@flusys/nestjs-iam 1.1.0-beta → 2.0.0

package/cjs/services/role.service.js

@@ -10,11 +10,12 @@ Object.defineProperty(exports, "RoleService", {
 });
 const _classes = require("@flusys/nestjs-shared/classes");
 const _modules = require("@flusys/nestjs-shared/modules");
+const _utils = require("@flusys/nestjs-shared/utils");
 const _common = require("@nestjs/common");
 const _rolewithcompanyentity = require("../entities/role-with-company.entity");
 const _roleentity = require("../entities/role.entity");
 const _iamconfigservice = require("./iam-config.service");
-const _iamdatasourceprovider = require("./iam-datasource.provider");
+const _iamdatasourceservice = require("./iam-datasource.service");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -95,11 +96,10 @@ let RoleService = class RoleService extends _classes.RequestScopedApiService {
     }
     async getExtraManipulateQuery(query, filterDto, user) {
         const result = await super.getExtraManipulateQuery(query, filterDto, user);
-        if (this.iamConfigService.isCompanyFeatureEnabled() && user?.companyId) {
-            query.andWhere('role.companyId = :companyId', {
-                companyId: user.companyId
-            });
-        }
+        (0, _utils.applyCompanyFilter)(query, {
+            isCompanyFeatureEnabled: this.iamConfigService.isCompanyFeatureEnabled(),
+            entityAlias: 'role'
+        }, user);
         return result;
     }
     // Response Conversion
@@ -132,12 +132,12 @@ RoleService = _ts_decorate([
     _ts_param(0, (0, _common.Inject)('CACHE_INSTANCE')),
     _ts_param(1, (0, _common.Inject)(_modules.UtilsService)),
     _ts_param(2, (0, _common.Inject)(_iamconfigservice.IAMConfigService)),
-    _ts_param(3, (0, _common.Inject)(_iamdatasourceprovider.IAMDataSourceProvider)),
+    _ts_param(3, (0, _common.Inject)(_iamdatasourceservice.IAMDataSourceService)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _classes.HybridCache === "undefined" ? Object : _classes.HybridCache,
         typeof _modules.UtilsService === "undefined" ? Object : _modules.UtilsService,
         typeof _iamconfigservice.IAMConfigService === "undefined" ? Object : _iamconfigservice.IAMConfigService,
-        typeof _iamdatasourceprovider.IAMDataSourceProvider === "undefined" ? Object : _iamdatasourceprovider.IAMDataSourceProvider
+        typeof _iamdatasourceservice.IAMDataSourceService === "undefined" ? Object : _iamdatasourceservice.IAMDataSourceService
     ])
 ], RoleService);

package/cjs/types/logic-node.type.js

@@ -28,27 +28,3 @@
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-function _export(target, all) {
-    for(var name in all)Object.defineProperty(target, name, {
-        enumerable: true,
-        get: Object.getOwnPropertyDescriptor(all, name).get
-    });
-}
-_export(exports, {
-    get LogicNodeType () {
-        return LogicNodeType;
-    },
-    get LogicOperator () {
-        return LogicOperator;
-    }
-});
-var LogicOperator = /*#__PURE__*/ function(LogicOperator) {
-    LogicOperator["AND"] = "AND";
-    LogicOperator["OR"] = "OR";
-    return LogicOperator;
-}({});
-var LogicNodeType = /*#__PURE__*/ function(LogicNodeType) {
-    LogicNodeType["GROUP"] = "group";
-    LogicNodeType["ACTION"] = "action";
-    return LogicNodeType;
-}({});

package/controllers/company-action-permission.controller.d.ts

@@ -1,9 +1,9 @@
-import { SingleResponseDto } from '@flusys/nestjs-shared';
+import { ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
 import { AssignCompanyActionsDto, CompanyActionResponseDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export declare class CompanyActionPermissionController {
     private readonly permissionService;
     constructor(permissionService: PermissionService);
-    assignCompanyActions(dto: AssignCompanyActionsDto): Promise<PermissionOperationResultDto>;
-    getCompanyActions(companyId: string, query: GetCompanyActionsDto): Promise<SingleResponseDto<CompanyActionResponseDto[]>>;
+    assignCompanyActions(dto: AssignCompanyActionsDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
+    getCompanyActions(dto: GetCompanyActionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<CompanyActionResponseDto[]>>;
 }

