npm - @flusys/nestjs-iam - Versions diffs - 1.0.0-rc → 2.0.0 - Mend

@flusys/nestjs-iam 1.0.0-rc → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/README.md +219 -118
package/cjs/controllers/company-action-permission.controller.js +2 -17
package/cjs/controllers/my-permission.controller.js +1 -2
package/cjs/controllers/role-permission.controller.js +3 -9
package/cjs/controllers/user-action-permission.controller.js +3 -9
package/cjs/dtos/action.dto.js +0 -27
package/cjs/dtos/permission.dto.js +81 -27
package/cjs/dtos/role.dto.js +0 -27
package/cjs/helpers/company-access.helper.js +19 -0
package/cjs/helpers/index.js +1 -1
package/cjs/interfaces/iam-module-options.interface.js +0 -14
package/cjs/interfaces/index.js +0 -1
package/cjs/modules/iam.module.js +38 -106
package/cjs/services/action.service.js +30 -41
package/cjs/services/iam-config.service.js +2 -5
package/cjs/services/{iam-datasource.provider.js → iam-datasource.service.js} +33 -36
package/cjs/services/index.js +1 -1
package/cjs/services/permission-cache.service.js +6 -46
package/cjs/services/permission.service.js +52 -41
package/cjs/services/role.service.js +3 -3
package/controllers/company-action-permission.controller.d.ts +2 -5
package/controllers/role-permission.controller.d.ts +0 -1
package/controllers/user-action-permission.controller.d.ts +0 -1
package/dtos/action.dto.d.ts +0 -4
package/dtos/role.dto.d.ts +0 -4
package/fesm/controllers/company-action-permission.controller.js +4 -19
package/fesm/controllers/my-permission.controller.js +1 -2
package/fesm/controllers/role-permission.controller.js +4 -10
package/fesm/controllers/user-action-permission.controller.js +4 -10
package/fesm/dtos/action.dto.js +0 -24
package/fesm/dtos/permission.dto.js +81 -27
package/fesm/dtos/role.dto.js +0 -24
package/fesm/helpers/company-access.helper.js +14 -0
package/fesm/helpers/index.js +1 -1
package/fesm/interfaces/iam-module-options.interface.js +3 -1
package/fesm/interfaces/index.js +0 -1
package/fesm/modules/iam.module.js +40 -108
package/fesm/services/action.service.js +31 -42
package/fesm/services/iam-config.service.js +2 -5
package/fesm/services/{iam-datasource.provider.js → iam-datasource.service.js} +31 -34
package/fesm/services/index.js +1 -1
package/fesm/services/permission-cache.service.js +6 -46
package/fesm/services/permission.service.js +53 -42
package/fesm/services/role.service.js +3 -3
package/helpers/company-access.helper.d.ts +3 -0
package/helpers/index.d.ts +1 -1
package/interfaces/iam-module-options.interface.d.ts +9 -1
package/interfaces/index.d.ts +0 -1
package/modules/iam.module.d.ts +1 -2
package/package.json +3 -3
package/services/action.service.d.ts +6 -4
package/services/iam-config.service.d.ts +0 -1
package/services/{iam-datasource.provider.d.ts → iam-datasource.service.d.ts} +4 -5
package/services/index.d.ts +1 -1
package/services/permission-cache.service.d.ts +1 -4
package/services/permission.service.d.ts +4 -2
package/services/role.service.d.ts +3 -3
package/cjs/helpers/permission-evaluator.helper.js +0 -175
package/cjs/interfaces/iam-module-async-options.interface.js +0 -4
package/fesm/helpers/permission-evaluator.helper.js +0 -165
package/fesm/interfaces/iam-module-async-options.interface.js +0 -3
package/helpers/permission-evaluator.helper.d.ts +0 -26
package/interfaces/iam-module-async-options.interface.d.ts +0 -11

