@flusys/nestjs-iam 1.1.0-beta → 2.0.0

package/cjs/dtos/permission.dto.js

@@ -262,10 +262,18 @@ _ts_decorate([
 ], AssignUserRolesDto.prototype, "items", void 0);
 let GetUserActionsDto = class GetUserActionsDto {
     constructor(){
+        _define_property(this, "userId", void 0);
         _define_property(this, "companyId", void 0);
         _define_property(this, "branchId", void 0);
     }
 };
+_ts_decorate([
+    (0, _swagger.ApiProperty)({
+        description: 'User ID to get actions for'
+    }),
+    (0, _classvalidator.IsUUID)(),
+    _ts_metadata("design:type", String)
+], GetUserActionsDto.prototype, "userId", void 0);
 _ts_decorate([
     (0, _swagger.ApiPropertyOptional)({
         description: 'Company ID (ignored when enableCompanyFeature is false)'
@@ -283,15 +291,43 @@ _ts_decorate([
     _ts_metadata("design:type", String)
 ], GetUserActionsDto.prototype, "branchId", void 0);
 let GetRoleActionsDto = class GetRoleActionsDto {
+    constructor(){
+        _define_property(this, "roleId", void 0);
+    }
 };
+_ts_decorate([
+    (0, _swagger.ApiProperty)({
+        description: 'Role ID to get actions for'
+    }),
+    (0, _classvalidator.IsUUID)(),
+    _ts_metadata("design:type", String)
+], GetRoleActionsDto.prototype, "roleId", void 0);
 let GetCompanyActionsDto = class GetCompanyActionsDto {
+    constructor(){
+        _define_property(this, "companyId", void 0);
+    }
 };
+_ts_decorate([
+    (0, _swagger.ApiProperty)({
+        description: 'Company ID to get actions for'
+    }),
+    (0, _classvalidator.IsUUID)(),
+    _ts_metadata("design:type", String)
+], GetCompanyActionsDto.prototype, "companyId", void 0);
 let GetUserRolesDto = class GetUserRolesDto {
     constructor(){
+        _define_property(this, "userId", void 0);
         _define_property(this, "companyId", void 0);
         _define_property(this, "branchId", void 0);
     }
 };
+_ts_decorate([
+    (0, _swagger.ApiProperty)({
+        description: 'User ID to get roles for'
+    }),
+    (0, _classvalidator.IsUUID)(),
+    _ts_metadata("design:type", String)
+], GetUserRolesDto.prototype, "userId", void 0);
 _ts_decorate([
     (0, _swagger.ApiPropertyOptional)({
         description: 'Company ID (ignored when enableCompanyFeature is false)'
@@ -320,31 +356,45 @@ let UserActionResponseDto = class UserActionResponseDto {
     }
 };
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Permission ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserActionResponseDto.prototype, "id", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'User ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserActionResponseDto.prototype, "userId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserActionResponseDto.prototype, "actionId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action code'
+    }),
     _ts_metadata("design:type", String)
 ], UserActionResponseDto.prototype, "actionCode", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action name'
+    }),
     _ts_metadata("design:type", String)
 ], UserActionResponseDto.prototype, "actionName", void 0);
 _ts_decorate([
-    (0, _swagger.ApiPropertyOptional)(),
+    (0, _swagger.ApiPropertyOptional)({
+        description: 'Branch ID (null = company-wide)'
+    }),
     _ts_metadata("design:type", Object)
 ], UserActionResponseDto.prototype, "branchId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'When this permission was created'
+    }),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
 ], UserActionResponseDto.prototype, "createdAt", void 0);
 let RoleActionResponseDto = class RoleActionResponseDto {
@@ -358,27 +408,39 @@ let RoleActionResponseDto = class RoleActionResponseDto {
     }
 };
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Permission ID'
+    }),
     _ts_metadata("design:type", String)
 ], RoleActionResponseDto.prototype, "id", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Role ID'
+    }),
     _ts_metadata("design:type", String)
 ], RoleActionResponseDto.prototype, "roleId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action ID'
+    }),
     _ts_metadata("design:type", String)
 ], RoleActionResponseDto.prototype, "actionId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action code'
+    }),
     _ts_metadata("design:type", String)
 ], RoleActionResponseDto.prototype, "actionCode", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action name'
+    }),
     _ts_metadata("design:type", String)
 ], RoleActionResponseDto.prototype, "actionName", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'When this permission was created'
+    }),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
 ], RoleActionResponseDto.prototype, "createdAt", void 0);
 let CompanyActionResponseDto = class CompanyActionResponseDto {
@@ -438,27 +500,39 @@ let UserRoleResponseDto = class UserRoleResponseDto {
     }
 };
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Permission ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserRoleResponseDto.prototype, "id", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'User ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserRoleResponseDto.prototype, "userId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Role ID'
+    }),
     _ts_metadata("design:type", String)
 ], UserRoleResponseDto.prototype, "roleId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Role name'
+    }),
     _ts_metadata("design:type", String)
 ], UserRoleResponseDto.prototype, "roleName", void 0);
 _ts_decorate([
-    (0, _swagger.ApiPropertyOptional)(),
+    (0, _swagger.ApiPropertyOptional)({
+        description: 'Branch ID (null = company-wide)'
+    }),
     _ts_metadata("design:type", Object)
 ], UserRoleResponseDto.prototype, "branchId", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'When this permission was created'
+    }),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
 ], UserRoleResponseDto.prototype, "createdAt", void 0);
 let FrontendActionDto = class FrontendActionDto {
@@ -470,19 +544,27 @@ let FrontendActionDto = class FrontendActionDto {
     }
 };
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action ID'
+    }),
     _ts_metadata("design:type", String)
 ], FrontendActionDto.prototype, "id", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action code'
+    }),
     _ts_metadata("design:type", String)
 ], FrontendActionDto.prototype, "code", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Action name'
+    }),
     _ts_metadata("design:type", String)
 ], FrontendActionDto.prototype, "name", void 0);
 _ts_decorate([
-    (0, _swagger.ApiPropertyOptional)(),
+    (0, _swagger.ApiPropertyOptional)({
+        description: 'Action description'
+    }),
     _ts_metadata("design:type", Object)
 ], FrontendActionDto.prototype, "description", void 0);
 let MyPermissionsQueryDto = class MyPermissionsQueryDto {
@@ -537,18 +619,26 @@ let PermissionOperationResultDto = class PermissionOperationResultDto {
     }
 };
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Whether the operation succeeded'
+    }),
     _ts_metadata("design:type", Boolean)
 ], PermissionOperationResultDto.prototype, "success", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Number of permissions added'
+    }),
     _ts_metadata("design:type", Number)
 ], PermissionOperationResultDto.prototype, "added", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Number of permissions removed'
+    }),
     _ts_metadata("design:type", Number)
 ], PermissionOperationResultDto.prototype, "removed", void 0);
 _ts_decorate([
-    (0, _swagger.ApiProperty)(),
+    (0, _swagger.ApiProperty)({
+        description: 'Operation result message'
+    }),
     _ts_metadata("design:type", String)
 ], PermissionOperationResultDto.prototype, "message", void 0);

