@flusys/nestjs-iam 1.1.0-beta → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/README.md +285 -115
  2. package/cjs/controllers/action.controller.js +45 -2
  3. package/cjs/controllers/company-action-permission.controller.js +16 -10
  4. package/cjs/controllers/my-permission.controller.js +7 -3
  5. package/cjs/controllers/role-permission.controller.js +35 -17
  6. package/cjs/controllers/role.controller.js +46 -3
  7. package/cjs/controllers/user-action-permission.controller.js +26 -11
  8. package/cjs/dtos/action.dto.js +0 -27
  9. package/cjs/dtos/permission.dto.js +117 -27
  10. package/cjs/dtos/role.dto.js +0 -27
  11. package/cjs/entities/permission-base.entity.js +0 -12
  12. package/cjs/helpers/company-access.helper.js +19 -0
  13. package/cjs/helpers/index.js +1 -1
  14. package/cjs/interfaces/iam-module-options.interface.js +0 -14
  15. package/cjs/interfaces/index.js +0 -1
  16. package/cjs/modules/iam.module.js +50 -102
  17. package/cjs/services/action.service.js +30 -41
  18. package/cjs/services/iam-config.service.js +2 -5
  19. package/cjs/services/{iam-datasource.provider.js → iam-datasource.service.js} +33 -36
  20. package/cjs/services/index.js +1 -1
  21. package/cjs/services/permission-cache.service.js +31 -61
  22. package/cjs/services/permission.service.js +160 -188
  23. package/cjs/services/role.service.js +8 -8
  24. package/cjs/types/logic-node.type.js +0 -24
  25. package/controllers/company-action-permission.controller.d.ts +3 -3
  26. package/controllers/my-permission.controller.d.ts +2 -2
  27. package/controllers/role-permission.controller.d.ts +7 -5
  28. package/controllers/user-action-permission.controller.d.ts +6 -4
  29. package/dtos/action.dto.d.ts +0 -7
  30. package/dtos/permission.dto.d.ts +4 -0
  31. package/dtos/role.dto.d.ts +0 -7
  32. package/entities/permission-base.entity.d.ts +0 -4
  33. package/fesm/controllers/action.controller.js +47 -4
  34. package/fesm/controllers/company-action-permission.controller.js +18 -12
  35. package/fesm/controllers/index.js +1 -1
  36. package/fesm/controllers/my-permission.controller.js +7 -3
  37. package/fesm/controllers/role-permission.controller.js +37 -19
  38. package/fesm/controllers/role.controller.js +45 -2
  39. package/fesm/controllers/user-action-permission.controller.js +28 -13
  40. package/fesm/dtos/action.dto.js +0 -24
  41. package/fesm/dtos/permission.dto.js +117 -29
  42. package/fesm/dtos/role.dto.js +0 -24
  43. package/fesm/entities/permission-base.entity.js +0 -12
  44. package/fesm/helpers/company-access.helper.js +14 -0
  45. package/fesm/helpers/index.js +1 -1
  46. package/fesm/interfaces/iam-module-options.interface.js +3 -1
  47. package/fesm/interfaces/index.js +0 -1
  48. package/fesm/modules/iam.module.js +52 -104
  49. package/fesm/services/action.service.js +32 -43
  50. package/fesm/services/iam-config.service.js +2 -5
  51. package/fesm/services/{iam-datasource.provider.js → iam-datasource.service.js} +31 -34
  52. package/fesm/services/index.js +1 -1
  53. package/fesm/services/permission-cache.service.js +31 -61
  54. package/fesm/services/permission.service.js +161 -189
  55. package/fesm/services/role.service.js +8 -8
  56. package/fesm/types/logic-node.type.js +1 -10
  57. package/helpers/company-access.helper.d.ts +3 -0
  58. package/helpers/index.d.ts +1 -1
  59. package/interfaces/iam-module-options.interface.d.ts +9 -1
  60. package/interfaces/index.d.ts +0 -1
  61. package/modules/iam.module.d.ts +2 -2
  62. package/package.json +3 -3
  63. package/services/action.service.d.ts +6 -4
  64. package/services/iam-config.service.d.ts +2 -2
  65. package/services/{iam-datasource.provider.d.ts → iam-datasource.service.d.ts} +4 -5
  66. package/services/index.d.ts +1 -1
  67. package/services/permission-cache.service.d.ts +4 -6
  68. package/services/permission.service.d.ts +8 -4
  69. package/services/role.service.d.ts +3 -3
