npm - @flusys/nestjs-iam - Versions diffs - 4.1.1 → 5.0.0 - Mend

@flusys/nestjs-iam 4.1.1 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/README.md +87 -369
package/cjs/config/message-keys.js +7 -49
package/cjs/controllers/company-action-permission.controller.js +19 -18
package/cjs/controllers/my-permission.controller.js +1 -4
package/cjs/controllers/role-permission.controller.js +30 -20
package/cjs/controllers/user-action-permission.controller.js +16 -11
package/cjs/docs/iam-swagger.config.js +3 -2
package/cjs/dtos/action.dto.js +0 -16
package/cjs/dtos/permission.dto.js +4 -19
package/cjs/dtos/role.dto.js +0 -16
package/cjs/entities/action-base.entity.js +3 -8
package/cjs/entities/permission-base.entity.js +1 -7
package/cjs/entities/role-base.entity.js +1 -7
package/cjs/services/action.service.js +1 -2
package/cjs/services/permission.service.js +7 -14
package/cjs/services/role.service.js +0 -1
package/config/message-keys.d.ts +4 -84
package/controllers/company-action-permission.controller.d.ts +3 -3
package/controllers/role-permission.controller.d.ts +4 -4
package/controllers/user-action-permission.controller.d.ts +3 -3
package/docs/iam-swagger.config.d.ts +1 -1
package/dtos/action.dto.d.ts +0 -2
package/dtos/permission.dto.d.ts +1 -3
package/dtos/role.dto.d.ts +0 -2
package/entities/action-base.entity.d.ts +0 -1
package/entities/permission-base.entity.d.ts +0 -1
package/entities/role-base.entity.d.ts +0 -1
package/fesm/config/message-keys.js +7 -44
package/fesm/controllers/company-action-permission.controller.js +22 -21
package/fesm/controllers/my-permission.controller.js +2 -5
package/fesm/controllers/role-permission.controller.js +33 -23
package/fesm/controllers/user-action-permission.controller.js +19 -14
package/fesm/docs/iam-swagger.config.js +3 -2
package/fesm/dtos/action.dto.js +0 -16
package/fesm/dtos/permission.dto.js +4 -19
package/fesm/dtos/role.dto.js +0 -16
package/fesm/entities/action-base.entity.js +3 -8
package/fesm/entities/permission-base.entity.js +1 -7
package/fesm/entities/role-base.entity.js +1 -7
package/fesm/services/action.service.js +1 -2
package/fesm/services/permission.service.js +7 -14
package/fesm/services/role.service.js +0 -1
package/interfaces/action.interface.d.ts +0 -1
package/interfaces/role.interface.d.ts +0 -1
package/package.json +3 -3

package/README.md CHANGED Viewed

@@ -1,84 +1,9 @@
 # @flusys/nestjs-iam
-> Identity and Access Management for NestJS — RBAC, DIRECT, and FULL permission modes with hierarchical actions, company scoping, intelligent 1-hour caching, and multi-tenant support.
+Identity and Access Management for NestJS — RBAC, DIRECT, and FULL permission modes with caching and multi-tenant support.
 [![npm version](https://img.shields.io/npm/v/@flusys/nestjs-iam.svg)](https://www.npmjs.com/package/@flusys/nestjs-iam)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![NestJS](https://img.shields.io/badge/NestJS-11.x-red.svg)](https://nestjs.com/)
-[![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue.svg)](https://www.typescriptlang.org/)
-[![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18.x-green.svg)](https://nodejs.org/)
----
-## Table of Contents
-- [Overview](#overview)
-- [Features](#features)
-- [Permission Modes](#permission-modes)
-- [Compatibility](#compatibility)
-- [Installation](#installation)
-- [Quick Start](#quick-start)
-- [Module Registration](#module-registration)
-  - [forRoot (Sync)](#forroot-sync)
-  - [forRootAsync (Factory)](#forrootasync-factory)
-- [Configuration Reference](#configuration-reference)
-- [Feature Toggles](#feature-toggles)
-- [API Endpoints](#api-endpoints)
-- [Entities](#entities)
-- [Permission Cache](#permission-cache)
-- [Exported Services](#exported-services)
-- [Using Permissions in Controllers](#using-permissions-in-controllers)
-- [Action Types](#action-types)
-- [Hierarchical Actions](#hierarchical-actions)
-- [Troubleshooting](#troubleshooting)
-- [License](#license)
----
-## Overview
-`@flusys/nestjs-iam` is a complete Identity and Access Management system. It supports three permission modes — RBAC (role-based), DIRECT (user-to-action), and FULL (both simultaneously). Permissions are cached per user+company+branch for 1 hour and automatically invalidated on changes.