package/controllers/my-permission.controller.d.ts

@@ -1,8 +1,8 @@
-import { ILoggedUserInfo } from '@flusys/nestjs-shared';
+import { ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
 import { MyPermissionsQueryDto, MyPermissionsResponseDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export declare class MyPermissionController {
     private readonly permissionService;
     constructor(permissionService: PermissionService);
-    getMyPermissions(query: MyPermissionsQueryDto, user: ILoggedUserInfo): Promise<MyPermissionsResponseDto>;
+    getMyPermissions(query: MyPermissionsQueryDto, user: ILoggedUserInfo): Promise<SingleResponseDto<MyPermissionsResponseDto>>;
 }

package/controllers/role-permission.controller.d.ts

@@ -1,11 +1,13 @@
-import { SingleResponseDto } from '@flusys/nestjs-shared';
+import { SingleResponseDto, ILoggedUserInfo } from '@flusys/nestjs-shared';
 import { AssignRoleActionsDto, AssignUserRolesDto, GetRoleActionsDto, GetUserRolesDto, PermissionOperationResultDto, RoleActionResponseDto, UserRoleResponseDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
+import { IAMConfigService } from '../services/iam-config.service';
 export declare class RolePermissionController {
     private readonly permissionService;
-    constructor(permissionService: PermissionService);
+    private readonly config;
+    constructor(permissionService: PermissionService, config: IAMConfigService);
     assignRoleActions(dto: AssignRoleActionsDto): Promise<PermissionOperationResultDto>;
-    getRoleActions(roleId: string, query: GetRoleActionsDto): Promise<SingleResponseDto<RoleActionResponseDto[]>>;
-    assignUserRoles(dto: AssignUserRolesDto): Promise<PermissionOperationResultDto>;
-    getUserRoles(userId: string, query: GetUserRolesDto): Promise<SingleResponseDto<UserRoleResponseDto[]>>;
+    getRoleActions(dto: GetRoleActionsDto): Promise<SingleResponseDto<RoleActionResponseDto[]>>;
+    assignUserRoles(dto: AssignUserRolesDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
+    getUserRoles(dto: GetUserRolesDto, user: ILoggedUserInfo): Promise<SingleResponseDto<UserRoleResponseDto[]>>;
 }

package/controllers/user-action-permission.controller.d.ts

@@ -1,9 +1,11 @@
-import { SingleResponseDto } from '@flusys/nestjs-shared';
+import { SingleResponseDto, ILoggedUserInfo } from '@flusys/nestjs-shared';
 import { AssignUserActionsDto, GetUserActionsDto, PermissionOperationResultDto, UserActionResponseDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
+import { IAMConfigService } from '../services/iam-config.service';
 export declare class UserActionPermissionController {
     private readonly permissionService;
-    constructor(permissionService: PermissionService);
-    assignUserActions(dto: AssignUserActionsDto): Promise<PermissionOperationResultDto>;
-    getUserActions(userId: string, query: GetUserActionsDto): Promise<SingleResponseDto<UserActionResponseDto[]>>;
+    private readonly config;
+    constructor(permissionService: PermissionService, config: IAMConfigService);
+    assignUserActions(dto: AssignUserActionsDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
+    getUserActions(dto: GetUserActionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<UserActionResponseDto[]>>;
 }

package/dtos/action.dto.d.ts

@@ -1,7 +1,6 @@
 import { ActionType } from '../enums';
 import { LogicNode } from '../types';
 export declare class CreateActionDto {
-    [key: string]: any;
     name: string;
     description?: string;
     code?: string;
@@ -14,11 +13,9 @@ export declare class CreateActionDto {
 }
 declare const UpdateActionDto_base: import("@nestjs/common").Type<Partial<CreateActionDto>>;
 export declare class UpdateActionDto extends UpdateActionDto_base {
-    [key: string]: any;
     id: string;
 }
 export declare class ActionResponseDto {
-    [key: string]: any;
     id: string;
     readOnly: boolean;
     name: string;
@@ -40,10 +37,6 @@ export declare class ActionResponseDto {
 export declare class ActionTreeDto extends ActionResponseDto {
     children: ActionTreeDto[];
 }
-export declare class ActionQueryDto {
-    isActive?: boolean;
-    parentId?: string;
-}
 export declare class ActionTreeQueryDto {
     search?: string;
     isActive?: boolean;