  70. package/types/logic-node.type.d.ts +0 -8
  71. package/cjs/helpers/permission-evaluator.helper.js +0 -175
  72. package/cjs/interfaces/iam-module-async-options.interface.js +0 -4
  73. package/fesm/helpers/permission-evaluator.helper.js +0 -165
  74. package/fesm/interfaces/iam-module-async-options.interface.js +0 -3
  75. package/helpers/permission-evaluator.helper.d.ts +0 -26
  76. package/interfaces/iam-module-async-options.interface.d.ts +0 -11
package/fesm/controllers/user-action-permission.controller.js CHANGED
@@ -25,17 +25,21 @@ function _ts_param(paramIndex, decorator) {
25
25
  decorator(target, key, paramIndex);
26
26
  };
27
27
  }
28
- import { JwtAuthGuard, SingleResponseDto } from '@flusys/nestjs-shared';
29
- import { Body, Controller, Get, Inject, Param, Post, Query, UseGuards } from '@nestjs/common';
28
+ import { JwtAuthGuard, SingleResponseDto, RequirePermission, USER_ACTION_PERMISSIONS, CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
29
+ import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
30
30
  import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
31
31
  import { AssignUserActionsDto, GetUserActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
32
+ import { validateCompanyAccess } from '../helpers';
32
33
  import { PermissionService } from '../services/permission.service';
34
+ import { IAMConfigService } from '../services/iam-config.service';
33
35
  export class UserActionPermissionController {
34
- async assignUserActions(dto) {
36
+ async assignUserActions(dto, user) {
37
+ validateCompanyAccess(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
35
38
  return this.permissionService.assignUserActions(dto);
36
39
  }
37
- async getUserActions(userId, query) {
38
- const actions = await this.permissionService.getUserActions(userId, query.branchId, query.companyId);
40
+ async getUserActions(dto, user) {
41
+ validateCompanyAccess(this.config, dto.companyId, user, 'Cannot manage permissions for users in another company');
42
+ const actions = await this.permissionService.getUserActions(dto.userId, dto.branchId, dto.companyId);
39
43
  return {
40
44
  success: true,
41
45
  message: 'User actions retrieved successfully',
@@ -43,13 +47,16 @@ export class UserActionPermissionController {
43
47
  };
44
48
  }
45
49
  // NOTE: @Inject() required for bundled code - type metadata may be lost during esbuild
46
- constructor(permissionService){
50
+ constructor(permissionService, config){
47
51
  _define_property(this, "permissionService", void 0);
52
+ _define_property(this, "config", void 0);
48
53
  this.permissionService = permissionService;
54
+ this.config = config;
49
55
  }
50
56
  }
51
57
  _ts_decorate([
52
58
  Post('user-actions/assign'),
59
+ RequirePermission(USER_ACTION_PERMISSIONS.ASSIGN),
53
60
  ApiOperation({
54
61
  summary: 'Assign/remove actions to/from user',
55
62
  description: 'Direct permissions. If company feature enabled, branchId is required.'
@@ -62,14 +69,17 @@ _ts_decorate([
62
69
  type: AssignUserActionsDto
63
70
  }),
64
71
  _ts_param(0, Body()),
72
+ _ts_param(1, CurrentUser()),
65
73
  _ts_metadata("design:type", Function),
66
74
  _ts_metadata("design:paramtypes", [
67
- typeof AssignUserActionsDto === "undefined" ? Object : AssignUserActionsDto
75
+ typeof AssignUserActionsDto === "undefined" ? Object : AssignUserActionsDto,
76
+ typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
68
77
  ]),
69
78
  _ts_metadata("design:returntype", Promise)
70
79
  ], UserActionPermissionController.prototype, "assignUserActions", null);
71
80
  _ts_decorate([
72
- Get('user-actions/:userId'),
81
+ Post('get-user-actions'),
82
+ RequirePermission(USER_ACTION_PERMISSIONS.READ),
73
83
  ApiOperation({
74
84
  summary: 'Get user direct actions',
75
85
  description: 'Returns direct action permissions for user. Filter by companyId and branchId.'