-The module is fully independent from `nestjs-auth` — it only depends on `nestjs-core` and `nestjs-shared`. Integration with auth is done via the `USER_ENRICHER` provider interface in `nestjs-auth`.
----
-## Features
-- **RBAC Mode** — Users inherit permissions through Roles → Actions assignments
-- **DIRECT Mode** — Users are assigned directly to Actions without roles
-- **FULL Mode** — Both RBAC and DIRECT active simultaneously (union of permissions)
-- **Hierarchical Actions** — Actions form parent-child trees with `parentId`; tree queries supported
-- **Action Types** — `BACKEND` (API guard only), `FRONTEND` (returned to client), `BOTH`
-- **Company Whitelist** — `COMPANY_ACTION` records control which actions are available per company
-- **Permission Logic** — Complex AND/OR nested logic on `@RequirePermission()` decorator
-- **1-Hour Cache** — Permissions cached per `userId + companyId + branchId`, auto-invalidated
-- **Menu Management** — Navigation menu items with per-item action requirements
-- **Multi-tenant** — Isolated DataSource Provider per request
----
-## Permission Modes
-| Mode | How it works | Controllers loaded |
-|------|--------------|--------------------|
-| `RBAC` | User → Role → Action | ActionController, RoleController, RolePermissionController, MyPermissionController |
-| `DIRECT` | User → Action (direct) | ActionController, UserActionPermissionController, MyPermissionController |
-| `FULL` | RBAC + DIRECT (union) | All above controllers |
-`FULL` is the default when `permissionMode` is not specified.
----
-## Compatibility
-| Package | Version |
-|---------|---------|
-| `@flusys/nestjs-core` | `^4.0.0` |
-| `@flusys/nestjs-shared` | `^4.0.0` |
-| `@nestjs/core` | `^11.0.0` |
-| `typeorm` | `^0.3.0` |
-| Node.js | `>= 18.x` |
 ---
@@ -88,14 +13,13 @@ The module is fully independent from `nestjs-auth` — it only depends on `nestj
 npm install @flusys/nestjs-iam @flusys/nestjs-shared @flusys/nestjs-core
 ```
----
+## 1. Register the Module
-## Quick Start
+### Synchronous
-### RBAC Mode
+#### Mode 1: Single Database
 ```typescript
-import { Module } from '@nestjs/common';
 import { IAMModule } from '@flusys/nestjs-iam';
 @Module({
@@ -106,13 +30,13 @@ import { IAMModule } from '@flusys/nestjs-iam';
       bootstrapAppConfig: {
         databaseMode: 'single',
         enableCompanyFeature: false,
-        permissionMode: 'RBAC',
+        permissionMode: 'RBAC', // 'RBAC' | 'DIRECT' | 'FULL' (default: 'FULL')
       },
       config: {
         defaultDatabaseConfig: {
-          type: 'postgres',
+          type: 'mysql',
           host: process.env.DB_HOST,
-          port: Number(process.env.DB_PORT ?? 5432),
+          port: Number(process.env.DB_PORT ?? 3306),
           username: process.env.DB_USER,
           password: process.env.DB_PASSWORD,
           database: process.env.DB_NAME,
@@ -124,45 +48,41 @@ import { IAMModule } from '@flusys/nestjs-iam';
 export class AppModule {}
 ```
-### FULL Mode with Company Feature
+#### Mode 2: Multi-Tenant
 ```typescript
 IAMModule.forRoot({
   global: true,
   includeController: true,
   bootstrapAppConfig: {
-    databaseMode: 'single',
-    enableCompanyFeature: true,   // Company/branch scoping
-    permissionMode: 'FULL',       // RBAC + DIRECT
+    databaseMode: 'multi-tenant',
+    enableCompanyFeature: true,
+    permissionMode: 'FULL',
   },
-  config: { defaultDatabaseConfig: { /* ... */ } },
-})
-```
----
-## Module Registration
-### forRoot (Sync)
-```typescript
