npm - @flusys/nestjs-shared - Versions diffs - 1.1.0-beta → 2.0.0 - Mend

@flusys/nestjs-shared 1.1.0-beta → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/README.md +501 -720
package/cjs/classes/api-controller.class.js +9 -24
package/cjs/classes/api-service.class.js +59 -92
package/cjs/classes/index.js +1 -0
package/cjs/classes/winston-logger-adapter.class.js +23 -40
package/cjs/constants/index.js +14 -0
package/cjs/constants/permissions.js +184 -0
package/cjs/decorators/api-response.decorator.js +1 -1
package/cjs/decorators/index.js +1 -0
package/cjs/decorators/sanitize-html.decorator.js +36 -0
package/cjs/dtos/delete.dto.js +10 -0
package/cjs/dtos/filter-and-pagination.dto.js +24 -34
package/cjs/dtos/pagination.dto.js +4 -8
package/cjs/dtos/response-payload.dto.js +0 -116
package/cjs/entities/identity.js +4 -4
package/cjs/entities/user-root.js +13 -14
package/cjs/guards/permission.guard.js +51 -105
package/cjs/interceptors/index.js +1 -3
package/cjs/interceptors/set-user-field-on-body.interceptor.js +60 -0
package/cjs/interceptors/slug.interceptor.js +30 -9
package/cjs/interfaces/datasource.interface.js +4 -0
package/cjs/interfaces/index.js +2 -1
package/cjs/interfaces/module-config.interface.js +4 -0
package/cjs/middlewares/logger.middleware.js +50 -89
package/cjs/modules/cache/cache.module.js +3 -3
package/cjs/modules/datasource/datasource.module.js +11 -14
package/cjs/modules/datasource/multi-tenant-datasource.service.js +29 -113
package/cjs/modules/utils/utils.service.js +40 -203
package/cjs/utils/error-handler.util.js +35 -12
package/cjs/utils/html-sanitizer.util.js +64 -0
package/cjs/utils/index.js +4 -0
package/cjs/utils/query-helpers.util.js +53 -0
package/cjs/utils/request.util.js +70 -0
package/cjs/utils/string.util.js +63 -0
package/classes/api-controller.class.d.ts +5 -5
package/classes/api-service.class.d.ts +7 -5
package/classes/index.d.ts +1 -0
package/classes/request-scoped-api.service.d.ts +3 -2
package/classes/winston-logger-adapter.class.d.ts +2 -0
package/constants/index.d.ts +1 -0
package/constants/permissions.d.ts +179 -0
package/decorators/index.d.ts +1 -0
package/decorators/sanitize-html.decorator.d.ts +2 -0
package/dtos/delete.dto.d.ts +1 -0
package/dtos/filter-and-pagination.dto.d.ts +0 -2
package/dtos/response-payload.dto.d.ts +0 -20
package/fesm/classes/api-controller.class.js +9 -24
package/fesm/classes/api-service.class.js +59 -92
package/fesm/classes/index.js +2 -0
package/fesm/classes/winston-logger-adapter.class.js +23 -40
package/fesm/constants/index.js +2 -0
package/fesm/constants/permissions.js +128 -0
package/fesm/decorators/api-response.decorator.js +1 -1
package/fesm/decorators/index.js +1 -0
package/fesm/decorators/sanitize-html.decorator.js +45 -0
package/fesm/dtos/delete.dto.js +12 -2
package/fesm/dtos/filter-and-pagination.dto.js +26 -47
package/fesm/dtos/pagination.dto.js +4 -8
