@flusys/nestjs-iam 4.1.1 → 5.0.1

package/config/message-keys.d.ts

@@ -1,41 +1,20 @@
 export declare const ACTION_MESSAGES: {
-    readonly CREATE_SUCCESS: "action.create.success";
-    readonly CREATE_MANY_SUCCESS: "action.create.many.success";
-    readonly GET_SUCCESS: "action.get.success";
     readonly GET_ALL_SUCCESS: "action.get.all.success";
-    readonly UPDATE_SUCCESS: "action.update.success";
-    readonly UPDATE_MANY_SUCCESS: "action.update.many.success";
-    readonly DELETE_SUCCESS: "action.delete.success";
-    readonly RESTORE_SUCCESS: "action.restore.success";
-    readonly NOT_FOUND: "action.not.found";
 };
-export declare const ROLE_MESSAGES: {
-    readonly CREATE_SUCCESS: "role.create.success";
-    readonly CREATE_MANY_SUCCESS: "role.create.many.success";
-    readonly GET_SUCCESS: "role.get.success";
-    readonly GET_ALL_SUCCESS: "role.get.all.success";
-    readonly UPDATE_SUCCESS: "role.update.success";
-    readonly UPDATE_MANY_SUCCESS: "role.update.many.success";
-    readonly DELETE_SUCCESS: "role.delete.success";
-    readonly RESTORE_SUCCESS: "role.restore.success";
-    readonly NOT_FOUND: "role.not.found";
+export declare const PERMISSION_OPERATION_MESSAGES: {
+    readonly PROCESS_SUCCESS: "permission.process.success";
+    readonly ALREADY_EXISTS: "permission.already.exists";
+    readonly USER_REQUIRED: "permission.user.required";
 };
 export declare const ROLE_PERMISSION_MESSAGES: {
-    readonly GET_SUCCESS: "role.permission.get.success";
-    readonly ASSIGN_SUCCESS: "role.permission.assign.success";
     readonly ACTIONS_SUCCESS: "role.permission.actions.success";
-    readonly USERS_SUCCESS: "role.permission.users.success";
     readonly USER_ROLES_SUCCESS: "role.permission.user.roles.success";
 };
 export declare const USER_ACTION_PERMISSION_MESSAGES: {
     readonly GET_SUCCESS: "user.action.permission.get.success";
-    readonly ASSIGN_SUCCESS: "user.action.permission.assign.success";
-    readonly REVOKE_SUCCESS: "user.action.permission.revoke.success";
 };
 export declare const COMPANY_ACTION_PERMISSION_MESSAGES: {
     readonly GET_SUCCESS: "company.action.permission.get.success";
-    readonly ASSIGN_SUCCESS: "company.action.permission.assign.success";
-    readonly REVOKE_SUCCESS: "company.action.permission.revoke.success";
 };
 export declare const MY_PERMISSION_MESSAGES: {
     readonly GET_SUCCESS: "my.permission.get.success";
@@ -45,62 +24,3 @@ export declare const IAM_MODE_MESSAGES: {
     readonly RBAC_MODE_UNAVAILABLE: "iam.rbac.mode.unavailable";
     readonly ROLE_ASSIGNMENT_UNAVAILABLE: "iam.role.assignment.unavailable";
 };
-export declare const PERMISSION_OPERATION_MESSAGES: {
-    readonly PROCESS_SUCCESS: "permission.process.success";
-    readonly ALREADY_EXISTS: "permission.already.exists";