-IAMModule.forRoot({
-  global?: boolean;           // Default: false
-  includeController?: boolean; // Default: false
-  bootstrapAppConfig?: {
-    databaseMode: 'single' | 'multi-tenant';
-    enableCompanyFeature: boolean;
-    permissionMode?: 'FULL' | 'RBAC' | 'DIRECT'; // Default: 'FULL'
-  };
-  config?: IIAMModuleConfig;
-})
+  config: {
+    tenantDefaultDatabaseConfig: {
+      type: 'mysql',
+      host: process.env.TENANT_DB_HOST,
+      port: Number(process.env.TENANT_DB_PORT ?? 3306),
+      username: process.env.TENANT_DB_USER,
+      password: process.env.TENANT_DB_PASSWORD,
+      database: process.env.TENANT_DB_NAME,
+    },
+    tenants: [
+      { id: 'tenant-a', database: 'tenant_a_db', permissionMode: 'FULL' },
+      { id: 'tenant-b', database: 'tenant_b_db', permissionMode: 'RBAC' },
+    ],
+  },
+});
 ```
-### forRootAsync (Factory)
+### Asynchronous (with ConfigService)
 ```typescript
-import { ConfigService } from '@nestjs/config';
+import { ConfigModule, ConfigService } from '@nestjs/config';
+import { IAMModule, ITenantDatabaseConfig } from '@flusys/nestjs-iam';
+// Single database
 IAMModule.forRootAsync({
   global: true,
   includeController: true,
@@ -172,9 +92,9 @@ IAMModule.forRootAsync({
     permissionMode: 'FULL',
   },
   imports: [ConfigModule],
-  useFactory: async (configService: ConfigService) => ({
+  useFactory: (configService: ConfigService) => ({
     defaultDatabaseConfig: {
-      type: 'postgres',
+      type: 'mysql',
       host: configService.get('DB_HOST'),
       port: configService.get<number>('DB_PORT'),
       username: configService.get('DB_USER'),
@@ -183,308 +103,106 @@ IAMModule.forRootAsync({
     },
   }),
   inject: [ConfigService],
-})
-```
----
-## Configuration Reference
-```typescript
-interface IIAMModuleConfig extends IDataSourceServiceOptions {
-  // All IAM behaviour is controlled via bootstrapAppConfig.
-  // IDataSourceServiceOptions provides:
-  //   defaultDatabaseConfig?: IDatabaseConfig
-  //   tenantDefaultDatabaseConfig?: IDatabaseConfig
-  //   tenants?: ITenantDatabaseConfig[]
-}
-```
+});
-Bootstrap configuration is fixed at startup and cannot change at runtime:
-```typescript
-interface IBootstrapAppConfig {
-  databaseMode: 'single' | 'multi-tenant';
-  enableCompanyFeature: boolean;
-  permissionMode?: 'FULL' | 'RBAC' | 'DIRECT'; // Default: 'FULL'
-}
+// Multi-tenant
+IAMModule.forRootAsync({
+  global: true,
+  includeController: true,
+  bootstrapAppConfig: {
+    databaseMode: 'multi-tenant',
+    enableCompanyFeature: true,
+    permissionMode: 'FULL',
+  },
+  imports: [ConfigModule],
+  useFactory: (configService: ConfigService) => ({
+    tenantDefaultDatabaseConfig: {
+      type: 'mysql',
+      host: configService.get('TENANT_DB_HOST'),
+      port: configService.get<number>('TENANT_DB_PORT'),
+      username: configService.get('TENANT_DB_USER'),
+      password: configService.get('TENANT_DB_PASSWORD'),
+      database: configService.get('TENANT_DB_NAME'),
+    },
+    tenants: configService.get<ITenantDatabaseConfig[]>('TENANTS'),
+  }),
+  inject: [ConfigService],
+});
 ```
----
-## Feature Toggles
-| Feature | Config | Default | Effect |
-|---------|--------|---------|--------|
-| Company scoping | `enableCompanyFeature: true` | `false` | Uses `*WithCompany` entity variants; adds `companyId`/`branchId` to permission assignments; registers `CompanyActionPermissionController` |
-| RBAC | `permissionMode: 'RBAC'` | — | Loads Role, RoleAction, UserRole entities; registers Role controllers |