@@ -78,12 +88,15 @@ _ts_decorate([
78
88
  status: 200,
79
89
  type: SingleResponseDto
80
90
  }),
81
- _ts_param(0, Param('userId')),
82
- _ts_param(1, Query()),
91
+ ApiBody({
92
+ type: GetUserActionsDto
93
+ }),
94
+ _ts_param(0, Body()),
95
+ _ts_param(1, CurrentUser()),
83
96
  _ts_metadata("design:type", Function),
84
97
  _ts_metadata("design:paramtypes", [
85
- String,
86
- typeof GetUserActionsDto === "undefined" ? Object : GetUserActionsDto
98
+ typeof GetUserActionsDto === "undefined" ? Object : GetUserActionsDto,
99
+ typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
87
100
  ]),
88
101
  _ts_metadata("design:returntype", Promise)
89
102
  ], UserActionPermissionController.prototype, "getUserActions", null);
@@ -93,8 +106,10 @@ UserActionPermissionController = _ts_decorate([
93
106
  UseGuards(JwtAuthGuard),
94
107
  ApiBearerAuth(),
95
108
  _ts_param(0, Inject(PermissionService)),
109
+ _ts_param(1, Inject(IAMConfigService)),
96
110
  _ts_metadata("design:type", Function),
97
111
  _ts_metadata("design:paramtypes", [
98
- typeof PermissionService === "undefined" ? Object : PermissionService
112
+ typeof PermissionService === "undefined" ? Object : PermissionService,
113
+ typeof IAMConfigService === "undefined" ? Object : IAMConfigService
99
114
  ])
100
115
  ], UserActionPermissionController);
package/fesm/dtos/action.dto.js CHANGED
@@ -254,30 +254,6 @@ _ts_decorate([
254
254
  }),
255
255
  _ts_metadata("design:type", Array)
256
256
  ], ActionTreeDto.prototype, "children", void 0);
257
- export class ActionQueryDto {
258
- constructor(){
259
- _define_property(this, "isActive", void 0);
260
- _define_property(this, "parentId", void 0);
261
- }
262
- }
263
- _ts_decorate([
264
- ApiProperty({
265
- description: 'Filter by active status',
266
- required: false
267
- }),
268
- IsBoolean(),
269
- IsOptional(),
270
- _ts_metadata("design:type", Boolean)
271
- ], ActionQueryDto.prototype, "isActive", void 0);
272
- _ts_decorate([
273
- ApiProperty({
274
- description: 'Filter by parent ID',
275
- required: false
276
- }),
277
- IsUUID(),
278
- IsOptional(),
279
- _ts_metadata("design:type", String)
280
- ], ActionQueryDto.prototype, "parentId", void 0);
281
257
  export class ActionTreeQueryDto {
282
258
  constructor(){
283
259
  _define_property(this, "search", void 0);
package/fesm/dtos/permission.dto.js CHANGED
@@ -196,10 +196,18 @@ _ts_decorate([
196
196
  ], AssignUserRolesDto.prototype, "items", void 0);
197
197
  export class GetUserActionsDto {
198
198
  constructor(){
199
+ _define_property(this, "userId", void 0);
199
200
  _define_property(this, "companyId", void 0);
200
201
  _define_property(this, "branchId", void 0);
201
202
  }
202
203
  }
204
+ _ts_decorate([
205
+ ApiProperty({
206
+ description: 'User ID to get actions for'
207
+ }),
208
+ IsUUID(),
209
+ _ts_metadata("design:type", String)
210
+ ], GetUserActionsDto.prototype, "userId", void 0);
203
211
  _ts_decorate([
204
212
  ApiPropertyOptional({
205
213
  description: 'Company ID (ignored when enableCompanyFeature is false)'
@@ -216,18 +224,44 @@ _ts_decorate([
216
224
  IsOptional(),
217
225
  _ts_metadata("design:type", String)
218
226
  ], GetUserActionsDto.prototype, "branchId", void 0);
219
- // No query parameters needed for GetRoleActions
220
227
  export class GetRoleActionsDto {
228
+ constructor(){
229
+ _define_property(this, "roleId", void 0);
230
+ }
221
231
  }
222
- // No query parameters needed for GetCompanyActions
232
+ _ts_decorate([
233
+ ApiProperty({
234
+ description: 'Role ID to get actions for'
235
+ }),
236
+ IsUUID(),
237
+ _ts_metadata("design:type", String)
238