package/cjs/dtos/role.dto.js

@@ -12,9 +12,6 @@ _export(exports, {
     get CreateRoleDto () {
         return CreateRoleDto;
     },
-    get RoleQueryDto () {
-        return RoleQueryDto;
-    },
     get RoleResponseDto () {
         return RoleResponseDto;
     },
@@ -128,30 +125,6 @@ _ts_decorate([
     (0, _classvalidator.IsNotEmpty)(),
     _ts_metadata("design:type", String)
 ], UpdateRoleDto.prototype, "id", void 0);
-let RoleQueryDto = class RoleQueryDto {
-    constructor(){
-        _define_property(this, "companyId", void 0);
-        _define_property(this, "isActive", void 0);
-    }
-};
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Filter by company ID - Only available when company feature is enabled',
-        required: false
-    }),
-    (0, _classvalidator.IsUUID)(),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", String)
-], RoleQueryDto.prototype, "companyId", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Filter by active status',
-        required: false
-    }),
-    (0, _classvalidator.IsBoolean)(),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", Boolean)
-], RoleQueryDto.prototype, "isActive", void 0);
 let RoleResponseDto = class RoleResponseDto {
     constructor(){
         _define_property(this, "id", void 0);

package/cjs/entities/permission-base.entity.js

@@ -58,18 +58,6 @@ var IamEntityType = /*#__PURE__*/ function(IamEntityType) {
     return IamEntityType;
 }({});
 let PermissionBase = class PermissionBase extends _nestjsshared.Identity {
-    isUserRole() {
-        return this.permissionType === "user_role";
-    }
-    isRoleAction() {
-        return this.permissionType === "role_action";
-    }
-    isUserAction() {
-        return this.permissionType === "user_action";
-    }
-    isCompanyAction() {
-        return this.permissionType === "company_action";
-    }
     isValid(now = new Date()) {
         if (this.validFrom && now < this.validFrom) return false;
         if (this.validUntil && now > this.validUntil) return false;

package/cjs/helpers/company-access.helper.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "validateCompanyAccess", {
+    enumerable: true,
+    get: function() {
+        return validateCompanyAccess;
+    }
+});
+const _common = require("@nestjs/common");
+function validateCompanyAccess(config, companyId, user, errorMessage = 'You do not have access to this company') {
+    if (!config.isCompanyFeatureEnabled() || !companyId) {
+        return;
+    }
+    if (user.companyId !== companyId) {
+        throw new _common.ForbiddenException(errorMessage);
+    }
+}