package/README.md CHANGED Viewed

@@ -8,11 +8,13 @@
 - [Overview](#overview)
 - [Installation](#installation)
 - [Module Configuration](#module-configuration)
+- [Constants](#constants)
 - [Core Concepts](#core-concepts)
 - [Entities](#entities)
 - [Permission Modes](#permission-modes)
 - [Permission Logic](#permission-logic)
 - [Services](#services)
+- [Helpers](#helpers)
 - [REST API Endpoints](#rest-api-endpoints)
 - [Multi-Tenant Support](#multi-tenant-support)
 - [Permission Guard Integration](#permission-guard-integration)
@@ -89,6 +91,34 @@ import { IAMModule } from '@flusys/nestjs-iam';
 export class AppModule {}
 ```
+### Async Configuration
+```typescript
+IAMModule.forRootAsync({
+  global: true,
+  includeController: true,
+  bootstrapAppConfig: {
+    databaseMode: 'single',
+    enableCompanyFeature: true,
+    permissionMode: 'RBAC',
+  },
+  imports: [ConfigModule],
+  useFactory: (config: ConfigService) => ({
+    // IAM-specific options from config
+  }),
+  inject: [ConfigService],
+})
+```
+---
+## Constants
+```typescript
+// Injection Token
+export const IAM_MODULE_OPTIONS = 'IAM_MODULE_OPTIONS';
+```
 ---
 ## Core Concepts
@@ -148,9 +178,7 @@ enum IamPermissionType {
 ### Permission Cascade Deletion
-When removing company actions via `removeCompanyActionsWithCascade()`, the `PermissionService` performs cascade deletion to maintain permission consistency:
-**Cascade Flow:**
+When removing company actions via `removeCompanyActionsWithCascade()`, the `PermissionService` performs cascade deletion:
 ```
 Company Action Removed
@@ -168,29 +196,54 @@ Company Action Removed
 6. Invalidate permission cache for affected users
 ```
-**Example:**
+---
-```typescript
-// Remove actions from company whitelist with cascade
-await permissionService.assignCompanyActions({
-  companyId: 'company-id',
-  items: [
-    { id: 'action-id-1', action: PermissionAction.REMOVE },
-    { id: 'action-id-2', action: PermissionAction.REMOVE },
-  ],
-});
-```
+## Entities
-This ensures that when a company loses access to an action:
-- All roles in that company lose the action
-- All users in that company lose direct assignments to the action
-- Permission cache is invalidated so guards reflect the change immediately
+### Entity Groups
-**Note:** The cascade only affects permissions within the specified company. Other companies' permissions remain unchanged.
+```typescript
+// Core entities (no company feature)
+export const IAMCoreEntities = [Action, Role, UserIamPermission];
----
+// Company-specific entities
+export const IAMCompanyEntities = [RoleWithCompany, UserIamPermissionWithCompany];
-## Entities
+// All entities
+export const IAMAllEntities = [
+  Action,
+  Role,
+  RoleWithCompany,
+  UserIamPermission,
+  UserIamPermissionWithCompany,
+];
+// Helper function
+export function getIAMEntitiesByConfig(
+  enableCompanyFeature: boolean,
+  permissionMode: 'FULL' | 'RBAC' | 'DIRECT' = 'FULL',
+): any[] {
+  const entities: any[] = [Action];
+  // Permission entity - always included
+  if (enableCompanyFeature) {
+    entities.push(UserIamPermissionWithCompany);
+  } else {
+    entities.push(UserIamPermission);
+  }
+  // Role entity - Only for RBAC or FULL mode (not DIRECT)
+  if (permissionMode === 'RBAC' || permissionMode === 'FULL') {
+    if (enableCompanyFeature) {
+      entities.push(RoleWithCompany);
+    } else {
+      entities.push(Role);
+    }
+  }
+  return entities;
+}
+```
 ### ActionBase
@@ -264,6 +317,16 @@ Extends PermissionBase with:
 Set in `bootstrapAppConfig.permissionMode`:
+### Permission Mode Enum
+```typescript
+enum IAMPermissionMode {
+  RBAC = 1,   // Role-Based: Action + RoleAction + UserRole
+  DIRECT = 2, // Direct User Permissions: Action + UserAction
+  FULL = 3,   // Both RBAC + Direct permissions
+}
+```
 ### RBAC Mode (Role-Based)
 ```
@@ -293,15 +356,6 @@ User -> Action