-    readonly USER_REQUIRED: "permission.user.required";
-};
-export declare const IAM_MODULE_MESSAGES: {
-    readonly ACTION: {
-        readonly CREATE_SUCCESS: "action.create.success";
-        readonly CREATE_MANY_SUCCESS: "action.create.many.success";
-        readonly GET_SUCCESS: "action.get.success";
-        readonly GET_ALL_SUCCESS: "action.get.all.success";
-        readonly UPDATE_SUCCESS: "action.update.success";
-        readonly UPDATE_MANY_SUCCESS: "action.update.many.success";
-        readonly DELETE_SUCCESS: "action.delete.success";
-        readonly RESTORE_SUCCESS: "action.restore.success";
-        readonly NOT_FOUND: "action.not.found";
-    };
-    readonly ROLE: {
-        readonly CREATE_SUCCESS: "role.create.success";
-        readonly CREATE_MANY_SUCCESS: "role.create.many.success";
-        readonly GET_SUCCESS: "role.get.success";
-        readonly GET_ALL_SUCCESS: "role.get.all.success";
-        readonly UPDATE_SUCCESS: "role.update.success";
-        readonly UPDATE_MANY_SUCCESS: "role.update.many.success";
-        readonly DELETE_SUCCESS: "role.delete.success";
-        readonly RESTORE_SUCCESS: "role.restore.success";
-        readonly NOT_FOUND: "role.not.found";
-    };
-    readonly ROLE_PERMISSION: {
-        readonly GET_SUCCESS: "role.permission.get.success";
-        readonly ASSIGN_SUCCESS: "role.permission.assign.success";
-        readonly ACTIONS_SUCCESS: "role.permission.actions.success";
-        readonly USERS_SUCCESS: "role.permission.users.success";
-        readonly USER_ROLES_SUCCESS: "role.permission.user.roles.success";
-    };
-    readonly USER_ACTION_PERMISSION: {
-        readonly GET_SUCCESS: "user.action.permission.get.success";
-        readonly ASSIGN_SUCCESS: "user.action.permission.assign.success";
-        readonly REVOKE_SUCCESS: "user.action.permission.revoke.success";
-    };
-    readonly COMPANY_ACTION_PERMISSION: {
-        readonly GET_SUCCESS: "company.action.permission.get.success";
-        readonly ASSIGN_SUCCESS: "company.action.permission.assign.success";
-        readonly REVOKE_SUCCESS: "company.action.permission.revoke.success";
-    };
-    readonly MY_PERMISSION: {
-        readonly GET_SUCCESS: "my.permission.get.success";
-    };
-    readonly IAM_MODE: {
-        readonly DIRECT_MODE_UNAVAILABLE: "iam.direct.mode.unavailable";
-        readonly RBAC_MODE_UNAVAILABLE: "iam.rbac.mode.unavailable";
-        readonly ROLE_ASSIGNMENT_UNAVAILABLE: "iam.role.assignment.unavailable";
-    };
-    readonly PERMISSION_OPERATION: {
-        readonly PROCESS_SUCCESS: "permission.process.success";
-        readonly ALREADY_EXISTS: "permission.already.exists";
-        readonly USER_REQUIRED: "permission.user.required";
-    };
-};

