@flusys/nestjs-iam 4.1.1 → 5.0.0

package/cjs/controllers/company-action-permission.controller.js

@@ -9,9 +9,9 @@ Object.defineProperty(exports, "CompanyActionPermissionController", {
     }
 });
 const _nestjsshared = require("@flusys/nestjs-shared");
-const _config = require("../config");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
+const _config = require("../config");
 const _permissiondto = require("../dtos/permission.dto");
 const _permissionservice = require("../services/permission.service");
 function _define_property(obj, key, value) {
@@ -42,10 +42,21 @@ function _ts_param(paramIndex, decorator) {
     };
 }
 let CompanyActionPermissionController = class CompanyActionPermissionController {
-    async assignCompanyActions(dto, user) {
-        return this.permissionService.assignCompanyActions(dto);
+    async assignCompanyActions(dto) {
+        const result = await this.permissionService.assignCompanyActions(dto);
+        return {
+            success: true,
+            message: 'Company actions updated successfully',
+            messageKey: _config.PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
-    async getCompanyActions(dto, user) {
+    async getCompanyActions(dto) {
         const actions = await this.permissionService.getCompanyActions(dto.companyId);
         return {
             success: true,
@@ -66,19 +77,14 @@ _ts_decorate([
         summary: 'Whitelist actions for company',
         description: 'Controls which actions are available to company users/roles.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _permissiondto.PermissionOperationResultDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.PermissionOperationResultDto),
     (0, _swagger.ApiBody)({
         type: _permissiondto.AssignCompanyActionsDto
     }),
     _ts_param(0, (0, _common.Body)()),
-    _ts_param(1, (0, _nestjsshared.CurrentUser)()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _permissiondto.AssignCompanyActionsDto === "undefined" ? Object : _permissiondto.AssignCompanyActionsDto,
-        typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
+        typeof _permissiondto.AssignCompanyActionsDto === "undefined" ? Object : _permissiondto.AssignCompanyActionsDto
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
@@ -89,19 +95,14 @@ _ts_decorate([
         summary: 'Get company whitelisted actions',
         description: 'Returns actions available to company.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _nestjsshared.SingleResponseDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.CompanyActionResponseDto, true, 'single'),
     (0, _swagger.ApiBody)({
         type: _permissiondto.GetCompanyActionsDto
     }),
     _ts_param(0, (0, _common.Body)()),
-    _ts_param(1, (0, _nestjsshared.CurrentUser)()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof _permissiondto.GetCompanyActionsDto === "undefined" ? Object : _permissiondto.GetCompanyActionsDto,
-        typeof _nestjsshared.ILoggedUserInfo === "undefined" ? Object : _nestjsshared.ILoggedUserInfo
+        typeof _permissiondto.GetCompanyActionsDto === "undefined" ? Object : _permissiondto.GetCompanyActionsDto
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "getCompanyActions", null);

package/cjs/controllers/my-permission.controller.js

@@ -63,10 +63,7 @@ _ts_decorate([
         summary: 'Get current user permissions',
         description: 'Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _permissiondto.MyPermissionsResponseDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.MyPermissionsResponseDto),
     (0, _swagger.ApiResponse)({
         status: 401,
         description: 'Unauthorized'