 Both RBAC and direct permissions. Default mode. All assignment methods available.
-### PermissionModeHelper
-```typescript
-import { PermissionModeHelper } from '@flusys/nestjs-iam/helpers';
-const mode = PermissionModeHelper.fromString('RBAC');
-// Returns: IAMPermissionMode.RBAC
-```
 ---
 ## Permission Logic
@@ -344,6 +398,15 @@ const logic: LogicNode = {
 ## Services
+| Service | Scope | Description |
+|---------|-------|-------------|
+| `ActionService` | REQUEST | Action CRUD, tree queries |
+| `RoleService` | REQUEST | Role CRUD (RBAC/FULL mode only) |
+| `PermissionService` | REQUEST | Permission assignments, my-permissions |
+| `PermissionCacheService` | REQUEST | Cache management |
+| `IAMConfigService` | SINGLETON | IAM configuration access |
+| `IAMDataSourceService` | REQUEST | DataSource provider for multi-tenant |
 ### ActionService
 ```typescript
@@ -383,7 +446,6 @@ await roleService.insert({
 import { PermissionService, PermissionAction } from '@flusys/nestjs-iam';
 // Assign roles to user (RBAC/FULL mode only)
-// Throws BadRequestException in DIRECT mode
 await permissionService.assignUserRoles({
   userId: 'user-id',
   companyId: 'company-id',
@@ -392,7 +454,6 @@ await permissionService.assignUserRoles({
 });
 // Assign actions directly (DIRECT/FULL mode only)
-// Throws BadRequestException in RBAC mode
 await permissionService.assignUserActions({
   userId: 'user-id',
   companyId: 'company-id',
@@ -401,13 +462,12 @@ await permissionService.assignUserActions({
 });
 // Assign actions to role (RBAC/FULL mode only)
-// Throws BadRequestException in DIRECT mode
 await permissionService.assignRoleActions({
   roleId: 'role-id',
   items: [{ id: 'action-id', action: PermissionAction.ADD }],
 });
-// Get user's permissions (collects from RBAC + DIRECT based on mode)
+// Get user's permissions
 const permissions = await permissionService.getMyPermissions(
   userId, branchId, companyId, parentCodes
 );
@@ -446,6 +506,51 @@ action-codes:tenant:{tenantId}:map                               // Multi-tenant
 ---
+## Helpers
+### PermissionModeHelper
+Centralizes conversion from string to enum to prevent duplication:
+```typescript
+import { PermissionModeHelper } from '@flusys/nestjs-iam';
+// Convert string to enum
+const mode = PermissionModeHelper.fromString('RBAC');
+// Returns: IAMPermissionMode.RBAC
+const mode = PermissionModeHelper.fromString(undefined);
+// Returns: IAMPermissionMode.FULL (default)
+// Convert enum to string
+const str = PermissionModeHelper.toString(IAMPermissionMode.RBAC);
+// Returns: 'RBAC'
+```
+**Used by:**
+- `iam.module.ts` (forRoot, forRootAsync)
+- `iam-config.service.ts` (getPermissionMode)
+- `main.ts` (Swagger setup)
+### validateCompanyAccess
+Validates user access to a company for permission operations:
+```typescript
+import { validateCompanyAccess } from '@flusys/nestjs-iam';
+// In a controller or service
+validateCompanyAccess(
+  iamConfig,
+  dto.companyId,
+  user,
+  'You do not have access to this company',
+);
+// Throws ForbiddenException if user.companyId !== dto.companyId
+```
+---
 ## REST API Endpoints
 ### Actions API
@@ -460,7 +565,7 @@ action-codes:tenant:{tenantId}:map                               // Multi-tenant
 | `/iam/actions/update` | POST | Update action |
 | `/iam/actions/delete` | POST | Delete action |
-### Roles API
+### Roles API (RBAC/FULL mode only)
 | Endpoint | Method | Description |
 |----------|--------|-------------|
@@ -472,25 +577,25 @@ action-codes:tenant:{tenantId}:map                               // Multi-tenant
 ### Permissions API
-| Endpoint | Method | Description |
-|----------|--------|-------------|
-| `/iam/permissions/role-actions/assign` | POST | Assign actions to role |
-| `/iam/permissions/role-actions/get` | POST | Get role actions |
-| `/iam/permissions/user-roles/assign` | POST | Assign roles to user |