package/controllers/company-action-permission.controller.d.ts

@@ -1,9 +1,9 @@
-import { ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
+import { SingleResponseDto } from '@flusys/nestjs-shared';
 import { AssignCompanyActionsDto, CompanyActionResponseDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export declare class CompanyActionPermissionController {
     private readonly permissionService;
     constructor(permissionService: PermissionService);
-    assignCompanyActions(dto: AssignCompanyActionsDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
-    getCompanyActions(dto: GetCompanyActionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<CompanyActionResponseDto[]>>;
+    assignCompanyActions(dto: AssignCompanyActionsDto): Promise<SingleResponseDto<PermissionOperationResultDto>>;
+    getCompanyActions(dto: GetCompanyActionsDto): Promise<SingleResponseDto<CompanyActionResponseDto[]>>;
 }

package/controllers/role-permission.controller.d.ts

@@ -1,13 +1,13 @@
-import { SingleResponseDto, ILoggedUserInfo } from '@flusys/nestjs-shared';
+import { ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
 import { AssignRoleActionsDto, AssignUserRolesDto, GetRoleActionsDto, GetUserRolesDto, PermissionOperationResultDto, RoleActionResponseDto, UserRoleResponseDto } from '../dtos/permission.dto';
-import { PermissionService } from '../services/permission.service';
 import { IAMConfigService } from '../services/iam-config.service';
+import { PermissionService } from '../services/permission.service';
 export declare class RolePermissionController {
     private readonly permissionService;
     private readonly config;
     constructor(permissionService: PermissionService, config: IAMConfigService);
-    assignRoleActions(dto: AssignRoleActionsDto): Promise<PermissionOperationResultDto>;
+    assignRoleActions(dto: AssignRoleActionsDto): Promise<SingleResponseDto<PermissionOperationResultDto>>;
     getRoleActions(dto: GetRoleActionsDto): Promise<SingleResponseDto<RoleActionResponseDto[]>>;
-    assignUserRoles(dto: AssignUserRolesDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
+    assignUserRoles(dto: AssignUserRolesDto, user: ILoggedUserInfo): Promise<SingleResponseDto<PermissionOperationResultDto>>;
     getUserRoles(dto: GetUserRolesDto, user: ILoggedUserInfo): Promise<SingleResponseDto<UserRoleResponseDto[]>>;
 }

package/controllers/user-action-permission.controller.d.ts

@@ -1,11 +1,11 @@
-import { SingleResponseDto, ILoggedUserInfo } from '@flusys/nestjs-shared';
+import { ILoggedUserInfo, SingleResponseDto } from '@flusys/nestjs-shared';
 import { AssignUserActionsDto, GetUserActionsDto, PermissionOperationResultDto, UserActionResponseDto } from '../dtos/permission.dto';
-import { PermissionService } from '../services/permission.service';
 import { IAMConfigService } from '../services/iam-config.service';
+import { PermissionService } from '../services/permission.service';
 export declare class UserActionPermissionController {
     private readonly permissionService;
     private readonly config;
     constructor(permissionService: PermissionService, config: IAMConfigService);
-    assignUserActions(dto: AssignUserActionsDto, user: ILoggedUserInfo): Promise<PermissionOperationResultDto>;
+    assignUserActions(dto: AssignUserActionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<PermissionOperationResultDto>>;
     getUserActions(dto: GetUserActionsDto, user: ILoggedUserInfo): Promise<SingleResponseDto<UserActionResponseDto[]>>;
 }

package/docs/iam-swagger.config.d.ts

@@ -1,3 +1,3 @@
 import { IModuleSwaggerOptions } from '@flusys/nestjs-core/docs';
 import { IAMPermissionMode } from '../enums/permission-type.enum';
-export declare function iamSwaggerConfig(enableCompanyFeature?: boolean, permissionMode?: IAMPermissionMode): IModuleSwaggerOptions;
+export declare function iamSwaggerConfig(enableCompanyFeature?: boolean, permissionMode?: IAMPermissionMode, databaseMode?: 'single' | 'multi-tenant'): IModuleSwaggerOptions;

package/dtos/action.dto.d.ts

@@ -9,7 +9,6 @@ export declare class CreateActionDto {
     parentId?: string;
     serial?: number;
     isActive?: boolean;
-    metadata?: Record<string, any>;
 }
 declare const UpdateActionDto_base: import("@nestjs/common").Type<Partial<CreateActionDto>>;
 export declare class UpdateActionDto extends UpdateActionDto_base {
@@ -26,7 +25,6 @@ export declare class ActionResponseDto {
     parentId: string | null;
     serial: number | null;
     isActive: boolean;
-    metadata: Record<string, any> | null;
     createdAt: Date;
     updatedAt: Date;
     deletedAt: Date | null;

package/dtos/permission.dto.d.ts

@@ -89,9 +89,7 @@ export declare class MyPermissionsResponseDto {
     cachedEndpoints: number;
 }
 export declare class PermissionOperationResultDto {
-    success: boolean;
     added: number;
     removed: number;
-    message: string;
-    messageKey?: string;
+    total: number;
 }