package/cjs/controllers/role-permission.controller.js

@@ -9,13 +9,13 @@ Object.defineProperty(exports, "RolePermissionController", {
     }
 });
 const _nestjsshared = require("@flusys/nestjs-shared");
-const _config = require("../config");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
+const _config = require("../config");
 const _permissiondto = require("../dtos/permission.dto");
 const _helpers = require("../helpers");
-const _permissionservice = require("../services/permission.service");
 const _iamconfigservice = require("../services/iam-config.service");
+const _permissionservice = require("../services/permission.service");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -45,7 +45,18 @@ function _ts_param(paramIndex, decorator) {
 }
 let RolePermissionController = class RolePermissionController {
     async assignRoleActions(dto) {
-        return this.permissionService.assignRoleActions(dto);
+        const result = await this.permissionService.assignRoleActions(dto);
+        return {
+            success: true,
+            message: 'Role actions updated successfully',
+            messageKey: _config.PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getRoleActions(dto) {
         const actions = await this.permissionService.getRoleActions(dto.roleId);
@@ -58,7 +69,18 @@ let RolePermissionController = class RolePermissionController {
     }
     async assignUserRoles(dto, user) {
         (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user);
-        return this.permissionService.assignUserRoles(dto);
+        const result = await this.permissionService.assignUserRoles(dto);
+        return {
+            success: true,
+            message: 'User roles updated successfully',
+            messageKey: _config.PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getUserRoles(dto, user) {
         (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user);
@@ -85,10 +107,7 @@ _ts_decorate([
         summary: 'Assign/remove actions to/from role',
         description: 'RBAC mode. No branch scoping.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _permissiondto.PermissionOperationResultDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.PermissionOperationResultDto),
     (0, _swagger.ApiBody)({
         type: _permissiondto.AssignRoleActionsDto
     }),
@@ -106,10 +125,7 @@ _ts_decorate([
         summary: 'Get role actions',
         description: 'Returns actions assigned to role.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _nestjsshared.SingleResponseDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.RoleActionResponseDto, true, 'single'),
     (0, _swagger.ApiBody)({
         type: _permissiondto.GetRoleActionsDto
     }),
@@ -127,10 +143,7 @@ _ts_decorate([
         summary: 'Assign/remove roles to/from user',
         description: 'RBAC mode. If company feature enabled, branchId is required.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _permissiondto.PermissionOperationResultDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.PermissionOperationResultDto),
     (0, _swagger.ApiBody)({
         type: _permissiondto.AssignUserRolesDto
     }),
@@ -150,10 +163,7 @@ _ts_decorate([
         summary: 'Get user roles',
         description: 'Returns roles assigned to user. Filter by companyId and branchId.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _nestjsshared.SingleResponseDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.UserRoleResponseDto, true, 'single'),
     (0, _swagger.ApiBody)({
         type: _permissiondto.GetUserRolesDto
     }),

package/cjs/controllers/user-action-permission.controller.js

@@ -9,13 +9,13 @@ Object.defineProperty(exports, "UserActionPermissionController", {
     }
 });
 const _nestjsshared = require("@flusys/nestjs-shared");
-const _config = require("../config");
 const _common = require("@nestjs/common");
 const _swagger = require("@nestjs/swagger");
+const _config = require("../config");
 const _permissiondto = require("../dtos/permission.dto");
 const _helpers = require("../helpers");
-const _permissionservice = require("../services/permission.service");
 const _iamconfigservice = require("../services/iam-config.service");
+const _permissionservice = require("../services/permission.service");
 function _define_property(obj, key, value) {
     if (key in obj) {
         Object.defineProperty(obj, key, {
@@ -46,7 +46,18 @@ function _ts_param(paramIndex, decorator) {
 let UserActionPermissionController = class UserActionPermissionController {
     async assignUserActions(dto, user) {
         (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user);
-        return this.permissionService.assignUserActions(dto);
+        const result = await this.permissionService.assignUserActions(dto);
+        return {
+            success: true,
+            message: 'User actions updated successfully',
+            messageKey: _config.PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getUserActions(dto, user) {
         (0, _helpers.validateCompanyAccess)(this.config, dto.companyId, user);
@@ -73,10 +84,7 @@ _ts_decorate([
         summary: 'Assign/remove actions to/from user',
         description: 'Direct permissions. If company feature enabled, branchId is required.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _permissiondto.PermissionOperationResultDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.PermissionOperationResultDto),
     (0, _swagger.ApiBody)({
         type: _permissiondto.AssignUserActionsDto
     }),
@@ -96,10 +104,7 @@ _ts_decorate([
         summary: 'Get user direct actions',
         description: 'Returns direct action permissions for user. Filter by companyId and branchId.'
     }),
-    (0, _swagger.ApiResponse)({
-        status: 200,
-        type: _nestjsshared.SingleResponseDto
-    }),
+    (0, _nestjsshared.ApiResponseDto)(_permissiondto.UserActionResponseDto, true, 'single'),
     (0, _swagger.ApiBody)({
         type: _permissiondto.GetUserActionsDto
     }),