+ ], GetRoleActionsDto.prototype, "roleId", void 0);
223
239
  export class GetCompanyActionsDto {
240
+ constructor(){
241
+ _define_property(this, "companyId", void 0);
242
+ }
224
243
  }
244
+ _ts_decorate([
245
+ ApiProperty({
246
+ description: 'Company ID to get actions for'
247
+ }),
248
+ IsUUID(),
249
+ _ts_metadata("design:type", String)
250
+ ], GetCompanyActionsDto.prototype, "companyId", void 0);
225
251
  export class GetUserRolesDto {
226
252
  constructor(){
253
+ _define_property(this, "userId", void 0);
227
254
  _define_property(this, "companyId", void 0);
228
255
  _define_property(this, "branchId", void 0);
229
256
  }
230
257
  }
258
+ _ts_decorate([
259
+ ApiProperty({
260
+ description: 'User ID to get roles for'
261
+ }),
262
+ IsUUID(),
263
+ _ts_metadata("design:type", String)
264
+ ], GetUserRolesDto.prototype, "userId", void 0);
231
265
  _ts_decorate([
232
266
  ApiPropertyOptional({
233
267
  description: 'Company ID (ignored when enableCompanyFeature is false)'
@@ -256,31 +290,45 @@ export class UserActionResponseDto {
256
290
  }
257
291
  }
258
292
  _ts_decorate([
259
- ApiProperty(),
293
+ ApiProperty({
294
+ description: 'Permission ID'
295
+ }),
260
296
  _ts_metadata("design:type", String)
261
297
  ], UserActionResponseDto.prototype, "id", void 0);
262
298
  _ts_decorate([
263
- ApiProperty(),
299
+ ApiProperty({
300
+ description: 'User ID'
301
+ }),
264
302
  _ts_metadata("design:type", String)
265
303
  ], UserActionResponseDto.prototype, "userId", void 0);
266
304
  _ts_decorate([
267
- ApiProperty(),
305
+ ApiProperty({
306
+ description: 'Action ID'
307
+ }),
268
308
  _ts_metadata("design:type", String)
269
309
  ], UserActionResponseDto.prototype, "actionId", void 0);
270
310
  _ts_decorate([
271
- ApiProperty(),
311
+ ApiProperty({
312
+ description: 'Action code'
313
+ }),
272
314
  _ts_metadata("design:type", String)
273
315
  ], UserActionResponseDto.prototype, "actionCode", void 0);
274
316
  _ts_decorate([
275
- ApiProperty(),
317
+ ApiProperty({
318
+ description: 'Action name'
319
+ }),
276
320
  _ts_metadata("design:type", String)
277
321
  ], UserActionResponseDto.prototype, "actionName", void 0);
278
322
  _ts_decorate([
279
- ApiPropertyOptional(),
323
+ ApiPropertyOptional({
324
+ description: 'Branch ID (null = company-wide)'
325
+ }),
280
326
  _ts_metadata("design:type", Object)
281
327
  ], UserActionResponseDto.prototype, "branchId", void 0);
282
328
  _ts_decorate([
283
- ApiProperty(),
329
+ ApiProperty({
330
+ description: 'When this permission was created'
331
+ }),
284
332
  _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
285
333
  ], UserActionResponseDto.prototype, "createdAt", void 0);
286
334
  export class RoleActionResponseDto {
@@ -294,27 +342,39 @@ export class RoleActionResponseDto {
294
342
  }
295
343
  }
296
344
  _ts_decorate([
297
- ApiProperty(),
345
+ ApiProperty({
346
+ description: 'Permission ID'
347
+ }),
298
348
  _ts_metadata("design:type", String)
299
349
  ], RoleActionResponseDto.prototype, "id", void 0);
300
350
  _ts_decorate([
301
- ApiProperty(),
351
+ ApiProperty({
352
+ description: 'Role ID'
353
+ }),
302
354
  _ts_metadata("design:type", String)
303
355
  ], RoleActionResponseDto.prototype, "roleId", void 0);
304
356
  _ts_decorate([
305
- ApiProperty(),
357
+ ApiProperty({
358
+ description: 'Action ID'
359
+ }),
306
360
  _ts_metadata("design:type", String)
307
361
  ], RoleActionResponseDto.prototype, "actionId", void 0);
308
362
  _ts_decorate([
309
- ApiProperty(),
363
+ ApiProperty({
364
+ description: 'Action code'
365
+ }),
310
366
  _ts_metadata("design:type", String)
311
367