package/dtos/permission.dto.d.ts

@@ -27,14 +27,18 @@ export declare class AssignUserRolesDto {
     items: PermissionItemDto[];
 }
 export declare class GetUserActionsDto {
+    userId: string;
     companyId?: string;
     branchId?: string;
 }
 export declare class GetRoleActionsDto {
+    roleId: string;
 }
 export declare class GetCompanyActionsDto {
+    companyId: string;
 }
 export declare class GetUserRolesDto {
+    userId: string;
     companyId?: string;
     branchId?: string;
 }

package/dtos/role.dto.d.ts

@@ -1,5 +1,4 @@
 export declare class CreateRoleDto {
-    [key: string]: any;
     name: string;
     description?: string;
     companyId?: string;
@@ -9,15 +8,9 @@ export declare class CreateRoleDto {
 }
 declare const UpdateRoleDto_base: import("@nestjs/common").Type<Partial<CreateRoleDto>>;
 export declare class UpdateRoleDto extends UpdateRoleDto_base {
-    [key: string]: any;
     id: string;
 }
-export declare class RoleQueryDto {
-    companyId?: string;
-    isActive?: boolean;
-}
 export declare class RoleResponseDto {
-    [key: string]: any;
     id: string;
     readOnly: boolean;
     name: string;

package/entities/permission-base.entity.d.ts

@@ -22,9 +22,5 @@ export declare abstract class PermissionBase extends Identity {
     validUntil: Date | null;
     reason: string | null;
     metadata: Record<string, any> | null;
-    isUserRole(): boolean;
-    isRoleAction(): boolean;
-    isUserAction(): boolean;
-    isCompanyAction(): boolean;
     isValid(now?: Date): boolean;
 }

package/fesm/controllers/action.controller.js

@@ -26,13 +26,56 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
-import { createApiController, CurrentUser, ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
-import { Body, Controller, Get, Inject, Post, UseGuards } from '@nestjs/common';
+import { createApiController, CurrentUser, ILoggedUserInfo, SingleResponseDto, ACTION_PERMISSIONS } from '@flusys/nestjs-shared';
+import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { ActionResponseDto, ActionTreeQueryDto, CreateActionDto, UpdateActionDto } from '../dtos/action.dto';
 import { ActionService } from '../services/action.service';
 export class ActionController extends createApiController(CreateActionDto, UpdateActionDto, ActionResponseDto, {
-    security: 'jwt'
+    security: {
+        insert: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.CREATE
+            ]
+        },
+        insertMany: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.CREATE
+            ]
+        },
+        getById: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.READ
+            ]
+        },
+        getAll: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.READ
+            ]
+        },
+        update: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.UPDATE
+            ]
+        },
+        updateMany: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.UPDATE
+            ]
+        },
+        delete: {
+            level: 'permission',
+            permissions: [
+                ACTION_PERMISSIONS.DELETE
+            ]
+        }
+    }
 }) {
     async getActionsForPermission(user) {
         const actions = await this.actionService.getActionsForPermission(user);
@@ -55,7 +98,7 @@ export class ActionController extends createApiController(CreateActionDto, Updat
     }
 }
 _ts_decorate([
-    Get('tree-for-permission'),
+    Post('tree-for-permission'),
     UseGuards(JwtAuthGuard),
     ApiBearerAuth(),
     ApiOperation({

package/fesm/controllers/company-action-permission.controller.js

@@ -25,24 +25,23 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { JwtAuthGuard, SingleResponseDto } from '@flusys/nestjs-shared';
-import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
+import { COMPANY_ACTION_PERMISSIONS, CurrentUser, ILoggedUserInfo, JwtAuthGuard, RequirePermission, SingleResponseDto } from '@flusys/nestjs-shared';
+import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { AssignCompanyActionsDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export class CompanyActionPermissionController {
-    async assignCompanyActions(dto) {
+    async assignCompanyActions(dto, user) {
         return this.permissionService.assignCompanyActions(dto);
     }
-    async getCompanyActions(companyId, query) {
-        const actions = await this.permissionService.getCompanyActions(companyId);
+    async getCompanyActions(dto, user) {
+        const actions = await this.permissionService.getCompanyActions(dto.companyId);
         return {
             success: true,
             message: 'Company actions retrieved successfully',
             data: actions
         };
     }
-    // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
     constructor(permissionService){
         _define_property(this, "permissionService", void 0);
         this.permissionService = permissionService;
@@ -50,6 +49,7 @@ export class CompanyActionPermissionController {
 }
 _ts_decorate([
     Post('company-actions/assign'),
+    RequirePermission(COMPANY_ACTION_PERMISSIONS.ASSIGN),
     ApiOperation({
         summary: 'Whitelist actions for company',
         description: 'Controls which actions are available to company users/roles.'
@@ -62,14 +62,17 @@ _ts_decorate([
         type: AssignCompanyActionsDto
     }),
     _ts_param(0, Body()),
+    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto
+        typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto,
+        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
 _ts_decorate([
-    Get('company-actions/:companyId'),
+    Post('get-company-actions'),
+    RequirePermission(COMPANY_ACTION_PERMISSIONS.READ),
     ApiOperation({
         summary: 'Get company whitelisted actions',
         description: 'Returns actions available to company.'
@@ -78,12 +81,15 @@ _ts_decorate([
         status: 200,
         type: SingleResponseDto
     }),
-    _ts_param(0, Param('companyId')),
-    _ts_param(1, Query()),
+    ApiBody({
+        type: GetCompanyActionsDto
+    }),
+    _ts_param(0, Body()),
+    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        String,
-        typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto
+        typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto,
+        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "getCompanyActions", null);