package/cjs/docs/iam-swagger.config.js

@@ -17,7 +17,8 @@ const _permissiontypeenum = require("../enums/permission-type.enum");
     'User Permissions',
     'Company Selection'
 ];
-function iamSwaggerConfig(enableCompanyFeature = false, permissionMode = _permissiontypeenum.IAMPermissionMode.FULL) {
+function iamSwaggerConfig(enableCompanyFeature = false, permissionMode = _permissiontypeenum.IAMPermissionMode.FULL, databaseMode = 'single') {
+    const multiTenantNote = databaseMode === 'multi-tenant' ? `\n> **Multi-Tenant Mode**: Include \`x-tenant-id\` header to target a specific tenant database.\n` : '';
     const excludeSchemaProperties = enableCompanyFeature ? [] : [
         // DTOs with companyId and branchId
         {
@@ -115,7 +116,7 @@ function iamSwaggerConfig(enableCompanyFeature = false, permissionMode = _permis
         title: 'IAM API',
         description: `
 ## Identity & Access Management API
-
+${multiTenantNote}
 Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
 
 ### Current Configuration

package/cjs/dtos/action.dto.js

@@ -61,7 +61,6 @@ let CreateActionDto = class CreateActionDto {
         _define_property(this, "parentId", void 0);
         _define_property(this, "serial", void 0);
         _define_property(this, "isActive", void 0);
-        _define_property(this, "metadata", void 0);
     }
 };
 _ts_decorate([
@@ -145,14 +144,6 @@ _ts_decorate([
     (0, _classvalidator.IsOptional)(),
     _ts_metadata("design:type", Boolean)
 ], CreateActionDto.prototype, "isActive", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Additional metadata',
-        required: false
-    }),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", typeof Record === "undefined" ? Object : Record)
-], CreateActionDto.prototype, "metadata", void 0);
 let UpdateActionDto = class UpdateActionDto extends (0, _swagger.PartialType)(CreateActionDto) {
     constructor(...args){
         super(...args), _define_property(this, "id", void 0);
@@ -179,7 +170,6 @@ let ActionResponseDto = class ActionResponseDto {
         _define_property(this, "parentId", void 0);
         _define_property(this, "serial", void 0);
         _define_property(this, "isActive", void 0);
-        _define_property(this, "metadata", void 0);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
         _define_property(this, "deletedAt", void 0);
@@ -230,12 +220,6 @@ _ts_decorate([
     (0, _swagger.ApiProperty)(),
     _ts_metadata("design:type", Boolean)
 ], ActionResponseDto.prototype, "isActive", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        required: false
-    }),
-    _ts_metadata("design:type", Object)
-], ActionResponseDto.prototype, "metadata", void 0);
 _ts_decorate([
     (0, _swagger.ApiProperty)(),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)

package/cjs/dtos/permission.dto.js

@@ -612,19 +612,11 @@ _ts_decorate([
 ], MyPermissionsResponseDto.prototype, "cachedEndpoints", void 0);
 let PermissionOperationResultDto = class PermissionOperationResultDto {
     constructor(){
-        _define_property(this, "success", void 0);
         _define_property(this, "added", void 0);
         _define_property(this, "removed", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "messageKey", void 0);
+        _define_property(this, "total", void 0);
     }
 };
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Whether the operation succeeded'
-    }),
-    _ts_metadata("design:type", Boolean)
-], PermissionOperationResultDto.prototype, "success", void 0);
 _ts_decorate([
     (0, _swagger.ApiProperty)({
         description: 'Number of permissions added'
@@ -639,14 +631,7 @@ _ts_decorate([
 ], PermissionOperationResultDto.prototype, "removed", void 0);
 _ts_decorate([
     (0, _swagger.ApiProperty)({
-        description: 'Operation result message'
+        description: 'Number of permissions requested'
     }),
-    _ts_metadata("design:type", String)
-], PermissionOperationResultDto.prototype, "message", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        description: 'Translation key for localization',
-        example: 'permission.process.success'
-    }),
-    _ts_metadata("design:type", String)
-], PermissionOperationResultDto.prototype, "messageKey", void 0);
+    _ts_metadata("design:type", Number)
+], PermissionOperationResultDto.prototype, "total", void 0);