package/fesm/dtos/response-payload.dto.js +0 -107
package/fesm/entities/identity.js +4 -4
package/fesm/entities/user-root.js +13 -14
package/fesm/guards/permission.guard.js +51 -105
package/fesm/interceptors/index.js +1 -3
package/fesm/interceptors/set-user-field-on-body.interceptor.js +39 -0
package/fesm/interceptors/slug.interceptor.js +31 -10
package/fesm/interfaces/datasource.interface.js +20 -0
package/fesm/interfaces/index.js +2 -1
package/fesm/interfaces/module-config.interface.js +5 -0
package/fesm/middlewares/logger.middleware.js +50 -83
package/fesm/modules/cache/cache.module.js +2 -2
package/fesm/modules/datasource/datasource.module.js +11 -14
package/fesm/modules/datasource/multi-tenant-datasource.service.js +29 -113
package/fesm/modules/utils/utils.service.js +41 -204
package/fesm/utils/error-handler.util.js +36 -13
package/fesm/utils/html-sanitizer.util.js +69 -0
package/fesm/utils/index.js +4 -0
package/fesm/utils/query-helpers.util.js +78 -0
package/fesm/utils/request.util.js +58 -0
package/fesm/utils/string.util.js +71 -0
package/guards/permission.guard.d.ts +2 -0
package/interceptors/index.d.ts +1 -3
package/interceptors/set-user-field-on-body.interceptor.d.ts +5 -0
package/interceptors/slug.interceptor.d.ts +2 -1
package/interfaces/api.interface.d.ts +2 -2
package/interfaces/datasource.interface.d.ts +5 -0
package/interfaces/identity.interface.d.ts +4 -4
package/interfaces/index.d.ts +2 -1
package/interfaces/logged-user-info.interface.d.ts +0 -2
package/interfaces/module-config.interface.d.ts +6 -0
package/interfaces/permission.interface.d.ts +0 -1
package/middlewares/logger.middleware.d.ts +2 -2
package/modules/datasource/datasource.module.d.ts +1 -0
package/modules/datasource/multi-tenant-datasource.service.d.ts +0 -1
package/modules/utils/utils.service.d.ts +4 -14
package/package.json +4 -4
package/utils/error-handler.util.d.ts +14 -19
package/utils/html-sanitizer.util.d.ts +2 -0
package/utils/index.d.ts +4 -0
package/utils/query-helpers.util.d.ts +16 -0
package/utils/request.util.d.ts +4 -0
package/utils/string.util.d.ts +2 -0
package/cjs/interceptors/set-create-by-on-body.interceptor.js +0 -40
package/cjs/interceptors/set-delete-by-on-body.interceptor.js +0 -40
package/cjs/interceptors/set-update-by-on-body.interceptor.js +0 -40
package/cjs/interfaces/base-query.interface.js +0 -6
package/fesm/interceptors/set-create-by-on-body.interceptor.js +0 -30
package/fesm/interceptors/set-delete-by-on-body.interceptor.js +0 -30
package/fesm/interceptors/set-update-by-on-body.interceptor.js +0 -30
package/fesm/interfaces/base-query.interface.js +0 -3
package/interceptors/set-create-by-on-body.interceptor.d.ts +0 -5
package/interceptors/set-delete-by-on-body.interceptor.d.ts +0 -5
package/interceptors/set-update-by-on-body.interceptor.d.ts +0 -5
package/interfaces/base-query.interface.d.ts +0 -7

