npm - @flusys/nestjs-iam - Versions diffs - 1.1.0-beta → 2.0.0 - Mend

@flusys/nestjs-iam 1.1.0-beta → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/README.md +285 -115
package/cjs/controllers/action.controller.js +45 -2
package/cjs/controllers/company-action-permission.controller.js +16 -10
package/cjs/controllers/my-permission.controller.js +7 -3
package/cjs/controllers/role-permission.controller.js +35 -17
package/cjs/controllers/role.controller.js +46 -3
package/cjs/controllers/user-action-permission.controller.js +26 -11
package/cjs/dtos/action.dto.js +0 -27
package/cjs/dtos/permission.dto.js +117 -27
package/cjs/dtos/role.dto.js +0 -27
package/cjs/entities/permission-base.entity.js +0 -12
package/cjs/helpers/company-access.helper.js +19 -0
package/cjs/helpers/index.js +1 -1
package/cjs/interfaces/iam-module-options.interface.js +0 -14
package/cjs/interfaces/index.js +0 -1
package/cjs/modules/iam.module.js +50 -102
package/cjs/services/action.service.js +30 -41
package/cjs/services/iam-config.service.js +2 -5
package/cjs/services/{iam-datasource.provider.js → iam-datasource.service.js} +33 -36
package/cjs/services/index.js +1 -1
package/cjs/services/permission-cache.service.js +31 -61
package/cjs/services/permission.service.js +160 -188
package/cjs/services/role.service.js +8 -8
package/cjs/types/logic-node.type.js +0 -24
package/controllers/company-action-permission.controller.d.ts +3 -3
package/controllers/my-permission.controller.d.ts +2 -2
package/controllers/role-permission.controller.d.ts +7 -5
package/controllers/user-action-permission.controller.d.ts +6 -4
package/dtos/action.dto.d.ts +0 -7
package/dtos/permission.dto.d.ts +4 -0
package/dtos/role.dto.d.ts +0 -7
package/entities/permission-base.entity.d.ts +0 -4
package/fesm/controllers/action.controller.js +47 -4
package/fesm/controllers/company-action-permission.controller.js +18 -12
package/fesm/controllers/index.js +1 -1
package/fesm/controllers/my-permission.controller.js +7 -3
package/fesm/controllers/role-permission.controller.js +37 -19
package/fesm/controllers/role.controller.js +45 -2
package/fesm/controllers/user-action-permission.controller.js +28 -13
package/fesm/dtos/action.dto.js +0 -24
package/fesm/dtos/permission.dto.js +117 -29
package/fesm/dtos/role.dto.js +0 -24
package/fesm/entities/permission-base.entity.js +0 -12
package/fesm/helpers/company-access.helper.js +14 -0
package/fesm/helpers/index.js +1 -1
package/fesm/interfaces/iam-module-options.interface.js +3 -1
package/fesm/interfaces/index.js +0 -1
package/fesm/modules/iam.module.js +52 -104
package/fesm/services/action.service.js +32 -43
package/fesm/services/iam-config.service.js +2 -5
package/fesm/services/{iam-datasource.provider.js → iam-datasource.service.js} +31 -34
package/fesm/services/index.js +1 -1
package/fesm/services/permission-cache.service.js +31 -61
package/fesm/services/permission.service.js +161 -189
package/fesm/services/role.service.js +8 -8
package/fesm/types/logic-node.type.js +1 -10
package/helpers/company-access.helper.d.ts +3 -0
package/helpers/index.d.ts +1 -1
package/interfaces/iam-module-options.interface.d.ts +9 -1
package/interfaces/index.d.ts +0 -1
package/modules/iam.module.d.ts +2 -2
package/package.json +3 -3
package/services/action.service.d.ts +6 -4
package/services/iam-config.service.d.ts +2 -2
package/services/{iam-datasource.provider.d.ts → iam-datasource.service.d.ts} +4 -5
package/services/index.d.ts +1 -1
package/services/permission-cache.service.d.ts +4 -6
package/services/permission.service.d.ts +8 -4
package/services/role.service.d.ts +3 -3
package/types/logic-node.type.d.ts +0 -8
package/cjs/helpers/permission-evaluator.helper.js +0 -175
package/cjs/interfaces/iam-module-async-options.interface.js +0 -4
package/fesm/helpers/permission-evaluator.helper.js +0 -165
package/fesm/interfaces/iam-module-async-options.interface.js +0 -3
package/helpers/permission-evaluator.helper.d.ts +0 -26
package/interfaces/iam-module-async-options.interface.d.ts +0 -11

package/fesm/services/permission-cache.service.js CHANGED Viewed

@@ -26,22 +26,22 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 import { HybridCache } from '@flusys/nestjs-shared';
+import { ErrorHandler } from '@flusys/nestjs-shared/utils';
 import { Inject, Injectable, Logger } from '@nestjs/common';
 export class PermissionCacheService {
     // Cache Key Generation
     generateCacheKey(options) {