package/cjs/dtos/role.dto.js

@@ -50,7 +50,6 @@ let CreateRoleDto = class CreateRoleDto {
         _define_property(this, "companyId", void 0);
         _define_property(this, "isActive", void 0);
         _define_property(this, "serial", void 0);
-        _define_property(this, "metadata", void 0);
     }
 };
 _ts_decorate([
@@ -103,14 +102,6 @@ _ts_decorate([
     (0, _classvalidator.IsOptional)(),
     _ts_metadata("design:type", Number)
 ], CreateRoleDto.prototype, "serial", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        description: 'Additional metadata',
-        required: false
-    }),
-    (0, _classvalidator.IsOptional)(),
-    _ts_metadata("design:type", typeof Record === "undefined" ? Object : Record)
-], CreateRoleDto.prototype, "metadata", void 0);
 let UpdateRoleDto = class UpdateRoleDto extends (0, _swagger.PartialType)(CreateRoleDto) {
     constructor(...args){
         super(...args), _define_property(this, "id", void 0);
@@ -134,7 +125,6 @@ let RoleResponseDto = class RoleResponseDto {
         _define_property(this, "companyId", void 0);
         _define_property(this, "isActive", void 0);
         _define_property(this, "serial", void 0);
-        _define_property(this, "metadata", void 0);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
         _define_property(this, "deletedAt", void 0);
@@ -171,12 +161,6 @@ _ts_decorate([
     (0, _swagger.ApiProperty)(),
     _ts_metadata("design:type", Object)
 ], RoleResponseDto.prototype, "serial", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        required: false
-    }),
-    _ts_metadata("design:type", Object)
-], RoleResponseDto.prototype, "metadata", void 0);
 _ts_decorate([
     (0, _swagger.ApiProperty)(),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)

package/cjs/entities/action-base.entity.js

@@ -35,7 +35,7 @@ function _ts_metadata(k, v) {
 }
 let ActionBase = class ActionBase extends _nestjsshared.Identity {
     constructor(...args){
-        super(...args), _define_property(this, "readOnly", void 0), _define_property(this, "name", void 0), _define_property(this, "description", void 0), _define_property(this, "code", void 0), _define_property(this, "actionType", void 0), _define_property(this, "permissionLogic", void 0), _define_property(this, "serial", void 0), _define_property(this, "isActive", void 0), _define_property(this, "parent", void 0), _define_property(this, "parentId", void 0), _define_property(this, "children", void 0), _define_property(this, "metadata", void 0);
+        super(...args), _define_property(this, "readOnly", void 0), _define_property(this, "name", void 0), _define_property(this, "description", void 0), _define_property(this, "code", void 0), _define_property(this, "actionType", void 0), _define_property(this, "permissionLogic", void 0), _define_property(this, "serial", void 0), _define_property(this, "isActive", void 0), _define_property(this, "parent", void 0), _define_property(this, "parentId", void 0), _define_property(this, "children", void 0);
     }
 };
 _ts_decorate([
@@ -83,7 +83,8 @@ _ts_decorate([
     _ts_metadata("design:type", typeof _enums.ActionType === "undefined" ? Object : _enums.ActionType)
 ], ActionBase.prototype, "actionType", void 0);
 _ts_decorate([
-    (0, _typeorm.Column)('simple-json', {
+    (0, _typeorm.Column)({
+        type: 'json',
         nullable: true,
         name: 'permission_logic'
     }),
@@ -127,9 +128,3 @@ _ts_decorate([
     (0, _typeorm.OneToMany)('Action', 'parent'),
     _ts_metadata("design:type", Array)
 ], ActionBase.prototype, "children", void 0);
-_ts_decorate([
-    (0, _typeorm.Column)('simple-json', {
-        nullable: true
-    }),
-    _ts_metadata("design:type", Object)
-], ActionBase.prototype, "metadata", void 0);