package/cjs/dtos/filter-and-pagination.dto.js CHANGED Viewed

@@ -49,7 +49,6 @@ let FilterAndPaginationDto = class FilterAndPaginationDto {
         _define_property(this, "sort", void 0);
         _define_property(this, "select", void 0);
         _define_property(this, "withDeleted", void 0);
-        _define_property(this, "extraKey", void 0);
     }
 };
 _ts_decorate([
@@ -97,7 +96,7 @@ _ts_decorate([
         type: [
             String
         ],
-        description: 'Fields to return. If empty, returns all fields.',
+        description: 'Fields to return. Must be valid field names (alphanumeric, underscores only). If empty, returns all fields.',
         example: [
             'id',
             'name',
@@ -107,6 +106,17 @@ _ts_decorate([
     }),
     (0, _classvalidator.IsOptional)(),
     (0, _classvalidator.IsArray)(),
+    (0, _classvalidator.IsString)({
+        each: true
+    }),
+    (0, _classvalidator.Matches)(/^[a-zA-Z_][a-zA-Z0-9_]*$/, {
+        each: true,
+        message: 'Select fields must be valid identifiers (alphanumeric and underscores only)'
+    }),
+    (0, _classvalidator.MaxLength)(64, {
+        each: true,
+        message: 'Field names must be 64 characters or less'
+    }),
     _ts_metadata("design:type", Array)
 ], FilterAndPaginationDto.prototype, "select", void 0);
 _ts_decorate([
@@ -119,25 +129,9 @@ _ts_decorate([
     (0, _classvalidator.IsBoolean)(),
     _ts_metadata("design:type", Boolean)
 ], FilterAndPaginationDto.prototype, "withDeleted", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        type: [
-            String
-        ],
-        description: 'Additional relation keys to include',
-        example: [
-            'category',
-            'createdBy'
-        ]
-    }),
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsArray)(),
-    _ts_metadata("design:type", Array)
-], FilterAndPaginationDto.prototype, "extraKey", void 0);
 let GetByIdBodyDto = class GetByIdBodyDto {
     constructor(){
         _define_property(this, "select", void 0);
-        _define_property(this, "extraKey", void 0);
     }
 };
 _ts_decorate([
@@ -145,7 +139,7 @@ _ts_decorate([
         type: [
             String
         ],
-        description: 'Fields to return. If empty, returns all fields.',
+        description: 'Fields to return. Must be valid field names (alphanumeric, underscores only). If empty, returns all fields.',
         example: [
             'id',
             'name',
@@ -155,20 +149,16 @@ _ts_decorate([
     }),
     (0, _classvalidator.IsOptional)(),
     (0, _classvalidator.IsArray)(),
-    _ts_metadata("design:type", Array)
-], GetByIdBodyDto.prototype, "select", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        type: [
-            String
-        ],
-        description: 'Additional relation keys to include',
-        example: [
-            'category',
-            'createdBy'
-        ]
+    (0, _classvalidator.IsString)({
+        each: true
+    }),
+    (0, _classvalidator.Matches)(/^[a-zA-Z_][a-zA-Z0-9_]*$/, {
+        each: true,
+        message: 'Select fields must be valid identifiers (alphanumeric and underscores only)'
+    }),
+    (0, _classvalidator.MaxLength)(64, {
+        each: true,
+        message: 'Field names must be 64 characters or less'
     }),
-    (0, _classvalidator.IsOptional)(),
-    (0, _classvalidator.IsArray)(),
     _ts_metadata("design:type", Array)
-], GetByIdBodyDto.prototype, "extraKey", void 0);
+], GetByIdBodyDto.prototype, "select", void 0);

package/cjs/dtos/pagination.dto.js CHANGED Viewed

@@ -35,17 +35,13 @@ function _ts_metadata(k, v) {
 }
 let PaginationDto = class PaginationDto {
     constructor(){
-        /**
-   * Number of items per page. Defaults to 10 when not provided or invalid.
-   */ _define_property(this, "pageSize", 10);
-        /**
-   * Zero-based page index. Defaults to 0 when not provided or invalid.
-   */ _define_property(this, "currentPage", 0);
+        _define_property(this, "pageSize", 10);
+        _define_property(this, "currentPage", 0);
     }
 };
 _ts_decorate([
     (0, _swagger.ApiPropertyOptional)({
-        description: 'Number of items per page. Defaults to 10 when not provided or invalid.',
+        description: 'Number of items per page (default: 10)',
         example: 10
     }),
     (0, _classvalidator.IsOptional)(),
@@ -58,7 +54,7 @@ _ts_decorate([
 ], PaginationDto.prototype, "pageSize", void 0);
 _ts_decorate([
     (0, _swagger.ApiPropertyOptional)({
-        description: 'Zero-based page index. Defaults to 0 when not provided or invalid.',
+        description: 'Zero-based page index (default: 0)',
         example: 0
     }),
     (0, _classvalidator.IsOptional)(),