-| DIRECT | `permissionMode: 'DIRECT'` | — | Loads UserAction entities; registers UserActionPermissionController |
-| FULL | `permissionMode: 'FULL'` | default | All entities and controllers |
-**Controller loading by mode:**
-| Mode | + `enableCompanyFeature` | Additional controller |
-|------|--------------------------|-----------------------|
-| `RBAC` | true | `CompanyActionPermissionController` |
-| `DIRECT` | true | `CompanyActionPermissionController` |
-| `FULL` | true | `CompanyActionPermissionController` |
----
-## API Endpoints
-All endpoints use **POST** and require JWT authentication.
-### Actions — `POST /iam/action/*`
-| Endpoint | Permission | Description |
-|----------|-----------|-------------|
-| `POST /iam/action/insert` | `action.create` | Create an action |
-| `POST /iam/action/get-all` | `action.read` | List all actions |
-| `POST /iam/action/get/:id` | `action.read` | Get action by ID |
-| `POST /iam/action/get-tree` | `action.read` | Get hierarchical action tree |
-| `POST /iam/action/update` | `action.update` | Update action |
-| `POST /iam/action/delete` | `action.delete` | Delete action |
-### Roles — `POST /iam/role/*` *(RBAC and FULL modes)*
-| Endpoint | Permission | Description |
-|----------|-----------|-------------|
-| `POST /iam/role/insert` | `role.create` | Create a role |
-| `POST /iam/role/get-all` | `role.read` | List all roles |
-| `POST /iam/role/get/:id` | `role.read` | Get role by ID |
-| `POST /iam/role/update` | `role.update` | Update role |
-| `POST /iam/role/delete` | `role.delete` | Delete role |
-### Role Permissions — `POST /iam/role-permission/*` *(RBAC and FULL modes)*
-| Endpoint | Permission | Description |
-|----------|-----------|-------------|
-| `POST /iam/role-permission/assign` | `role.update` | Assign action to role |
-| `POST /iam/role-permission/remove` | `role.update` | Remove action from role |
-| `POST /iam/role-permission/get-by-role` | `role.read` | Get all actions for a role |
-| `POST /iam/role-permission/assign-user-role` | `role.update` | Assign role to user |
-| `POST /iam/role-permission/remove-user-role` | `role.update` | Remove role from user |
-### User Action Permissions — `POST /iam/user-action-permission/*` *(DIRECT and FULL modes)*
+## 2. Register Entities in TypeORM
-| Endpoint | Permission | Description |
-|----------|-----------|-------------|
-| `POST /iam/user-action-permission/assign` | `action.update` | Directly assign action to user |
-| `POST /iam/user-action-permission/remove` | `action.update` | Remove direct action from user |
-| `POST /iam/user-action-permission/get-by-user` | `action.read` | Get all direct permissions for user |
-### Company Action Whitelist — `POST /iam/company-action/*` *(`enableCompanyFeature: true`)*
-| Endpoint | Permission | Description |
-|----------|-----------|-------------|
-| `POST /iam/company-action/assign` | `action.update` | Add action to company whitelist |
-| `POST /iam/company-action/remove` | `action.update` | Remove action from whitelist |
-| `POST /iam/company-action/get-by-company` | `action.read` | Get company's available actions |
-### My Permissions — `POST /iam/my-permission/*`
-| Endpoint | Auth | Description |
-|----------|------|-------------|
-| `POST /iam/my-permission/get-all` | JWT | Get all permissions for current user |
----
-## Entities
-### Core Entities (always registered)
-| Entity | Table | Description |
-|--------|-------|-------------|