-        const { userId, companyId, branchId, enableCompanyFeature } = options;
-        if (enableCompanyFeature && companyId) {
-            return `${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`;
-        }
-        return `${this.CACHE_PREFIX}:user:${userId}`;
+        return this.buildCacheKey(this.CACHE_PREFIX, options);
     }
     generateMyPermissionsCacheKey(options) {
+        return this.buildCacheKey(this.MY_PERMISSIONS_PREFIX, options);
+    }
+    buildCacheKey(prefix, options) {
         const { userId, companyId, branchId, enableCompanyFeature } = options;
         if (enableCompanyFeature && companyId) {
-            return `${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`;
+            return `${prefix}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`;
         }
-        return `${this.MY_PERMISSIONS_PREFIX}:user:${userId}`;
+        return `${prefix}:user:${userId}`;
     }
     // Cache Operations
     async setPermissions(options, permissions) {
@@ -50,20 +50,11 @@ export class PermissionCacheService {
             await this.cacheManager.set(key, permissions, this.TTL);
             this.logger.debug(`Cached ${permissions.length} permissions for key: ${key}`);
         } catch (error) {
-            this.logger.error(`Failed to cache permissions: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.error(`Failed to cache permissions: ${errorMessage}`);
         // Don't throw - cache failure shouldn't break the operation
         }
     }
-    async getPermissions(options) {
-        try {
-            const key = this.generateCacheKey(options);
-            const result = await this.cacheManager.get(key);
-            return result || null;
-        } catch (error) {
-            this.logger.error(`Failed to get permissions from cache: ${error}`);
-            return null;
-        }
-    }
     // My-Permissions Cache Operations
     async setMyPermissions(options, data) {
         try {
@@ -71,7 +62,8 @@ export class PermissionCacheService {
             await this.cacheManager.set(key, data, this.TTL);
             this.logger.debug(`Cached my-permissions for key: ${key} (${data.frontendActions.length} frontend, ${data.backendCodes.length} backend)`);
         } catch (error) {
-            this.logger.error(`Failed to cache my-permissions: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.error(`Failed to cache my-permissions: ${errorMessage}`);
         }
     }
     async getMyPermissions(options) {
@@ -83,28 +75,35 @@ export class PermissionCacheService {
             }
             return result || null;
         } catch (error) {
-            this.logger.error(`Failed to get my-permissions from cache: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.error(`Failed to get my-permissions from cache: ${errorMessage}`);
             return null;
         }
     }
-    // Action Code Cache Operations
-    async setActionCodeMap(codeToIdMap) {
+    // Action Code Cache Operations (tenant-aware for multi-tenant mode)
+    /** Generate tenant-aware cache key for action codes */ generateActionCodeCacheKey(tenantId) {
+        if (tenantId) {
+            return `${this.ACTION_CODE_PREFIX}:tenant:${tenantId}:map`;
+        }
+        return `${this.ACTION_CODE_PREFIX}:map`;
+    }
+    async setActionCodeMap(codeToIdMap, tenantId) {
         try {
-            const key = `${this.ACTION_CODE_PREFIX}:map`;
+            const key = this.generateActionCodeCacheKey(tenantId);
             await this.cacheManager.set(key, codeToIdMap, this.ACTION_CODE_TTL);
-            this.logger.debug(`Cached ${Object.keys(codeToIdMap).length} action code mappings`);
+            this.logger.debug(`Cached ${Object.keys(codeToIdMap).length} action code mappings${tenantId ? ` for tenant ${tenantId}` : ''}`);
         } catch (error) {
-            this.logger.error(`Failed to cache action code map: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.error(`Failed to cache action code map: ${errorMessage}`);
         }
     }
-    async getActionIdsByCodes(codes) {
+    async getActionIdsByCodes(codes, tenantId) {
         try {
-            const key = `${this.ACTION_CODE_PREFIX}:map`;
+            const key = this.generateActionCodeCacheKey(tenantId);
             const fullMap = await this.cacheManager.get(key);
             if (!fullMap) {
                 return null;
             }