package/dtos/role.dto.d.ts

@@ -4,7 +4,6 @@ export declare class CreateRoleDto {
     companyId?: string;
     isActive?: boolean;
     serial?: number;
-    metadata?: Record<string, any>;
 }
 declare const UpdateRoleDto_base: import("@nestjs/common").Type<Partial<CreateRoleDto>>;
 export declare class UpdateRoleDto extends UpdateRoleDto_base {
@@ -18,7 +17,6 @@ export declare class RoleResponseDto {
     companyId: string | null;
     isActive: boolean;
     serial: number | null;
-    metadata: Record<string, any> | null;
     createdAt: Date;
     updatedAt: Date;
     deletedAt: Date | null;

package/entities/action-base.entity.d.ts

@@ -13,5 +13,4 @@ export declare abstract class ActionBase extends Identity {
     parent: ActionBase | null;
     parentId: string | null;
     children: ActionBase[];
-    metadata: Record<string, any> | null;
 }

package/entities/permission-base.entity.d.ts

@@ -21,6 +21,5 @@ export declare abstract class PermissionBase extends Identity {
     validFrom: Date | null;
     validUntil: Date | null;
     reason: string | null;
-    metadata: Record<string, any> | null;
     isValid(now?: Date): boolean;
 }

package/entities/role-base.entity.d.ts

@@ -5,5 +5,4 @@ export declare abstract class RoleBase extends Identity {
     description: string | null;
     isActive: boolean;
     serial: number | null;
-    metadata: Record<string, any> | null;
 }

package/fesm/config/message-keys.js

@@ -1,42 +1,21 @@
 // ==================== IAM MODULE MESSAGE KEYS ====================
 export const ACTION_MESSAGES = {
-    CREATE_SUCCESS: 'action.create.success',
-    CREATE_MANY_SUCCESS: 'action.create.many.success',
-    GET_SUCCESS: 'action.get.success',
-    GET_ALL_SUCCESS: 'action.get.all.success',
-    UPDATE_SUCCESS: 'action.update.success',
-    UPDATE_MANY_SUCCESS: 'action.update.many.success',
-    DELETE_SUCCESS: 'action.delete.success',
-    RESTORE_SUCCESS: 'action.restore.success',
-    NOT_FOUND: 'action.not.found'
+    GET_ALL_SUCCESS: 'action.get.all.success'
 };
-export const ROLE_MESSAGES = {
-    CREATE_SUCCESS: 'role.create.success',
-    CREATE_MANY_SUCCESS: 'role.create.many.success',
-    GET_SUCCESS: 'role.get.success',
-    GET_ALL_SUCCESS: 'role.get.all.success',
-    UPDATE_SUCCESS: 'role.update.success',
-    UPDATE_MANY_SUCCESS: 'role.update.many.success',
-    DELETE_SUCCESS: 'role.delete.success',
-    RESTORE_SUCCESS: 'role.restore.success',
-    NOT_FOUND: 'role.not.found'
+export const PERMISSION_OPERATION_MESSAGES = {
+    PROCESS_SUCCESS: 'permission.process.success',
+    ALREADY_EXISTS: 'permission.already.exists',
+    USER_REQUIRED: 'permission.user.required'
 };
 export const ROLE_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'role.permission.get.success',
-    ASSIGN_SUCCESS: 'role.permission.assign.success',
     ACTIONS_SUCCESS: 'role.permission.actions.success',
-    USERS_SUCCESS: 'role.permission.users.success',
     USER_ROLES_SUCCESS: 'role.permission.user.roles.success'
 };
 export const USER_ACTION_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'user.action.permission.get.success',
-    ASSIGN_SUCCESS: 'user.action.permission.assign.success',
-    REVOKE_SUCCESS: 'user.action.permission.revoke.success'
+    GET_SUCCESS: 'user.action.permission.get.success'
 };
 export const COMPANY_ACTION_PERMISSION_MESSAGES = {
-    GET_SUCCESS: 'company.action.permission.get.success',
-    ASSIGN_SUCCESS: 'company.action.permission.assign.success',
-    REVOKE_SUCCESS: 'company.action.permission.revoke.success'
+    GET_SUCCESS: 'company.action.permission.get.success'
 };
 export const MY_PERMISSION_MESSAGES = {
     GET_SUCCESS: 'my.permission.get.success'
@@ -46,19 +25,3 @@ export const IAM_MODE_MESSAGES = {
     RBAC_MODE_UNAVAILABLE: 'iam.rbac.mode.unavailable',
     ROLE_ASSIGNMENT_UNAVAILABLE: 'iam.role.assignment.unavailable'
 };
-export const PERMISSION_OPERATION_MESSAGES = {
-    PROCESS_SUCCESS: 'permission.process.success',
-    ALREADY_EXISTS: 'permission.already.exists',
-    USER_REQUIRED: 'permission.user.required'
-};
-// Aggregated export for backward compatibility
-export const IAM_MODULE_MESSAGES = {
-    ACTION: ACTION_MESSAGES,
-    ROLE: ROLE_MESSAGES,
-    ROLE_PERMISSION: ROLE_PERMISSION_MESSAGES,
-    USER_ACTION_PERMISSION: USER_ACTION_PERMISSION_MESSAGES,
-    COMPANY_ACTION_PERMISSION: COMPANY_ACTION_PERMISSION_MESSAGES,
-    MY_PERMISSION: MY_PERMISSION_MESSAGES,
-    IAM_MODE: IAM_MODE_MESSAGES,
-    PERMISSION_OPERATION: PERMISSION_OPERATION_MESSAGES
-};