-| `Action` | `iam_action` | Permission actions (e.g., `product.create`) with type and hierarchy |
-| `Menu` | `iam_menu` | Navigation menu items with optional action requirement |
-### RBAC Entities (`permissionMode: 'RBAC'` or `'FULL'`)
-| Entity | Table | Description |
-|--------|-------|-------------|
-| `Role` | `iam_role` | Role definitions |
-| `RoleAction` | `iam_role_action` | Role → Action assignments |
-| `UserRole` | `iam_user_role` | User → Role assignments |
-### DIRECT Entities (`permissionMode: 'DIRECT'` or `'FULL'`)
-| Entity | Table | Description |
-|--------|-------|-------------|
-| `UserAction` | `iam_user_action` | Direct User → Action assignments |
-### Company Feature Entities (`enableCompanyFeature: true`)
-All above entities get `WithCompany` variants with `companyId` and `branchId` columns, plus:
-| Entity | Table | Description |
-|--------|-------|-------------|
-| `CompanyAction` | `iam_company_action` | Actions whitelisted per company |
-#### Register Entities in TypeORM
+Use `getIAMEntitiesByConfig()` — arguments must match `bootstrapAppConfig`:
 ```typescript
-import { IAMModule } from '@flusys/nestjs-iam';
+import { getIAMEntitiesByConfig } from '@flusys/nestjs-iam/entities';
 TypeOrmModule.forRoot({
   entities: [
-    ...IAMModule.getEntities({
-      enableCompanyFeature: true,
-      permissionMode: 'FULL',
-    }),
+    ...getIAMEntitiesByConfig(
+      true, // enableCompanyFeature
+      'FULL', // permissionMode: 'FULL' | 'RBAC' | 'DIRECT'
+    ),
   ],
-})
+});
 ```
----
-## Permission Cache
-Permissions are cached with the key `iam:permissions:{userId}:{companyId}:{branchId}` for **1 hour**. The cache is automatically invalidated when:
-- A role is assigned to or removed from a user
-- An action is directly assigned to or removed from a user
-- A role's action set is modified
-- The company action whitelist changes
-Cache uses `HybridCache` (in-memory + Redis). If Redis is not configured, in-memory cache is used.
----
-## Exported Services
+## 3. Protect Endpoints
-| Service | Description |
-|---------|-------------|
-| `PermissionService` | Resolve and check permissions for a user |
-| `ActionService` | Action CRUD and tree queries |
-| `RoleService` | Role CRUD *(RBAC/FULL modes)* |
-| `UserActionPermissionService` | Direct user-action assignment *(DIRECT/FULL modes)* |
-| `IAMConfigService` | Exposes runtime config and feature flags |
-| `IAMDataSourceProvider` | Dynamic DataSource resolution per request |
----
-## Using Permissions in Controllers
-### Using the Decorator
+All FLUSYS endpoints use POST. Apply `JwtAuthGuard` and `@RequirePermission` from `nestjs-shared`:
 ```typescript
-import { RequirePermission } from '@flusys/nestjs-shared/decorators';
 import { JwtAuthGuard } from '@flusys/nestjs-shared/guards';
+import { RequirePermission, CurrentUser } from '@flusys/nestjs-shared/decorators';
+import { ILoggedUserInfo } from '@flusys/nestjs-shared/interfaces';
 @UseGuards(JwtAuthGuard)
 @Controller('products')
 export class ProductController {
   @Post('insert')
   @RequirePermission('product.create')
-  async create() { }
+  async create(@CurrentUser() user: ILoggedUserInfo) {
+    /* ... */
+  }
   @Post('get-all')
   @RequirePermission('product.read')
-  async getAll() { }
+  async getAll(@CurrentUser() user: ILoggedUserInfo) {
+    /* ... */
+  }
 }
 ```
-### Checking Permissions Programmatically
+Wildcard matching is supported: `@RequirePermission('product.*')` matches any action whose code starts with `product.`.