  ], RoleActionResponseDto.prototype, "actionCode", void 0);
312
368
  _ts_decorate([
313
- ApiProperty(),
369
+ ApiProperty({
370
+ description: 'Action name'
371
+ }),
314
372
  _ts_metadata("design:type", String)
315
373
  ], RoleActionResponseDto.prototype, "actionName", void 0);
316
374
  _ts_decorate([
317
- ApiProperty(),
375
+ ApiProperty({
376
+ description: 'When this permission was created'
377
+ }),
318
378
  _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
319
379
  ], RoleActionResponseDto.prototype, "createdAt", void 0);
320
380
  export class CompanyActionResponseDto {
@@ -374,27 +434,39 @@ export class UserRoleResponseDto {
374
434
  }
375
435
  }
376
436
  _ts_decorate([
377
- ApiProperty(),
437
+ ApiProperty({
438
+ description: 'Permission ID'
439
+ }),
378
440
  _ts_metadata("design:type", String)
379
441
  ], UserRoleResponseDto.prototype, "id", void 0);
380
442
  _ts_decorate([
381
- ApiProperty(),
443
+ ApiProperty({
444
+ description: 'User ID'
445
+ }),
382
446
  _ts_metadata("design:type", String)
383
447
  ], UserRoleResponseDto.prototype, "userId", void 0);
384
448
  _ts_decorate([
385
- ApiProperty(),
449
+ ApiProperty({
450
+ description: 'Role ID'
451
+ }),
386
452
  _ts_metadata("design:type", String)
387
453
  ], UserRoleResponseDto.prototype, "roleId", void 0);
388
454
  _ts_decorate([
389
- ApiProperty(),
455
+ ApiProperty({
456
+ description: 'Role name'
457
+ }),
390
458
  _ts_metadata("design:type", String)
391
459
  ], UserRoleResponseDto.prototype, "roleName", void 0);
392
460
  _ts_decorate([
393
- ApiPropertyOptional(),
461
+ ApiPropertyOptional({
462
+ description: 'Branch ID (null = company-wide)'
463
+ }),
394
464
  _ts_metadata("design:type", Object)
395
465
  ], UserRoleResponseDto.prototype, "branchId", void 0);
396
466
  _ts_decorate([
397
- ApiProperty(),
467
+ ApiProperty({
468
+ description: 'When this permission was created'
469
+ }),
398
470
  _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)
399
471
  ], UserRoleResponseDto.prototype, "createdAt", void 0);
400
472
  export class FrontendActionDto {
@@ -406,19 +478,27 @@ export class FrontendActionDto {
406
478
  }
407
479
  }
408
480
  _ts_decorate([
409
- ApiProperty(),
481
+ ApiProperty({
482
+ description: 'Action ID'
483
+ }),
410
484
  _ts_metadata("design:type", String)
411
485
  ], FrontendActionDto.prototype, "id", void 0);
412
486
  _ts_decorate([
413
- ApiProperty(),
487
+ ApiProperty({
488
+ description: 'Action code'
489
+ }),
414
490
  _ts_metadata("design:type", String)
415
491
  ], FrontendActionDto.prototype, "code", void 0);
416
492
  _ts_decorate([
417
- ApiProperty(),
493
+ ApiProperty({
494
+ description: 'Action name'
495
+ }),
418
496
  _ts_metadata("design:type", String)
419
497
  ], FrontendActionDto.prototype, "name", void 0);
420
498
  _ts_decorate([
421
- ApiPropertyOptional(),
499
+ ApiPropertyOptional({
500
+ description: 'Action description'
501
+ }),
422
502
  _ts_metadata("design:type", Object)
423
503
  ], FrontendActionDto.prototype, "description", void 0);
424
504
  export class MyPermissionsQueryDto {
@@ -473,18 +553,26 @@ export class PermissionOperationResultDto {
473
553
  }
474
554
  }
475
555
  _ts_decorate([
476
- ApiProperty(),
556
+ ApiProperty({
557
+ description: 'Whether the operation succeeded'
558
+ }),
477
559
  _ts_metadata("design:type", Boolean)
478
560
  ], PermissionOperationResultDto.prototype, "success", void 0);
479
561
  _ts_decorate([
480
- ApiProperty(),
562
+ ApiProperty({
563
+ description: 'Number of permissions added'
564
+ }),
481
565
  _ts_metadata("design:type", Number)
482
566
  ], PermissionOperationResultDto.prototype, "added", void 0);