package/cjs/dtos/response-payload.dto.js CHANGED Viewed

@@ -15,9 +15,6 @@ _export(exports, {
     get BulkResponseDto () {
         return BulkResponseDto;
     },
-    get ErrorResponseDto () {
-        return ErrorResponseDto;
-    },
     get ListResponseDto () {
         return ListResponseDto;
     },
@@ -30,14 +27,8 @@ _export(exports, {
     get RequestMetaDto () {
         return RequestMetaDto;
     },
-    get ResponsePayloadDto () {
-        return ResponsePayloadDto;
-    },
     get SingleResponseDto () {
         return SingleResponseDto;
-    },
-    get ValidationErrorDto () {
-        return ValidationErrorDto;
     }
 });
 const _swagger = require("@nestjs/swagger");
@@ -304,110 +295,3 @@ _ts_decorate([
 MessageResponseDto = _ts_decorate([
     (0, _swagger.ApiExtraModels)()
 ], MessageResponseDto);
-let ValidationErrorDto = class ValidationErrorDto {
-    constructor(){
-        _define_property(this, "field", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "constraint", void 0);
-    }
-};
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: 'email'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "field", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: 'Invalid email format'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "message", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        example: 'isEmail'
-    }),
-    _ts_metadata("design:type", String)
-], ValidationErrorDto.prototype, "constraint", void 0);
-let ErrorResponseDto = class ErrorResponseDto {
-    constructor(){
-        _define_property(this, "success", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "code", void 0);
-        _define_property(this, "errors", void 0);
-        _define_property(this, "_meta", void 0);
-    }
-};
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: false
-    }),
-    _ts_metadata("design:type", Boolean)
-], ErrorResponseDto.prototype, "success", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: 'Validation failed'
-    }),
-    _ts_metadata("design:type", String)
-], ErrorResponseDto.prototype, "message", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        example: 'VALIDATION_ERROR'
-    }),
-    _ts_metadata("design:type", String)
-], ErrorResponseDto.prototype, "code", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        type: [
-            ValidationErrorDto
-        ]
-    }),
-    _ts_metadata("design:type", Array)
-], ErrorResponseDto.prototype, "errors", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        type: RequestMetaDto
-    }),
-    _ts_metadata("design:type", typeof RequestMetaDto === "undefined" ? Object : RequestMetaDto)
-], ErrorResponseDto.prototype, "_meta", void 0);
-ErrorResponseDto = _ts_decorate([
-    (0, _swagger.ApiExtraModels)()
-], ErrorResponseDto);
-let ResponsePayloadDto = class ResponsePayloadDto {
-    constructor(){
-        _define_property(this, "success", void 0);
-        _define_property(this, "message", void 0);
-        _define_property(this, "data", void 0);
-        _define_property(this, "meta", void 0);
-        _define_property(this, "_meta", void 0);
-    }
-};
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: true
-    }),
-    _ts_metadata("design:type", Boolean)
-], ResponsePayloadDto.prototype, "success", void 0);
-_ts_decorate([
-    (0, _swagger.ApiProperty)({
-        example: 'Operation successful'
-    }),
-    _ts_metadata("design:type", String)
-], ResponsePayloadDto.prototype, "message", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)(),
-    _ts_metadata("design:type", typeof T === "undefined" ? Object : T)
-], ResponsePayloadDto.prototype, "data", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)(),
-    _ts_metadata("design:type", Object)
-], ResponsePayloadDto.prototype, "meta", void 0);
-_ts_decorate([
-    (0, _swagger.ApiPropertyOptional)({
-        type: RequestMetaDto
-    }),
-    _ts_metadata("design:type", typeof RequestMetaDto === "undefined" ? Object : RequestMetaDto)
-], ResponsePayloadDto.prototype, "_meta", void 0);
-ResponsePayloadDto = _ts_decorate([
-    (0, _swagger.ApiExtraModels)()
-], ResponsePayloadDto);

package/cjs/entities/identity.js CHANGED Viewed

@@ -36,10 +36,10 @@ let Identity = class Identity {
         _define_property(this, "id", void 0);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
-        _define_property(this, "deletedAt", void 0);
-        _define_property(this, "createdById", void 0);
-        _define_property(this, "updatedById", void 0);
-        _define_property(this, "deletedById", void 0);
+        _define_property(this, "deletedAt", null);
+        _define_property(this, "createdById", null);
+        _define_property(this, "updatedById", null);
+        _define_property(this, "deletedById", null);
     }
 };
 _ts_decorate([

package/cjs/entities/user-root.js CHANGED Viewed

@@ -34,23 +34,22 @@ function _ts_metadata(k, v) {
 let UserRoot = class UserRoot {
     constructor(){
         _define_property(this, "id", void 0);
-        _define_property(this, "name", void 0);
-        _define_property(this, "password", void 0);
+        _define_property(this, "name", null);
+        _define_property(this, "password", null);
         _define_property(this, "email", void 0);
-        _define_property(this, "phone", void 0);
-        _define_property(this, "isActive", void 0);
-        _define_property(this, "emailVerified", void 0);
-        _define_property(this, "phoneVerified", void 0);
-        _define_property(this, "profilePictureId", void 0);
-        _define_property(this, "lastLoginAt", void 0);
-        _define_property(this, "additionalFields", void 0);
+        _define_property(this, "phone", null);
+        _define_property(this, "isActive", true);
+        _define_property(this, "emailVerified", false);
+        _define_property(this, "phoneVerified", false);
+        _define_property(this, "profilePictureId", null);
+        _define_property(this, "lastLoginAt", null);
+        _define_property(this, "additionalFields", null);
         _define_property(this, "createdAt", void 0);
         _define_property(this, "updatedAt", void 0);
-        _define_property(this, "deletedAt", void 0);
-        // Audit columns (for ApiService compatibility)
-        _define_property(this, "createdById", void 0);
-        _define_property(this, "updatedById", void 0);
-        _define_property(this, "deletedById", void 0);
+        _define_property(this, "deletedAt", null);
+        _define_property(this, "createdById", null);
+        _define_property(this, "updatedById", null);
+        _define_property(this, "deletedById", null);
     }
 };
 _ts_decorate([