+## 5. Programmatic Permission Check
+Inject `PermissionService` (use `@Inject()` — required for bundled code):
 ```typescript
 import { PermissionService } from '@flusys/nestjs-iam';
 @Injectable()
 export class ProductService {
-  constructor(
-    @Inject(PermissionService) private readonly permissionService: PermissionService,
-  ) {}
+  constructor(@Inject(PermissionService) private readonly permissionService: PermissionService) {}
-  async canUserCreate(userId: string, companyId?: string): Promise<boolean> {
+  async canCreate(userId: string, companyId?: string): Promise<boolean> {
     return this.permissionService.hasPermission(userId, 'product.create', companyId);
   }
-  async getUserPermissions(userId: string, companyId?: string): Promise<string[]> {
-    return this.permissionService.getPermissions(userId, companyId);
-  }
-}
-```
----
-## Action Types
-| Type | Description |
-|------|-------------|
-| `BACKEND` | Enforced by `PermissionGuard` on API requests only. Not returned to the frontend. |
-| `FRONTEND` | Returned to the frontend in permission lists. Not enforced server-side. |
-| `BOTH` | Enforced server-side AND returned to the frontend. |
-```json
-POST /iam/action/insert
-{
-  "name": "Create Product",
-  "code": "product.create",
-  "type": "BOTH",
-  "parentId": null,
-  "description": "Allows creating new products"
 }
 ```
----
-## Hierarchical Actions
-Actions support parent-child relationships. Use `parentId` to create a tree:
-```
-product           (BOTH - parent)
-├── product.read  (BOTH - child)
-├── product.create (BOTH - child)
-├── product.update (BOTH - child)
-└── product.delete (BOTH - child)
-```
-Get the full tree:
-```json
-POST /iam/action/get-tree
-{}
-```
-The wildcard `product.*` in `@RequirePermission('product.*')` matches any action whose code starts with `product.`.
----
-## Troubleshooting
-**`PermissionGuard` always denies — user has correct role**
-Check that the IAM entities are included in your `TypeOrmModule` registration. Missing entities cause the permission query to return empty results.
----
-**Permission cache not invalidating after role change**
-Check that `REDIS_URL` is configured correctly. If multiple service instances share the same Redis, cache invalidation propagates automatically. In single-instance in-memory mode, invalidation only affects the current process.
----
-**`No metadata for entity` on startup**
-Use `IAMModule.getEntities()` with both `enableCompanyFeature` and `permissionMode` matching your `bootstrapAppConfig`:
-```typescript
-...IAMModule.getEntities({ enableCompanyFeature: true, permissionMode: 'FULL' })
-```
----
+## Exported Services
-**Company action whitelist blocks all permissions**
+| Service             | Scope   | Description                                                    |
+| ------------------- | ------- | -------------------------------------------------------------- |
+| `PermissionService` | REQUEST | `hasPermission()`, `getUserPermissions()`, `getRolesForUser()` |
+|  |
-When `enableCompanyFeature: true`, a user's permissions are intersected with the company's action whitelist. If the whitelist is empty, the user has no permissions. Seed the whitelist using `POST /iam/company-action/assign`.
+All constructor injections need explicit `@Inject()` — TypeScript metadata is lost during esbuild bundling.
 ---
 ## License
 MIT © FLUSYS
----
-> Part of the **FLUSYS** framework — a full-stack monorepo powering Angular 21 + NestJS 11 applications.