package/fesm/controllers/index.js

@@ -1,6 +1,6 @@
 export * from './action.controller';
 export * from './role.controller';
-// Legacy permission controllers (deprecated - use PermissionController instead)
+// Permission controllers (conditionally registered based on permission mode)
 export * from './company-action-permission.controller';
 export * from './my-permission.controller';
 export * from './role-permission.controller';

package/fesm/controllers/my-permission.controller.js

@@ -25,15 +25,19 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
-import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
+import { CurrentUser, ILoggedUserInfo, JwtAuthGuard } from '@flusys/nestjs-shared';
 import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { MyPermissionsQueryDto, MyPermissionsResponseDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export class MyPermissionController {
     async getMyPermissions(query, user) {
-        return this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
+        const data = await this.permissionService.getMyPermissions(user.id, user.branchId ?? null, user.companyId ?? null, query.parentCodes);
+        return {
+            success: true,
+            message: 'Permissions loaded successfully',
+            data
+        };
     }
     // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
     constructor(permissionService){

package/fesm/controllers/role-permission.controller.js

@@ -25,28 +25,32 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { JwtAuthGuard, SingleResponseDto } from '@flusys/nestjs-shared';
-import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
+import { JwtAuthGuard, SingleResponseDto, RequirePermission, ROLE_ACTION_PERMISSIONS, USER_ROLE_PERMISSIONS, CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
+import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
 import { AssignRoleActionsDto, AssignUserRolesDto, GetRoleActionsDto, GetUserRolesDto, PermissionOperationResultDto } from '../dtos/permission.dto';
+import { validateCompanyAccess } from '../helpers';
 import { PermissionService } from '../services/permission.service';
+import { IAMConfigService } from '../services/iam-config.service';
 export class RolePermissionController {
     async assignRoleActions(dto) {
         return this.permissionService.assignRoleActions(dto);
     }
-    async getRoleActions(roleId, query) {
-        const actions = await this.permissionService.getRoleActions(roleId);
+    async getRoleActions(dto) {
+        const actions = await this.permissionService.getRoleActions(dto.roleId);
         return {
             success: true,
             message: 'Role actions retrieved successfully',
             data: actions
         };
     }
-    async assignUserRoles(dto) {
+    async assignUserRoles(dto, user) {
+        validateCompanyAccess(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
         return this.permissionService.assignUserRoles(dto);
     }
-    async getUserRoles(userId, query) {
-        const roles = await this.permissionService.getUserRoles(userId, query.branchId, query.companyId);
+    async getUserRoles(dto, user) {
+        validateCompanyAccess(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
+        const roles = await this.permissionService.getUserRoles(dto.userId, dto.branchId, dto.companyId);
         return {
             success: true,
             message: 'User roles retrieved successfully',
@@ -54,13 +58,16 @@ export class RolePermissionController {
         };
     }
     // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
-    constructor(permissionService){
+    constructor(permissionService, config){
         _define_property(this, "permissionService", void 0);
+        _define_property(this, "config", void 0);
         this.permissionService = permissionService;
+        this.config = config;
     }
 }
 _ts_decorate([
     Post('role-actions/assign'),
+    RequirePermission(ROLE_ACTION_PERMISSIONS.ASSIGN),
     ApiOperation({
         summary: 'Assign/remove actions to/from role',
         description: 'RBAC mode. No branch scoping.'
@@ -80,7 +87,8 @@ _ts_decorate([
     _ts_metadata("design:returntype", Promise)
 ], RolePermissionController.prototype, "assignRoleActions", null);
 _ts_decorate([
-    Get('role-actions/:roleId'),
+    Post('get-role-actions'),
+    RequirePermission(ROLE_ACTION_PERMISSIONS.READ),