package/cjs/entities/permission-base.entity.js

@@ -64,7 +64,7 @@ let PermissionBase = class PermissionBase extends _nestjsshared.Identity {
         return true;
     }
     constructor(...args){
-        super(...args), _define_property(this, "permissionType", void 0), _define_property(this, "sourceType", void 0), _define_property(this, "sourceId", void 0), _define_property(this, "targetType", void 0), _define_property(this, "targetId", void 0), _define_property(this, "userId", void 0), _define_property(this, "validFrom", void 0), _define_property(this, "validUntil", void 0), _define_property(this, "reason", void 0), _define_property(this, "metadata", void 0);
+        super(...args), _define_property(this, "permissionType", void 0), _define_property(this, "sourceType", void 0), _define_property(this, "sourceId", void 0), _define_property(this, "targetType", void 0), _define_property(this, "targetId", void 0), _define_property(this, "userId", void 0), _define_property(this, "validFrom", void 0), _define_property(this, "validUntil", void 0), _define_property(this, "reason", void 0);
     }
 };
 _ts_decorate([
@@ -136,9 +136,3 @@ _ts_decorate([
     }),
     _ts_metadata("design:type", Object)
 ], PermissionBase.prototype, "reason", void 0);
-_ts_decorate([
-    (0, _typeorm.Column)('simple-json', {
-        nullable: true
-    }),
-    _ts_metadata("design:type", Object)
-], PermissionBase.prototype, "metadata", void 0);

package/cjs/entities/role-base.entity.js

@@ -34,7 +34,7 @@ function _ts_metadata(k, v) {
 }
 let RoleBase = class RoleBase extends _nestjsshared.Identity {
     constructor(...args){
-        super(...args), _define_property(this, "readOnly", void 0), _define_property(this, "name", void 0), _define_property(this, "description", void 0), _define_property(this, "isActive", void 0), _define_property(this, "serial", void 0), _define_property(this, "metadata", void 0);
+        super(...args), _define_property(this, "readOnly", void 0), _define_property(this, "name", void 0), _define_property(this, "description", void 0), _define_property(this, "isActive", void 0), _define_property(this, "serial", void 0);
     }
 };
 _ts_decorate([
@@ -78,9 +78,3 @@ _ts_decorate([
     }),
     _ts_metadata("design:type", Object)
 ], RoleBase.prototype, "serial", void 0);
-_ts_decorate([
-    (0, _typeorm.Column)('simple-json', {
-        nullable: true
-    }),
-    _ts_metadata("design:type", Object)
-], RoleBase.prototype, "metadata", void 0);

package/cjs/services/action.service.js

@@ -95,7 +95,6 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
             serial: entity.serial,
             isActive: entity.isActive,
             parentId: entity.parentId,
-            metadata: entity.metadata,
             createdAt: entity.createdAt,
             updatedAt: entity.updatedAt,
             deletedAt: entity.deletedAt,
@@ -109,7 +108,7 @@ let ActionService = class ActionService extends _classes.RequestScopedApiService
             throw new _common.BadRequestException({
                 message: `User is required for ${methodName}`,
                 messageKey: _config.PERMISSION_OPERATION_MESSAGES.USER_REQUIRED,
-                messageParams: {
+                messageVariables: {
                     method: methodName
                 }
             });