package/cjs/guards/permission.guard.js CHANGED Viewed

@@ -45,106 +45,81 @@ function _ts_param(paramIndex, decorator) {
 }
 let PermissionGuard = class PermissionGuard {
     async canActivate(context) {
-        // Check if route is marked as public
         const isPublic = this.reflector.getAllAndOverride(_constants.IS_PUBLIC_KEY, [
             context.getHandler(),
             context.getClass()
         ]);
         if (isPublic) return true;
-        // Get required permissions from decorator
         const permissionConfig = this.reflector.getAllAndOverride(_constants.PERMISSIONS_KEY, [
             context.getHandler(),
             context.getClass()
         ]);
-        // If no permissions required, allow access
-        if (!permissionConfig) {
-            return true;
-        }
-        // Normalize permission config (support old format: string[])
+        if (!permissionConfig) return true;
         const { permissions: requiredPermissions, operator } = this.normalizePermissionConfig(permissionConfig);
-        // If no permissions required, allow access
-        if (!requiredPermissions || requiredPermissions.length === 0) {
-            return true;
-        }
+        if (!requiredPermissions || requiredPermissions.length === 0) return true;
         const request = context.switchToHttp().getRequest();
         const user = request.user;
-        // User must be authenticated
-        if (!user) {
-            throw new _common.UnauthorizedException('Authentication required');
-        }
-        // Cache is required for permission checks - fail securely if unavailable
+        if (!user) throw new _common.UnauthorizedException('Authentication required');
         if (!this.cache) {
-            // Log error (in production, this should be monitored)
-            this.logger.error(`Cache not available - permission system unavailable (userId: ${user.id})`, undefined, 'PermissionGuard');
-            // Fail securely - deny access rather than allowing without permission check
+            this.logger.error(`Cache not available (userId: ${user.id})`, undefined, 'PermissionGuard');
             throw new _permissionexception.PermissionSystemUnavailableException();
         }
-        // Get user's permissions from cache
         const userPermissions = await this.getUserPermissions(user);
-        // If no permissions found in cache, deny access
         if (!userPermissions || userPermissions.length === 0) {
-            this.logger.warn(`No permissions found for user (userId: ${user.id})`, 'PermissionGuard');
+            this.logger.warn(`No permissions found (userId: ${user.id})`, 'PermissionGuard');
             throw new _permissionexception.NoPermissionsFoundException();
         }
-        // Check if this is a nested condition or simple permission list
         if (this.isNestedCondition(permissionConfig)) {
-            // Complex nested permission check
             const result = this.evaluateCondition(permissionConfig, userPermissions);
             if (!result.passed) {
-                this.logger.warn(`Permission check failed (userId: ${user.id}, missing: ${result.missingPermissions.join(', ')})`, 'PermissionGuard');
+                this.logger.warn(`Permission denied (userId: ${user.id})`, 'PermissionGuard');
                 throw new _permissionexception.InsufficientPermissionsException(result.missingPermissions, result.operator);
             }
         } else {
-            // Simple permission check (backward compatible)
-            let hasRequiredPermissions;
-            if (operator === 'or') {
-                // OR: User must have at least ONE permission
-                hasRequiredPermissions = requiredPermissions.some((permission)=>this.hasPermission(userPermissions, permission));
-                if (!hasRequiredPermissions) {
-                    throw new _permissionexception.InsufficientPermissionsException(requiredPermissions, 'or');
-                }
-            } else {
-                // AND (default): User must have ALL permissions
-                hasRequiredPermissions = requiredPermissions.every((permission)=>this.hasPermission(userPermissions, permission));
-                if (!hasRequiredPermissions) {
-                    const missing = requiredPermissions.filter((permission)=>!this.hasPermission(userPermissions, permission));
-                    throw new _permissionexception.InsufficientPermissionsException(missing, 'and');
-                }
-            }
+            this.validateSimplePermissions(requiredPermissions, userPermissions, operator);
         }
         return true;
     }
-    /**