     ApiOperation({
         summary: 'Get role actions',
         description: 'Returns actions assigned to role.'
@@ -89,17 +97,19 @@ _ts_decorate([
         status: 200,
         type: SingleResponseDto
     }),
-    _ts_param(0, Param('roleId')),
-    _ts_param(1, Query()),
+    ApiBody({
+        type: GetRoleActionsDto
+    }),
+    _ts_param(0, Body()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        String,
         typeof GetRoleActionsDto === "undefined" ? Object : GetRoleActionsDto
     ]),
     _ts_metadata("design:returntype", Promise)
 ], RolePermissionController.prototype, "getRoleActions", null);
 _ts_decorate([
     Post('user-roles/assign'),
+    RequirePermission(USER_ROLE_PERMISSIONS.ASSIGN),
     ApiOperation({
         summary: 'Assign/remove roles to/from user',
         description: 'RBAC mode. If company feature enabled, branchId is required.'
@@ -112,14 +122,17 @@ _ts_decorate([
         type: AssignUserRolesDto
     }),
     _ts_param(0, Body()),
+    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof AssignUserRolesDto === "undefined" ? Object : AssignUserRolesDto
+        typeof AssignUserRolesDto === "undefined" ? Object : AssignUserRolesDto,
+        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
     ]),
     _ts_metadata("design:returntype", Promise)
 ], RolePermissionController.prototype, "assignUserRoles", null);
 _ts_decorate([
-    Get('user-roles/:userId'),
+    Post('get-user-roles'),
+    RequirePermission(USER_ROLE_PERMISSIONS.READ),
     ApiOperation({
         summary: 'Get user roles',
         description: 'Returns roles assigned to user. Filter by companyId and branchId.'
@@ -128,12 +141,15 @@ _ts_decorate([
         status: 200,
         type: SingleResponseDto
     }),
-    _ts_param(0, Param('userId')),
-    _ts_param(1, Query()),
+    ApiBody({
+        type: GetUserRolesDto
+    }),
+    _ts_param(0, Body()),
+    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        String,
-        typeof GetUserRolesDto === "undefined" ? Object : GetUserRolesDto
+        typeof GetUserRolesDto === "undefined" ? Object : GetUserRolesDto,
+        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
     ]),
     _ts_metadata("design:returntype", Promise)
 ], RolePermissionController.prototype, "getUserRoles", null);
@@ -143,8 +159,10 @@ RolePermissionController = _ts_decorate([
     UseGuards(JwtAuthGuard),
     ApiBearerAuth(),
     _ts_param(0, Inject(PermissionService)),
+    _ts_param(1, Inject(IAMConfigService)),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof PermissionService === "undefined" ? Object : PermissionService
+        typeof PermissionService === "undefined" ? Object : PermissionService,
+        typeof IAMConfigService === "undefined" ? Object : IAMConfigService
     ])
 ], RolePermissionController);

package/fesm/controllers/role.controller.js

@@ -25,13 +25,56 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { createApiController } from '@flusys/nestjs-shared/classes';
+import { createApiController, ROLE_PERMISSIONS } from '@flusys/nestjs-shared';
 import { Controller, Inject } from '@nestjs/common';
 import { ApiTags } from '@nestjs/swagger';
 import { CreateRoleDto, RoleResponseDto, UpdateRoleDto } from '../dtos/role.dto';
 import { RoleService } from '../services/role.service';
 export class RoleController extends createApiController(CreateRoleDto, UpdateRoleDto, RoleResponseDto, {
-    security: 'jwt'
+    security: {
+        insert: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.CREATE
+            ]
+        },
+        insertMany: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.CREATE
+            ]
+        },
+        getById: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.READ
+            ]
+        },
+        getAll: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.READ
+            ]
+        },
+        update: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.UPDATE
+            ]
+        },
+        updateMany: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.UPDATE
+            ]
+        },
+        delete: {
+            level: 'permission',
+            permissions: [
+                ROLE_PERMISSIONS.DELETE
+            ]
+        }
+    }
 }) {
     constructor(roleService){
         super(roleService), _define_property(this, "roleService", void 0), this.roleService = roleService;