package/fesm/controllers/company-action-permission.controller.js

@@ -25,17 +25,28 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { COMPANY_ACTION_PERMISSIONS, CurrentUser, ILoggedUserInfo, JwtAuthGuard, RequirePermission, SingleResponseDto } from '@flusys/nestjs-shared';
-import { COMPANY_ACTION_PERMISSION_MESSAGES } from '../config';
+import { ApiResponseDto, COMPANY_ACTION_PERMISSIONS, JwtAuthGuard, RequirePermission } from '@flusys/nestjs-shared';
 import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
-import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
-import { AssignCompanyActionsDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
+import { ApiBearerAuth, ApiBody, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { COMPANY_ACTION_PERMISSION_MESSAGES, PERMISSION_OPERATION_MESSAGES } from '../config';
+import { AssignCompanyActionsDto, CompanyActionResponseDto, GetCompanyActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
 import { PermissionService } from '../services/permission.service';
 export class CompanyActionPermissionController {
-    async assignCompanyActions(dto, user) {
-        return this.permissionService.assignCompanyActions(dto);
+    async assignCompanyActions(dto) {
+        const result = await this.permissionService.assignCompanyActions(dto);
+        return {
+            success: true,
+            message: 'Company actions updated successfully',
+            messageKey: PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
-    async getCompanyActions(dto, user) {
+    async getCompanyActions(dto) {
         const actions = await this.permissionService.getCompanyActions(dto.companyId);
         return {
             success: true,
@@ -56,19 +67,14 @@ _ts_decorate([
         summary: 'Whitelist actions for company',
         description: 'Controls which actions are available to company users/roles.'
     }),
-    ApiResponse({
-        status: 200,
-        type: PermissionOperationResultDto
-    }),
+    ApiResponseDto(PermissionOperationResultDto),
     ApiBody({
         type: AssignCompanyActionsDto
     }),
     _ts_param(0, Body()),
-    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto,
-        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
+        typeof AssignCompanyActionsDto === "undefined" ? Object : AssignCompanyActionsDto
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "assignCompanyActions", null);
@@ -79,19 +85,14 @@ _ts_decorate([
         summary: 'Get company whitelisted actions',
         description: 'Returns actions available to company.'
     }),
-    ApiResponse({
-        status: 200,
-        type: SingleResponseDto
-    }),
+    ApiResponseDto(CompanyActionResponseDto, true, 'single'),
     ApiBody({
         type: GetCompanyActionsDto
     }),
     _ts_param(0, Body()),
-    _ts_param(1, CurrentUser()),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
-        typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto,
-        typeof ILoggedUserInfo === "undefined" ? Object : ILoggedUserInfo
+        typeof GetCompanyActionsDto === "undefined" ? Object : GetCompanyActionsDto
     ]),
     _ts_metadata("design:returntype", Promise)
 ], CompanyActionPermissionController.prototype, "getCompanyActions", null);