-| `/iam/permissions/user-roles/get` | POST | Get user roles |
-| `/iam/permissions/user-actions/assign` | POST | Assign actions to user |
-| `/iam/permissions/user-actions/get` | POST | Get user actions |
-| `/iam/permissions/company-actions/assign` | POST | Company action whitelist |
-| `/iam/permissions/company-actions/get` | POST | Get company actions |
-| `/iam/permissions/my-permissions` | POST | Get current user's permissions |
-**My Permissions Response:**
-```typescript
-{
-  frontendActions: FrontendActionDto[],
-  cachedEndpoints: number
-}
-```
+| Endpoint | Method | Modes | Description |
+|----------|--------|-------|-------------|
+| `/iam/permissions/role-actions/assign` | POST | RBAC, FULL | Assign actions to role |
+| `/iam/permissions/role-actions/get` | POST | RBAC, FULL | Get role actions |
+| `/iam/permissions/user-roles/assign` | POST | RBAC, FULL | Assign roles to user |
+| `/iam/permissions/user-roles/get` | POST | RBAC, FULL | Get user roles |
+| `/iam/permissions/user-actions/assign` | POST | DIRECT, FULL | Assign actions to user |
+| `/iam/permissions/user-actions/get` | POST | DIRECT, FULL | Get user actions |
+| `/iam/permissions/company-actions/assign` | POST | All (company enabled) | Company action whitelist |
+| `/iam/permissions/company-actions/get` | POST | All (company enabled) | Get company actions |
+| `/iam/permissions/my-permissions` | POST | All | Get current user's permissions |
+**Controller Registration by Mode:**
+| Mode | Controllers |
+|------|-------------|
+| DIRECT | ActionController, MyPermissionController, UserActionPermissionController |
+| RBAC | ActionController, MyPermissionController, RoleController, RolePermissionController |
+| FULL | All controllers |
 ---
@@ -503,6 +608,7 @@ action-codes:tenant:{tenantId}:map                               // Multi-tenant
 export const bootstrapAppConfig: IBootstrapAppConfig = {
   databaseMode: 'single', // or 'multi-tenant'
   enableCompanyFeature: true,
+  permissionMode: 'FULL',
 };
 ```
@@ -525,7 +631,7 @@ export const bootstrapAppConfig: IBootstrapAppConfig = {
 When `databaseMode: 'multi-tenant'`:
 - Each tenant has isolated database/schema
 - Action code cache is tenant-aware (separate cache per tenant)
-- Uses `IAMDataSourceProvider` for tenant-specific connections
+- Uses `IAMDataSourceService` for tenant-specific connections
 ### Permission Merging
@@ -606,73 +712,62 @@ Direct actions should be exceptions and branch-specific overrides, not the prima
 ## API Reference
-### Module
+### Exports
 ```typescript
-import { IAMModule, IAMPermissionMode } from '@flusys/nestjs-iam';
-```
+// Config
+export { IAM_MODULE_OPTIONS } from './config';
-### Services
+// Modules
+export { IAMModule } from './modules';
-```typescript
-import {
-  ActionService,
-  RoleService,
-  PermissionService,
-  PermissionCacheService,
-  IAMConfigService,
-  IAMDataSourceProvider,
-} from '@flusys/nestjs-iam';
-```
+// Entities
+export { Action } from './entities/action.entity';
+export { ActionBase } from './entities/action-base.entity';
+export { Role } from './entities/role.entity';
+export { RoleBase } from './entities/role-base.entity';
+export { RoleWithCompany } from './entities/role-with-company.entity';
+export { PermissionBase } from './entities/permission-base.entity';
+export { UserIamPermission } from './entities/user-iam-permission.entity';
+export { UserIamPermissionWithCompany } from './entities/permission-with-company.entity';
+export { IAMCoreEntities, IAMCompanyEntities, IAMAllEntities, getIAMEntitiesByConfig } from './entities';
-### Entities
+// Services
+export { ActionService } from './services/action.service';
+export { RoleService } from './services/role.service';
+export { PermissionService } from './services/permission.service';
+export { PermissionCacheService } from './services/permission-cache.service';