package/cjs/helpers/index.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-_export_star(require("./permission-evaluator.helper"), exports);
+_export_star(require("./company-access.helper"), exports);
 _export_star(require("./permission-mode.helper"), exports);
 function _export_star(from, to) {
     Object.keys(from).forEach(function(k) {

package/cjs/interfaces/iam-module-options.interface.js

@@ -2,17 +2,3 @@
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-_export_star(require("./iam-module-async-options.interface"), exports);
-function _export_star(from, to) {
-    Object.keys(from).forEach(function(k) {
-        if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {
-            Object.defineProperty(to, k, {
-                enumerable: true,
-                get: function() {
-                    return from[k];
-                }
-            });
-        }
-    });
-    return from;
-}

package/cjs/interfaces/index.js

@@ -5,7 +5,6 @@ Object.defineProperty(exports, "__esModule", {
 _export_star(require("./action.interface"), exports);
 _export_star(require("./role.interface"), exports);
 _export_star(require("./iam-module-options.interface"), exports);
-_export_star(require("./iam-module-async-options.interface"), exports);
 function _export_star(from, to) {
     Object.keys(from).forEach(function(k) {
         if (k !== "default" && !Object.prototype.hasOwnProperty.call(to, k)) {

package/cjs/modules/iam.module.js

@@ -8,17 +8,16 @@ Object.defineProperty(exports, "IAMModule", {
         return IAMModule;
     }
 });
+const _nestjsshared = require("@flusys/nestjs-shared");
 const _modules = require("@flusys/nestjs-shared/modules");
 const _common = require("@nestjs/common");
-const _typeorm = require("@nestjs/typeorm");
 const _iamconstants = require("../config/iam.constants");
 const _controllers = require("../controllers");
-const _entities = require("../entities");
 const _permissiontypeenum = require("../enums/permission-type.enum");
 const _helpers = require("../helpers");
 const _services = require("../services");
 const _iamconfigservice = require("../services/iam-config.service");
-const _iamdatasourceprovider = require("../services/iam-datasource.provider");
+const _iamdatasourceservice = require("../services/iam-datasource.service");
 const _permissioncacheservice = require("../services/permission-cache.service");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -53,33 +52,11 @@ let IAMModule = class IAMModule {
         }
         return baseControllers;
     }
-    static getEntities(permissionMode, enableCompanyFeature) {
-        // Core entities
-        const entities = [];
-        // Action entity - always included
-        entities.push(_entities.Action);
-        // Permission entity is always needed
-        if (enableCompanyFeature) {
-            entities.push(_entities.UserIamPermissionWithCompany);
-        } else {
-            entities.push(_entities.UserIamPermission);
-        }
-        // Role entity - Only for RBAC or FULL mode
-        if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
-            if (enableCompanyFeature) {
-                entities.push(_entities.RoleWithCompany);
-            } else {
-                entities.push(_entities.Role);
-            }
-        }
-        return entities;
-    }
     static getServices(permissionMode) {
         const services = [
             _services.ActionService,
             _services.PermissionService,
-            _permissioncacheservice.PermissionCacheService,
-            _helpers.PermissionEvaluatorHelper
+            _permissioncacheservice.PermissionCacheService
         ];
         // RoleService - Only for RBAC or FULL mode
         if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
@@ -87,30 +64,32 @@ let IAMModule = class IAMModule {
         }
         return services;
     }
-    /**
-   * Create repository providers that use IAMDataSourceProvider
-   * This replaces TypeOrmModule.forFeature() functionality
-   */ static getRepositoryProviders(permissionMode, enableCompanyFeature) {
-        const entities = this.getEntities(permissionMode, enableCompanyFeature);
-        return entities.map((entity)=>({
-                provide: (0, _typeorm.getRepositoryToken)(entity),
-                scope: _common.Scope.REQUEST,
-                useFactory: async (dataSourceProvider)=>{
-                    return await dataSourceProvider.getRepository(entity);
-                },
-                inject: [
-                    _iamdatasourceprovider.IAMDataSourceProvider
-                ]
-            }));
+    static getPermissionGuardConfigProvider(enableCompanyFeature) {
+        return {
+            provide: _nestjsshared.PERMISSION_GUARD_CONFIG,
+            useValue: {
+                enableCompanyFeature
+            }
+        };
+    }
+    static getExports(permissionMode) {
+        const baseExports = [
+            _iamconfigservice.IAMConfigService,
+            _iamdatasourceservice.IAMDataSourceService,
+            _services.ActionService,
+            _services.PermissionService,
+            _permissioncacheservice.PermissionCacheService,
+            _nestjsshared.PERMISSION_GUARD_CONFIG
+        ];
+        if (permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL) {