package/fesm/controllers/my-permission.controller.js

@@ -25,7 +25,7 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { CurrentUser, ILoggedUserInfo, JwtAuthGuard } from '@flusys/nestjs-shared';
+import { ApiResponseDto, CurrentUser, ILoggedUserInfo, JwtAuthGuard } from '@flusys/nestjs-shared';
 import { MY_PERMISSION_MESSAGES } from '../config';
 import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
 import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
@@ -53,10 +53,7 @@ _ts_decorate([
         summary: 'Get current user permissions',
         description: 'Returns complete permissions for authenticated user. Includes menus, frontend actions, and caches endpoint permissions. Optionally filter by parent codes.'
     }),
-    ApiResponse({
-        status: 200,
-        type: MyPermissionsResponseDto
-    }),
+    ApiResponseDto(MyPermissionsResponseDto),
     ApiResponse({
         status: 401,
         description: 'Unauthorized'

package/fesm/controllers/role-permission.controller.js

@@ -25,17 +25,28 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { JwtAuthGuard, SingleResponseDto, RequirePermission, ROLE_ACTION_PERMISSIONS, USER_ROLE_PERMISSIONS, CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
-import { ROLE_PERMISSION_MESSAGES } from '../config';
+import { ApiResponseDto, CurrentUser, ILoggedUserInfo, JwtAuthGuard, RequirePermission, ROLE_ACTION_PERMISSIONS, USER_ROLE_PERMISSIONS } from '@flusys/nestjs-shared';
 import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
-import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
-import { AssignRoleActionsDto, AssignUserRolesDto, GetRoleActionsDto, GetUserRolesDto, PermissionOperationResultDto } from '../dtos/permission.dto';
+import { ApiBearerAuth, ApiBody, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { PERMISSION_OPERATION_MESSAGES, ROLE_PERMISSION_MESSAGES } from '../config';
+import { AssignRoleActionsDto, AssignUserRolesDto, GetRoleActionsDto, GetUserRolesDto, PermissionOperationResultDto, RoleActionResponseDto, UserRoleResponseDto } from '../dtos/permission.dto';
 import { validateCompanyAccess } from '../helpers';
-import { PermissionService } from '../services/permission.service';
 import { IAMConfigService } from '../services/iam-config.service';
+import { PermissionService } from '../services/permission.service';
 export class RolePermissionController {
     async assignRoleActions(dto) {
-        return this.permissionService.assignRoleActions(dto);
+        const result = await this.permissionService.assignRoleActions(dto);
+        return {
+            success: true,
+            message: 'Role actions updated successfully',
+            messageKey: PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getRoleActions(dto) {
         const actions = await this.permissionService.getRoleActions(dto.roleId);
@@ -48,7 +59,18 @@ export class RolePermissionController {
     }
     async assignUserRoles(dto, user) {
         validateCompanyAccess(this.config, dto.companyId, user);
-        return this.permissionService.assignUserRoles(dto);
+        const result = await this.permissionService.assignUserRoles(dto);
+        return {
+            success: true,
+            message: 'User roles updated successfully',
+            messageKey: PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getUserRoles(dto, user) {
         validateCompanyAccess(this.config, dto.companyId, user);
@@ -75,10 +97,7 @@ _ts_decorate([
         summary: 'Assign/remove actions to/from role',
         description: 'RBAC mode. No branch scoping.'
     }),
-    ApiResponse({
-        status: 200,
-        type: PermissionOperationResultDto
-    }),
+    ApiResponseDto(PermissionOperationResultDto),
     ApiBody({
         type: AssignRoleActionsDto
     }),
@@ -96,10 +115,7 @@ _ts_decorate([
         summary: 'Get role actions',
         description: 'Returns actions assigned to role.'
     }),
-    ApiResponse({
-        status: 200,
-        type: SingleResponseDto
-    }),
+    ApiResponseDto(RoleActionResponseDto, true, 'single'),
     ApiBody({
         type: GetRoleActionsDto
     }),
@@ -117,10 +133,7 @@ _ts_decorate([
         summary: 'Assign/remove roles to/from user',
         description: 'RBAC mode. If company feature enabled, branchId is required.'
     }),
-    ApiResponse({
-        status: 200,
-        type: PermissionOperationResultDto
-    }),
+    ApiResponseDto(PermissionOperationResultDto),
     ApiBody({
         type: AssignUserRolesDto
     }),
@@ -140,10 +153,7 @@ _ts_decorate([
         summary: 'Get user roles',
         description: 'Returns roles assigned to user. Filter by companyId and branchId.'
     }),
-    ApiResponse({
-        status: 200,
-        type: SingleResponseDto
-    }),
+    ApiResponseDto(UserRoleResponseDto, true, 'single'),
     ApiBody({
         type: GetUserRolesDto
     }),