-            // Return only requested codes
             const result = {};
             for (const code of codes){
                 if (fullMap[code]) {
@@ -113,19 +112,11 @@ export class PermissionCacheService {
             }
             return Object.keys(result).length > 0 ? result : null;
         } catch (error) {
-            this.logger.error(`Failed to get action IDs from cache: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.error(`Failed to get action IDs from cache: ${errorMessage}`);
             return null;
         }
     }
-    async invalidateActionCodeCache() {
-        try {
-            const key = `${this.ACTION_CODE_PREFIX}:map`;
-            await this.cacheManager.del(key);
-            this.logger.debug('Invalidated action code cache');
-        } catch (error) {
-            this.logger.warn(`Failed to invalidate action code cache: ${error}`);
-        }
-    }
     // Cache Invalidation
     async invalidateUser(userId, companyId, branchIds) {
         try {
@@ -135,10 +126,7 @@ export class PermissionCacheService {
                 // My-permissions cache (full response) - user-based key
                 `${this.MY_PERMISSIONS_PREFIX}:user:${userId}`
             ];
-            // Add company-based keys if companyId provided
             if (companyId) {
-                // If branchIds provided, invalidate all specified branches
-                // Otherwise, invalidate only null branch (company-wide)
                 const branches = branchIds?.length ? branchIds : [
                     null
                 ];
@@ -146,18 +134,17 @@ export class PermissionCacheService {
                     keysToDelete.push(`${this.CACHE_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`, `${this.MY_PERMISSIONS_PREFIX}:company:${companyId}:branch:${branchId || 'null'}:user:${userId}`);
                 }
             }
-            // Parallel deletion for better performance
             await Promise.all(keysToDelete.map((key)=>this.cacheManager.del(key)));
             this.logger.debug(`Invalidated ${keysToDelete.length} cache keys for user ${userId}`);
         } catch (error) {
-            this.logger.warn(`Failed to invalidate user cache for ${userId}: ${error}`);
+            const errorMessage = ErrorHandler.getErrorMessage(error);
+            this.logger.warn(`Failed to invalidate user cache for ${userId}: ${errorMessage}`);
         }
     }
     async invalidateUsers(userIds, companyId, branchIds) {
         if (userIds.length === 0) {
             return 0;
         }
-        // Parallel invalidation for better performance
         const results = await Promise.allSettled(userIds.map((userId)=>this.invalidateUser(userId, companyId, branchIds)));
         const successCount = results.filter((r)=>r.status === 'fulfilled').length;
         const failedCount = results.filter((r)=>r.status === 'rejected').length;
@@ -169,13 +156,6 @@ export class PermissionCacheService {
         }
         return successCount;
     }
-    /** Invalidate cache for all users in company (requires userIds via invalidateUsers) */ async invalidateCompany(companyId) {
-        // Note: HybridCache doesn't support pattern matching (keys() method)
-        // Company-wide invalidation requires passing individual user IDs
-        // This is a placeholder that logs a warning
-        this.logger.warn(`invalidateCompany called for ${companyId}, but pattern matching is not supported. ` + `Use invalidateUsers() with specific user IDs instead.`);
-        return 0;
-    }
     async invalidateRole(roleId, userIds, companyId, branchIds) {
         if (userIds.length === 0) {
             this.logger.debug(`No users found for role ${roleId}`);
@@ -187,16 +167,6 @@ export class PermissionCacheService {
         }
         return count;
     }
-    // Administrative Operations
-    /** Clear all permission caches (memory and redis) */ async clearAll() {
-        try {
-            await this.cacheManager.reset(); // Clear memory cache
-            await this.cacheManager.resetL2(); // Clear redis cache
-            this.logger.warn('Cleared all cache entries (memory and redis)');
-        } catch (error) {
-            this.logger.error(`Failed to clear all caches: ${error}`);
-        }
-    }
     constructor(cacheManager){
         _define_property(this, "cacheManager", void 0);
         _define_property(this, "logger", void 0);