+export { IAMConfigService } from './services/iam-config.service';
+export { IAMDataSourceService } from './services/iam-datasource.service';
-```typescript
-import {
-  Action,
-  Role,
-  RoleWithCompany,
-  UserIamPermission,
-  UserIamPermissionWithCompany,
-  getIAMEntitiesByConfig,
-} from '@flusys/nestjs-iam/entities';
-```
+// Helpers
+export { PermissionModeHelper } from './helpers/permission-mode.helper';
+export { validateCompanyAccess } from './helpers/company-access.helper';
-### DTOs
+// Enums
+export { ActionType } from './enums/action-type.enum';
+export { IAMPermissionMode } from './enums/permission-type.enum';
-```typescript
-import {
-  CreateActionDto,
-  UpdateActionDto,
-  CreateRoleDto,
-  UpdateRoleDto,
-  AssignUserActionsDto,
-  AssignUserRolesDto,
-  AssignRoleActionsDto,
-  AssignCompanyActionsDto,
-  MyPermissionsResponseDto,
-  FrontendActionDto,
-} from '@flusys/nestjs-iam/dtos';
-```
-### Enums
+// Types
+export { LogicNode } from './types/logic-node.type';
-```typescript
-import {
-  ActionType,
-  IAMPermissionMode,
-  IamPermissionType,
-  IamEntityType,
-} from '@flusys/nestjs-iam/enums';
+// DTOs
+export * from './dtos';
+// Interfaces
+export * from './interfaces';
+// Swagger Config
+export { iamSwaggerConfig } from './docs';
 ```
-### Helpers
+### Module Static Methods
 ```typescript
-import { PermissionModeHelper } from '@flusys/nestjs-iam/helpers';
-// Convert string to permission mode enum
-const mode = PermissionModeHelper.fromString('RBAC'); // IAMPermissionMode.RBAC
+// Configure module
+IAMModule.forRoot(options?: IAMModuleOptions): DynamicModule
+IAMModule.forRootAsync(options: IAMModuleAsyncOptions): DynamicModule
+IAMModule.forFeature(options?: IAMModuleOptions): DynamicModule
 ```
 ---
@@ -681,6 +776,9 @@ const mode = PermissionModeHelper.fromString('RBAC'); // IAMPermissionMode.RBAC
 ```
 nestjs-iam/src/
+├── config/
+│   ├── iam.constants.ts           # IAM_MODULE_OPTIONS token
+│   └── index.ts
 ├── modules/
 │   └── iam.module.ts              # Main module with dynamic config
 ├── entities/
@@ -691,14 +789,15 @@ nestjs-iam/src/
 │   ├── role-with-company.entity.ts
 │   ├── permission-base.entity.ts  # Permission base fields
 │   ├── user-iam-permission.entity.ts
-│   └── permission-with-company.entity.ts
+│   ├── permission-with-company.entity.ts
+│   └── index.ts                   # Entity groups & getIAMEntitiesByConfig
 ├── services/
 │   ├── action.service.ts          # Action CRUD
 │   ├── role.service.ts            # Role CRUD
 │   ├── permission.service.ts      # Permission management
 │   ├── permission-cache.service.ts # Cache management
 │   ├── iam-config.service.ts      # Configuration
-│   └── iam-datasource.provider.ts # DataSource provider
+│   └── iam-datasource.service.ts  # DataSource provider
 ├── controllers/
 │   ├── action.controller.ts
 │   ├── role.controller.ts
@@ -707,8 +806,8 @@ nestjs-iam/src/
 │   ├── user-action-permission.controller.ts
 │   └── company-action-permission.controller.ts
 ├── helpers/
-│   ├── permission-evaluator.helper.ts  # Logic evaluation (AND/OR)
-│   └── permission-mode.helper.ts       # String to enum conversion
+│   ├── company-access.helper.ts   # Company access validation
+│   └── permission-mode.helper.ts  # String to enum conversion
 ├── dtos/
 │   ├── action.dto.ts
 │   ├── role.dto.ts
@@ -716,15 +815,17 @@ nestjs-iam/src/
 ├── interfaces/
 │   ├── action.interface.ts
 │   ├── role.interface.ts
-│   ├── iam-module-options.interface.ts
-│   └── iam-module-async-options.interface.ts
+│   └── iam-module-options.interface.ts
 ├── enums/
 │   ├── action-type.enum.ts
 │   └── permission-type.enum.ts
-└── types/
-    └── logic-node.type.ts
+├── types/
+│   └── logic-node.type.ts
+├── docs/
+│   └── iam-swagger.config.ts
+└── index.ts
 ```
 ---
-**Last Updated:** 2026-02-18
+**Last Updated:** 2026-02-21