package/fesm/controllers/user-action-permission.controller.js

@@ -25,18 +25,29 @@ function _ts_param(paramIndex, decorator) {
         decorator(target, key, paramIndex);
     };
 }
-import { JwtAuthGuard, SingleResponseDto, RequirePermission, USER_ACTION_PERMISSIONS, CurrentUser, ILoggedUserInfo } from '@flusys/nestjs-shared';
-import { USER_ACTION_PERMISSION_MESSAGES } from '../config';
+import { ApiResponseDto, CurrentUser, ILoggedUserInfo, JwtAuthGuard, RequirePermission, USER_ACTION_PERMISSIONS } from '@flusys/nestjs-shared';
 import { Body, Controller, Inject, Post, UseGuards } from '@nestjs/common';
-import { ApiBearerAuth, ApiBody, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
-import { AssignUserActionsDto, GetUserActionsDto, PermissionOperationResultDto } from '../dtos/permission.dto';
+import { ApiBearerAuth, ApiBody, ApiOperation, ApiTags } from '@nestjs/swagger';
+import { PERMISSION_OPERATION_MESSAGES, USER_ACTION_PERMISSION_MESSAGES } from '../config';
+import { AssignUserActionsDto, GetUserActionsDto, PermissionOperationResultDto, UserActionResponseDto } from '../dtos/permission.dto';
 import { validateCompanyAccess } from '../helpers';
-import { PermissionService } from '../services/permission.service';
 import { IAMConfigService } from '../services/iam-config.service';
+import { PermissionService } from '../services/permission.service';
 export class UserActionPermissionController {
     async assignUserActions(dto, user) {
         validateCompanyAccess(this.config, dto.companyId, user);
-        return this.permissionService.assignUserActions(dto);
+        const result = await this.permissionService.assignUserActions(dto);
+        return {
+            success: true,
+            message: 'User actions updated successfully',
+            messageKey: PERMISSION_OPERATION_MESSAGES.PROCESS_SUCCESS,
+            messageVariables: {
+                added: result.added,
+                removed: result.removed,
+                total: result.total
+            },
+            data: result
+        };
     }
     async getUserActions(dto, user) {
         validateCompanyAccess(this.config, dto.companyId, user);
@@ -63,10 +74,7 @@ _ts_decorate([
         summary: 'Assign/remove actions to/from user',
         description: 'Direct permissions. If company feature enabled, branchId is required.'
     }),
-    ApiResponse({
-        status: 200,
-        type: PermissionOperationResultDto
-    }),
+    ApiResponseDto(PermissionOperationResultDto),
     ApiBody({
         type: AssignUserActionsDto
     }),
@@ -86,10 +94,7 @@ _ts_decorate([
         summary: 'Get user direct actions',
         description: 'Returns direct action permissions for user. Filter by companyId and branchId.'
     }),
-    ApiResponse({
-        status: 200,
-        type: SingleResponseDto
-    }),
+    ApiResponseDto(UserActionResponseDto, true, 'single'),
     ApiBody({
         type: GetUserActionsDto
     }),