483
567
  _ts_decorate([
484
- ApiProperty(),
568
+ ApiProperty({
569
+ description: 'Number of permissions removed'
570
+ }),
485
571
  _ts_metadata("design:type", Number)
486
572
  ], PermissionOperationResultDto.prototype, "removed", void 0);
487
573
  _ts_decorate([
488
- ApiProperty(),
574
+ ApiProperty({
575
+ description: 'Operation result message'
576
+ }),
489
577
  _ts_metadata("design:type", String)
490
578
  ], PermissionOperationResultDto.prototype, "message", void 0);
package/fesm/dtos/role.dto.js CHANGED
@@ -104,30 +104,6 @@ _ts_decorate([
104
104
  IsNotEmpty(),
105
105
  _ts_metadata("design:type", String)
106
106
  ], UpdateRoleDto.prototype, "id", void 0);
107
- export class RoleQueryDto {
108
- constructor(){
109
- _define_property(this, "companyId", void 0);
110
- _define_property(this, "isActive", void 0);
111
- }
112
- }
113
- _ts_decorate([
114
- ApiProperty({
115
- description: 'Filter by company ID - Only available when company feature is enabled',
116
- required: false
117
- }),
118
- IsUUID(),
119
- IsOptional(),
120
- _ts_metadata("design:type", String)
121
- ], RoleQueryDto.prototype, "companyId", void 0);
122
- _ts_decorate([
123
- ApiProperty({
124
- description: 'Filter by active status',
125
- required: false
126
- }),
127
- IsBoolean(),
128
- IsOptional(),
129
- _ts_metadata("design:type", Boolean)
130
- ], RoleQueryDto.prototype, "isActive", void 0);
131
107
  export class RoleResponseDto {
132
108
  constructor(){
133
109
  _define_property(this, "id", void 0);
package/fesm/entities/permission-base.entity.js CHANGED
@@ -40,18 +40,6 @@ export var IamEntityType = /*#__PURE__*/ function(IamEntityType) {
40
40
  * Permission Base Entity
41
41
  * Core permission fields - always included regardless of company feature
42
42
  */ export class PermissionBase extends Identity {
43
- isUserRole() {
44
- return this.permissionType === "user_role";
45
- }
46
- isRoleAction() {
47
- return this.permissionType === "role_action";
48
- }
49
- isUserAction() {
50
- return this.permissionType === "user_action";
51
- }
52
- isCompanyAction() {
53
- return this.permissionType === "company_action";
54
- }
55
43
  isValid(now = new Date()) {
56
44
  if (this.validFrom && now < this.validFrom) return false;
57
45
  if (this.validUntil && now > this.validUntil) return false;
package/fesm/helpers/company-access.helper.js ADDED
@@ -0,0 +1,14 @@
1
+ import { ForbiddenException } from '@nestjs/common';
2
+ /**
3
+ * Validates that user has access to the specified company.
4
+ * Used for user-action and role-permission operations when company feature is enabled.
5
+ *
6
+ * @throws ForbiddenException if user doesn't have access to the company
7
+ */ export function validateCompanyAccess(config, companyId, user, errorMessage = 'You do not have access to this company') {
8
+ if (!config.isCompanyFeatureEnabled() || !companyId) {
9
+ return;
10
+ }
11
+ if (user.companyId !== companyId) {
12
+ throw new ForbiddenException(errorMessage);
13
+ }
14
+ }
package/fesm/helpers/index.js CHANGED
@@ -1,2 +1,2 @@
1
- export * from './permission-evaluator.helper';
1
+ export * from './company-access.helper';
2
2
  export * from './permission-mode.helper';
package/fesm/interfaces/iam-module-options.interface.js CHANGED
@@ -1 +1,3 @@
1
- export * from './iam-module-async-options.interface';
1
+ /**
2
+ * Async options for IAMModule registration
3
+ */ export { };
package/fesm/interfaces/index.js CHANGED
@@ -1,4 +1,3 @@
1
1
  export * from './action.interface';
2
2
  export * from './role.interface';
3
3
  export * from './iam-module-options.interface';
4
- export * from './iam-module-async-options.interface';