package/cjs/controllers/company-action-permission.controller.js CHANGED Viewed

@@ -13,7 +13,6 @@ const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
 const _permissiondto = require("../dtos/permission.dto");
 const _permissionservice = require("../services/permission.service");
-const _iamconfigservice = require("../services/iam-config.service");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -42,19 +41,10 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let CompanyActionPermissionController = class CompanyActionPermissionController {
-    /** Validates that user can only manage permissions for their own company */ validateCompanyAccess(companyId, user) {
-        if (this.config.isCompanyFeatureEnabled() && user.companyId) {
-            if (companyId !== user.companyId) {
-                throw new _common.BadRequestException('Cannot manage permissions for another company');
-            }
-        }
-    }
     async assignCompanyActions(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
         return this.permissionService.assignCompanyActions(dto);
     }
     async getCompanyActions(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
         const actions = await this.permissionService.getCompanyActions(dto.companyId);
         return {
             success: true,
@@ -62,12 +52,9 @@ let CompanyActionPermissionController = class CompanyActionPermissionController
             data: actions
         };
     }
-    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
-    constructor(permissionService, config){
+    constructor(permissionService){
         _define_property(this, "permissionService", void 0);
-        _define_property(this, "config", void 0);
         this.permissionService = permissionService;
-        this.config = config;
     }
 };
 _ts_decorate([
@@ -122,10 +109,8 @@ CompanyActionPermissionController = _ts_decorate([
     (0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
     (0, _swagger.ApiBearerAuth)(),
     _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
-    _ts_param(1, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService,
-        typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService
+        typeof _permissionservice.PermissionService === "undefined" ? Object : _permissionservice.PermissionService
     ])
 ], CompanyActionPermissionController);

package/cjs/controllers/my-permission.controller.js CHANGED Viewed

@@ -9,7 +9,6 @@ Object.defineProperty(exports, "MyPermissionController", {
     }
 });
 const _nestjsshared = require("@flusys/nestjs-shared");
-const _guards = require("@flusys/nestjs-shared/guards");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
 const _permissiondto = require("../dtos/permission.dto");
@@ -85,7 +84,7 @@ _ts_decorate([
 MyPermissionController = _ts_decorate([
     (0, _swagger.ApiTags)('IAM - My Permissions'),
     (0, _common.Controller)('iam/permissions'),
-    (0, _common.UseGuards)(_guards.JwtAuthGuard),
+    (0, _common.UseGuards)(_nestjsshared.JwtAuthGuard),
     (0, _swagger.ApiBearerAuth)(),
     _ts_param(0, (0, _common.Inject)(_permissionservice.PermissionService)),
     _ts_metadata("design:type", Function),