package/fesm/docs/iam-swagger.config.js

@@ -7,7 +7,8 @@ import { IAMPermissionMode } from '../enums/permission-type.enum';
     'User Permissions',
     'Company Selection'
 ];
-export function iamSwaggerConfig(enableCompanyFeature = false, permissionMode = IAMPermissionMode.FULL) {
+export function iamSwaggerConfig(enableCompanyFeature = false, permissionMode = IAMPermissionMode.FULL, databaseMode = 'single') {
+    const multiTenantNote = databaseMode === 'multi-tenant' ? `\n> **Multi-Tenant Mode**: Include \`x-tenant-id\` header to target a specific tenant database.\n` : '';
     const excludeSchemaProperties = enableCompanyFeature ? [] : [
         // DTOs with companyId and branchId
         {
@@ -105,7 +106,7 @@ export function iamSwaggerConfig(enableCompanyFeature = false, permissionMode =
         title: 'IAM API',
         description: `
 ## Identity & Access Management API
-
+${multiTenantNote}
 Advanced permission system with flexible modes: RBAC, Direct Permissions, or both.
 
 ### Current Configuration

package/fesm/dtos/action.dto.js

@@ -34,7 +34,6 @@ export class CreateActionDto {
         _define_property(this, "parentId", void 0);
         _define_property(this, "serial", void 0);
         _define_property(this, "isActive", void 0);
-        _define_property(this, "metadata", void 0);
     }
 }
 _ts_decorate([
@@ -118,14 +117,6 @@ _ts_decorate([
     IsOptional(),
     _ts_metadata("design:type", Boolean)
 ], CreateActionDto.prototype, "isActive", void 0);
-_ts_decorate([
-    ApiProperty({
-        description: 'Additional metadata',
-        required: false
-    }),
-    IsOptional(),
-    _ts_metadata("design:type", typeof Record === "undefined" ? Object : Record)
-], CreateActionDto.prototype, "metadata", void 0);
 export class UpdateActionDto extends PartialType(CreateActionDto) {
     constructor(...args){
         super(...args), _define_property(this, "id", void 0);
@@ -152,7 +143,6 @@ export class ActionResponseDto {
         _define_property(this, "parentId", void 0);
         _define_property(this, "serial", void 0);
         _define_property(this, "isActive", void 0);
-        _define_property(this, "metadata", void 0);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
         _define_property(this, "deletedAt", void 0);
@@ -203,12 +193,6 @@ _ts_decorate([
     ApiProperty(),
     _ts_metadata("design:type", Boolean)
 ], ActionResponseDto.prototype, "isActive", void 0);
-_ts_decorate([
-    ApiProperty({
-        required: false
-    }),
-    _ts_metadata("design:type", Object)
-], ActionResponseDto.prototype, "metadata", void 0);
 _ts_decorate([
     ApiProperty(),
     _ts_metadata("design:type", typeof Date === "undefined" ? Object : Date)