package/cjs/config/message-keys.js CHANGED Viewed

@@ -19,18 +19,12 @@ _export(exports, {
     get IAM_MODE_MESSAGES () {
         return IAM_MODE_MESSAGES;
     },
-    get IAM_MODULE_MESSAGES () {
-        return IAM_MODULE_MESSAGES;
-    },
     get MY_PERMISSION_MESSAGES () {
         return MY_PERMISSION_MESSAGES;
     },
     get PERMISSION_OPERATION_MESSAGES () {
         return PERMISSION_OPERATION_MESSAGES;
     },
-    get ROLE_MESSAGES () {
-        return ROLE_MESSAGES;
-    },
     get ROLE_PERMISSION_MESSAGES () {
         return ROLE_PERMISSION_MESSAGES;
     },
@@ -39,43 +33,22 @@ _export(exports, {
     }
 });
 const ACTION_MESSAGES = {
-    CREATE_SUCCESS: 'action.create.success',
-    CREATE_MANY_SUCCESS: 'action.create.many.success',
-    GET_SUCCESS: 'action.get.success',
-    GET_ALL_SUCCESS: 'action.get.all.success',
-    UPDATE_SUCCESS: 'action.update.success',
-    UPDATE_MANY_SUCCESS: 'action.update.many.success',
-    DELETE_SUCCESS: 'action.delete.success',
-    RESTORE_SUCCESS: 'action.restore.success',
-    NOT_FOUND: 'action.not.found'
+    GET_ALL_SUCCESS: 'action.get.all.success'
 };
-const ROLE_MESSAGES = {
-    CREATE_SUCCESS: 'role.create.success',
-    CREATE_MANY_SUCCESS: 'role.create.many.success',
-    GET_SUCCESS: 'role.get.success',
-    GET_ALL_SUCCESS: 'role.get.all.success',
-    UPDATE_SUCCESS: 'role.update.success',
-    UPDATE_MANY_SUCCESS: 'role.update.many.success',
-    DELETE_SUCCESS: 'role.delete.success',
-    RESTORE_SUCCESS: 'role.restore.success',
-    NOT_FOUND: 'role.not.found'
+const PERMISSION_OPERATION_MESSAGES = {
+    PROCESS_SUCCESS: 'permission.process.success',
+    ALREADY_EXISTS: 'permission.already.exists',
+    USER_REQUIRED: 'permission.user.required'
 };
 const ROLE_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'role.permission.get.success',
-    ASSIGN_SUCCESS: 'role.permission.assign.success',
     ACTIONS_SUCCESS: 'role.permission.actions.success',
-    USERS_SUCCESS: 'role.permission.users.success',
     USER_ROLES_SUCCESS: 'role.permission.user.roles.success'
 };
 const USER_ACTION_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'user.action.permission.get.success',
-    ASSIGN_SUCCESS: 'user.action.permission.assign.success',
-    REVOKE_SUCCESS: 'user.action.permission.revoke.success'
+    GET_SUCCESS: 'user.action.permission.get.success'
 };
 const COMPANY_ACTION_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'company.action.permission.get.success',
-    ASSIGN_SUCCESS: 'company.action.permission.assign.success',
-    REVOKE_SUCCESS: 'company.action.permission.revoke.success'
+    GET_SUCCESS: 'company.action.permission.get.success'
 };
 const MY_PERMISSION_MESSAGES = {
     GET_SUCCESS: 'my.permission.get.success'
@@ -85,18 +58,3 @@ const IAM_MODE_MESSAGES = {
     RBAC_MODE_UNAVAILABLE: 'iam.rbac.mode.unavailable',
     ROLE_ASSIGNMENT_UNAVAILABLE: 'iam.role.assignment.unavailable'
 };
-const PERMISSION_OPERATION_MESSAGES = {
-    PROCESS_SUCCESS: 'permission.process.success',
-    ALREADY_EXISTS: 'permission.already.exists',
-    USER_REQUIRED: 'permission.user.required'
-};
-const IAM_MODULE_MESSAGES = {
-    ACTION: ACTION_MESSAGES,
-    ROLE: ROLE_MESSAGES,
-    ROLE_PERMISSION: ROLE_PERMISSION_MESSAGES,
-    USER_ACTION_PERMISSION: USER_ACTION_PERMISSION_MESSAGES,
-    COMPANY_ACTION_PERMISSION: COMPANY_ACTION_PERMISSION_MESSAGES,
-    MY_PERMISSION: MY_PERMISSION_MESSAGES,
-    IAM_MODE: IAM_MODE_MESSAGES,
-    PERMISSION_OPERATION: PERMISSION_OPERATION_MESSAGES
-};