package/cjs/controllers/role-permission.controller.js CHANGED Viewed

@@ -12,6 +12,7 @@ const _nestjsshared = require("@flusys/nestjs-shared");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
 const _permissiondto = require("../dtos/permission.dto");
+const _helpers = require("../helpers");
 const _permissionservice = require("../services/permission.service");
 const _iamconfigservice = require("../services/iam-config.service");
 function _define_property(obj, key, value) {
@@ -42,13 +43,6 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let RolePermissionController = class RolePermissionController {
-    /** Validates that user can only manage permissions within their company */ validateCompanyAccess(companyId, user) {
-        if (this.config.isCompanyFeatureEnabled() && user.companyId && companyId) {
-            if (companyId !== user.companyId) {
-                throw new _common.BadRequestException('Cannot manage permissions for users in another company');
-            }
-        }
-    }
     async assignRoleActions(dto) {
         return this.permissionService.assignRoleActions(dto);
     }
@@ -61,11 +55,11 @@ let RolePermissionController = class RolePermissionController {
         };
     }
     async assignUserRoles(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
+        (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
         return this.permissionService.assignUserRoles(dto);
     }
     async getUserRoles(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
+        (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
         const roles = await this.permissionService.getUserRoles(dto.userId, dto.branchId, dto.companyId);
         return {
             success: true,

package/cjs/controllers/user-action-permission.controller.js CHANGED Viewed

@@ -12,6 +12,7 @@ const _nestjsshared = require("@flusys/nestjs-shared");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
 const _permissiondto = require("../dtos/permission.dto");
+const _helpers = require("../helpers");
 const _permissionservice = require("../services/permission.service");
 const _iamconfigservice = require("../services/iam-config.service");
 function _define_property(obj, key, value) {
@@ -42,19 +43,12 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let UserActionPermissionController = class UserActionPermissionController {
-    /** Validates that user can only manage permissions within their company */ validateCompanyAccess(companyId, user) {
-        if (this.config.isCompanyFeatureEnabled() && user.companyId && companyId) {
-            if (companyId !== user.companyId) {
-                throw new _common.BadRequestException('Cannot manage permissions for users in another company');
-            }
-        }
-    }
     async assignUserActions(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
+        (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
         return this.permissionService.assignUserActions(dto);
     }
     async getUserActions(dto, user) {
-        this.validateCompanyAccess(dto.companyId, user);
+        (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
         const actions = await this.permissionService.getUserActions(dto.userId, dto.branchId, dto.companyId);
         return {
             success: true,

package/cjs/dtos/action.dto.js CHANGED Viewed

@@ -9,9 +9,6 @@ function _export(target, all) {
     });
 }
 _export(exports, {
-    get ActionQueryDto () {
-        return ActionQueryDto;
-    },
     get ActionResponseDto () {
         return ActionResponseDto;
     },
@@ -284,30 +281,6 @@ _ts_decorate([
     }),
     _ts_metadata("design:type", Array)
 ], ActionTreeDto.prototype, "children", void 0);
-let ActionQueryDto = class ActionQueryDto {
-    constructor(){
-        _define_property(this, "isActive", void 0);
-        _define_property(this, "parentId", void 0);
-    }
-};
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Filter by active status',
-        required: false
-    }),
-    (0, _classvalidator.IsBoolean)(),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", Boolean)
-], ActionQueryDto.prototype, "isActive", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Filter by parent ID',
-        required: false
-    }),
-    (0, _classvalidator.IsUUID)(),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", String)
-], ActionQueryDto.prototype, "parentId", void 0);
 let ActionTreeQueryDto = class ActionTreeQueryDto {
     constructor(){
         _define_property(this, "search", void 0);