|
+
(0, _nestjsshared.RequirePermission)(_nestjsshared.USER_ACTION_PERMISSIONS.READ),
|
|
83
93
|
(0, _swagger.ApiOperation)({
|
|
84
94
|
summary: 'Get user direct actions',
|
|
85
95
|
description: 'Returns direct action permissions for user. Filter by companyId and branchId.'
|
|
@@ -88,12 +98,15 @@ _ts_decorate([
|
|
|
88
98
|
status: 200,
|
|
89
99
|
type: _nestjsshared.SingleResponseDto
|
|
90
100
|
}),
|
|
91
|
-
|
|
92
|
-
|
|
101
|
+
(0, _swagger.ApiBody)({
|
|
102
|
+
type: _permissiondto.GetUserActionsDto
|
|
103
|
+
}),
|
|
104
|
+
_ts_param(0, (0, _common.Body)()),
|
|
105
|
+
_ts_param(1, (0, _nestjsshared.CurrentUser)()),
|
|
93
106
|
_ts_metadata("design:type", Function),
|
|
94
107
|
_ts_metadata("design:paramtypes", [
|
|
95
|
-
|
|
96
|
-
typeof
|
|
108
|
+
typeof _permissiondto.GetUserActionsDto === "undefined" ? Object : _permissiondto.GetUserActionsDto,
|
|
109
|
+
typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
|
|
97
110
|
]),
|
|
98
111
|
_ts_metadata("design:returntype", Promise)
|
|
99
112
|
], UserActionPermissionController.prototype, "getUserActions", null);
|
|
@@ -103,8 +116,10 @@ UserActionPermissionController = _ts_decorate([
|
|
|
103
116
|
(0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
|
|
104
117
|
(0, _swagger.ApiBearerAuth)(),
|
|
105
118
|
_ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
|
|
119
|
+
_ts_param(1, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
|
|
106
120
|
_ts_metadata("design:type", Function),
|
|
107
121
|
_ts_metadata("design:paramtypes", [
|
|
108
|
-
typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
|
|
122
|
+
typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService,
|
|
123
|
+
typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService
|
|
109
124
|
])
|
|
110
125
|
], UserActionPermissionController);
|
package/cjs/dtos/action.dto.js
CHANGED
|
@@ -9,9 +9,6 @@ function _export(target, all) {
|
|
|
9
9
|
});
|
|
10
10
|
}
|
|
11
11
|
_export(exports, {
|
|
12
|
-
get ActionQueryDto () {
|
|
13
|
-
return ActionQueryDto;
|
|
14
|
-
},
|
|
15
12
|
get ActionResponseDto () {
|
|
16
13
|
return ActionResponseDto;
|
|
17
14
|
},
|
|
@@ -284,30 +281,6 @@ _ts_decorate([
|
|
|
284
281
|
}),
|
|
285
282
|
_ts_metadata("design:type", Array)
|
|
286
283
|
], ActionTreeDto.prototype, "children", void 0);
|
|
287
|
-
let ActionQueryDto = class ActionQueryDto {
|
|
288
|
-
constructor(){
|
|
289
|
-
_define_property(this, "isActive", void 0);
|
|
290
|
-
_define_property(this, "parentId", void 0);
|
|
291
|
-
}
|
|
292
|
-
};
|
|
293
|
-
_ts_decorate([
|
|
294
|
-
(0, _swagger.ApiProperty)({
|
|
295
|
-
description: 'Filter by active status',
|
|
296
|
-
required: false
|
|
297
|
-
}),
|
|
298
|
-
(0, _classvalidator.IsBoolean)(),
|
|
299
|
-
(0, _classvalidator.IsOptional)(),
|
|
300
|
-
_ts_metadata("design:type", Boolean)
|
|
301
|
-
], ActionQueryDto.prototype, "isActive", void 0);
|
|
302
|
-
_ts_decorate([
|
|
303
|
-
(0, _swagger.ApiProperty)({
|
|
304
|
-
description: 'Filter by parent ID',
|
|
305
|
-
required: false
|
|
306
|
-
}),
|
|
307
|
-
(0, _classvalidator.IsUUID)(),
|
|
308
|
-
(0, _classvalidator.IsOptional)(),
|
|
309
|
-
_ts_metadata("design:type", String)
|
|
310
|
-
], ActionQueryDto.prototype, "parentId", void 0);
|
|
311
284
|
let ActionTreeQueryDto = class ActionTreeQueryDto {
|
|
312
285
|
constructor(){
|
|
313
286
|
_define_property(this, "search", void 0);
|