package/cjs/services/permission.service.js

@@ -8,10 +8,10 @@ Object.defineProperty(exports, "PermissionService", {
         return PermissionService;
     }
 });
-const _config = require("../config");
 const _nestjsshared = require("@flusys/nestjs-shared");
 const _common = require("@nestjs/common");
 const _typeorm = require("typeorm");
+const _config = require("../config");
 const _permissiondto = require("../dtos/permission.dto");
 const _actionentity = require("../entities/action.entity");
 const _permissionwithcompanyentity = require("../entities/permission-with-company.entity");
@@ -265,8 +265,8 @@ let PermissionService = class PermissionService {
             });
             removed = result.affected || 0;
         }
-        const affectedUsers = await this.invalidateRoleMembersCache(dto.roleId);
-        return this.buildOperationResult(dto.items.length, added, removed, `. Invalidated cache for ${affectedUsers} users.`);
+        await this.invalidateRoleMembersCache(dto.roleId);
+        return this.buildOperationResult(dto.items.length, added, removed);
     }
     async getRoleActions(roleId) {
         const permissionRepo = await this.getPermissionRepository();
@@ -311,8 +311,6 @@ let PermissionService = class PermissionService {
         const { toAdd: itemsToAdd, toRemove: itemsToRemove } = this.splitItemsByAction(dto.items);
         let added = 0;
         let removed = 0;
-        let removedRoleActions = 0;
-        let removedUserActions = 0;
         await dataSource.transaction(async (manager)=>{
             const transactionalPermissionRepo = manager.getRepository(permissionRepo.target);
             if (itemsToAdd.length > 0) {
@@ -322,13 +320,10 @@ let PermissionService = class PermissionService {
                 const actionIdsToRemove = itemsToRemove.map((item)=>item.id);
                 const cascadeResult = await this.removeCompanyActionsWithCascade(manager, dto.companyId, actionIdsToRemove);
                 removed = cascadeResult.removedCompanyActions;
-                removedRoleActions = cascadeResult.removedRoleActions;
-                removedUserActions = cascadeResult.removedUserActions;
             }
         });
-        const affectedCacheEntries = await this.invalidateCompanyMembersCache(dto.companyId);
-        const cascadeInfo = removedRoleActions > 0 || removedUserActions > 0 ? ` Cascaded removal: ${removedRoleActions} role permissions, ${removedUserActions} user permissions.` : '';
-        return this.buildOperationResult(dto.items.length, added, removed, `.${cascadeInfo} Invalidated ${affectedCacheEntries} cache entries.`);
+        await this.invalidateCompanyMembersCache(dto.companyId);
+        return this.buildOperationResult(dto.items.length, added, removed);
     }
     async addCompanyActions(permissionRepo, companyId, actionIds) {
         const existingPermissions = await permissionRepo.find({
@@ -732,13 +727,11 @@ let PermissionService = class PermissionService {
             toRemove: items.filter((item)=>item.action === _permissiondto.PermissionAction.REMOVE)
         };
     }
-    /** Build standard operation result DTO */ buildOperationResult(totalItems, added, removed, additionalMessage = '') {
+    /** Build standard operation result DTO */ buildOperationResult(_totalItems, added, removed) {
         return {
-            success: true,
             added,
             removed,
-            message: `Successfully processed ${totalItems} items: ${added} added, ${removed} removed${additionalMessage}`,
-            messageKey: _config.PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS
+            total: _totalItems
         };
     }
     /** Get role IDs assigned to a user (merges company-wide + branch-specific roles) */ async getUserRoleIds(userId, branchId, companyId) {

package/cjs/services/role.service.js

@@ -112,7 +112,6 @@ let RoleService = class RoleService extends _classes.RequestScopedApiService {
             isActive: entity.isActive,
             serial: entity.serial,
             companyId: ('companyId' in entity ? entity.companyId : null) ?? null,
-            metadata: entity.metadata,
             createdAt: entity.createdAt,
             updatedAt: entity.updatedAt,
             deletedAt: entity.deletedAt,