+            baseExports.push(_services.RoleService);
+        }
+        return baseExports;
     }
     static forRoot(options = {}) {
         const { global = false, includeController = false } = options;
-        const databaseMode = options.bootstrapAppConfig?.databaseMode;
         const enableCompanyFeature = options.bootstrapAppConfig?.enableCompanyFeature ?? false;
-        // Read permissionMode from bootstrap config using helper
         const permissionMode = _helpers.PermissionModeHelper.fromString(options.bootstrapAppConfig?.permissionMode);
-        const isMultiTenant = databaseMode === 'multi-tenant';
-        const entities = this.getEntities(permissionMode, enableCompanyFeature);
         const controllers = includeController ? this.getControllers(permissionMode, enableCompanyFeature) : [];
         const providers = [
             {
@@ -118,83 +97,52 @@ let IAMModule = class IAMModule {
                 useValue: options
             },
             _iamconfigservice.IAMConfigService,
-            _iamdatasourceprovider.IAMDataSourceProvider,
-            ...this.getServices(permissionMode)
-        ];
-        const imports = [
-            _modules.CacheModule,
-            _modules.UtilsModule
+            _iamdatasourceservice.IAMDataSourceService,
+            ...this.getServices(permissionMode),
+            this.getPermissionGuardConfigProvider(enableCompanyFeature)
         ];
         const module = {
             module: IAMModule,
-            imports,
+            imports: [
+                _modules.CacheModule,
+                _modules.UtilsModule
+            ],
             controllers,
             providers,
-            exports: [
-                _iamconfigservice.IAMConfigService,
-                _iamdatasourceprovider.IAMDataSourceProvider,
-                _services.ActionService,
-                _services.PermissionService,
-                _permissioncacheservice.PermissionCacheService,
-                _helpers.PermissionEvaluatorHelper,
-                ...permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL ? [
-                    _services.RoleService
-                ] : []
-            ]
+            exports: this.getExports(permissionMode)
         };
-        if (global) {
-            return {
-                ...module,
-                global: true
-            };
-        }
-        return module;
+        return global ? {
+            ...module,
+            global: true
+        } : module;
     }
     static forRootAsync(asyncOptions) {
         const { global = false, includeController = false, imports: externalImports = [] } = asyncOptions;
-        const databaseMode = asyncOptions.bootstrapAppConfig?.databaseMode;
         const enableCompanyFeature = asyncOptions.bootstrapAppConfig?.enableCompanyFeature ?? false;
-        // Read permissionMode from bootstrap config using helper
         const permissionMode = _helpers.PermissionModeHelper.fromString(asyncOptions.bootstrapAppConfig?.permissionMode);
-        const isMultiTenant = databaseMode === 'multi-tenant';
-        const entities = this.getEntities(permissionMode, enableCompanyFeature);
         const controllers = includeController ? this.getControllers(permissionMode, enableCompanyFeature) : [];
-        const asyncProviders = this.createAsyncProviders(asyncOptions);
         const providers = [
-            ...asyncProviders,
+            ...this.createAsyncProviders(asyncOptions),
             _iamconfigservice.IAMConfigService,
-            _iamdatasourceprovider.IAMDataSourceProvider,
-            ...this.getServices(permissionMode)
-        ];
-        const imports = [
-            ...externalImports,
-            _modules.CacheModule,
-            _modules.UtilsModule
+            _iamdatasourceservice.IAMDataSourceService,
+            ...this.getServices(permissionMode),
+            this.getPermissionGuardConfigProvider(enableCompanyFeature)
         ];
         const module = {
             module: IAMModule,
-            imports,
+            imports: [
+                ...externalImports,
+                _modules.CacheModule,
+                _modules.UtilsModule
+            ],
             controllers,
             providers,
-            exports: [
-                _iamconfigservice.IAMConfigService,
-                _iamdatasourceprovider.IAMDataSourceProvider,
-                _services.ActionService,
-                _services.PermissionService,
-                _permissioncacheservice.PermissionCacheService,
-                _helpers.PermissionEvaluatorHelper,
-                ...permissionMode === _permissiontypeenum.IAMPermissionMode.RBAC || permissionMode === _permissiontypeenum.IAMPermissionMode.FULL ? [
-                    _services.RoleService
-                ] : []
-            ]
+            exports: this.getExports(permissionMode)
         };
-        if (global) {
-            return {
-                ...module,
-                global: true
-            };
-        }
-        return module;
+        return global ? {
+            ...module,
+            global: true
+        } : module;
     }
     static createAsyncProviders(options) {
         if (options.useExisting || options.useFactory) {