-   * Normalize permission config to handle both old and new formats
-   */ normalizePermissionConfig(config) {
-        // Old format: string[]
-        if (Array.isArray(config)) {
-            return {
-                permissions: config,
-                operator: 'and'
-            };
-        }
-        // New format: PermissionConfig
+    normalizePermissionConfig(config) {
+        if (Array.isArray(config)) return {
+            permissions: config,
+            operator: 'and'
+        };
         return {
             permissions: config.permissions || [],
             operator: config.operator || 'and'
         };
     }
-    /**
-   * Check if config is a nested condition (has children)
-   */ isNestedCondition(config) {
+    validateSimplePermissions(requiredPermissions, userPermissions, operator) {
+        if (operator === 'or') {
+            const hasAny = requiredPermissions.some((p)=>this.hasPermission(userPermissions, p));
+            if (!hasAny) throw new _permissionexception.InsufficientPermissionsException(requiredPermissions, 'or');
+        } else {
+            const hasAll = requiredPermissions.every((p)=>this.hasPermission(userPermissions, p));
+            if (!hasAll) {
+                const missing = requiredPermissions.filter((p)=>!this.hasPermission(userPermissions, p));
+                throw new _permissionexception.InsufficientPermissionsException(missing, 'and');
+            }
+        }
+    }
+    isNestedCondition(config) {
         if (Array.isArray(config)) return false;
         return 'children' in config && Array.isArray(config.children) && config.children.length > 0;
     }
-    /**
-   * Evaluate a nested permission condition recursively
-   */ evaluateCondition(condition, userPermissions) {
+    evaluateCondition(condition, userPermissions) {
         const { permissions = [], operator, children = [] } = condition;
-        // Results for this level
+        // SECURITY: Fail-closed - deny access when no permissions configured (empty condition)
+        if (permissions.length === 0 && children.length === 0) {
+            return {
+                passed: false,
+                message: 'No permissions configured - access denied by default',
+                missingPermissions: [],
+                operator
+            };
+        }
         const results = [];
         const failureDetails = [];
         const missingPermissions = [];
-        // Check permissions at this level
         if (permissions.length > 0) {
             if (operator === 'or') {
                 const hasAny = permissions.some((p)=>this.hasPermission(userPermissions, p));
@@ -163,7 +138,6 @@ let PermissionGuard = class PermissionGuard {
                 }
             }
         }
-        // Evaluate children recursively
         for (const child of children){
             const childResult = this.evaluateCondition(child, userPermissions);
             results.push(childResult.passed);
@@ -172,14 +146,9 @@ let PermissionGuard = class PermissionGuard {
                 missingPermissions.push(...childResult.missingPermissions);
             }
         }
-        // Combine results based on operator
-        let passed;
-        if (operator === 'or') {
-            passed = results.length === 0 || results.some((r)=>r);
-        } else {
-            passed = results.length === 0 || results.every((r)=>r);
-        }
-        const message = passed ? 'Permission granted' : `Permission denied: ${failureDetails.join(` ${operator.toUpperCase()} `)}`;
+        // Evaluate based on operator - empty results already handled above
+        const passed = operator === 'or' ? results.some((r)=>r) : results.every((r)=>r);
+        const message = passed ? 'OK' : `Denied: ${failureDetails.join(` ${operator.toUpperCase()} `)}`;
         return {
             passed,
             message,
@@ -187,48 +156,27 @@ let PermissionGuard = class PermissionGuard {
             operator
         };
     }
-    /**
-   * Get user's permissions from cache
-   */ async getUserPermissions(user) {
-        if (!this.cache) {
-            throw new _permissionexception.PermissionSystemUnavailableException();
-        }
-        let cacheKey;
+    async getUserPermissions(user) {
+        if (!this.cache) throw new _permissionexception.PermissionSystemUnavailableException();
+        const cacheKey = this.buildPermissionCacheKey(user);
+        return await this.cache.get(cacheKey) || [];
+    }
+    buildPermissionCacheKey(user) {
         if (this.config.enableCompanyFeature && user.companyId) {
-            // Company-based permissions (includes branchId for branch-scoped DIRECT permissions)
-            const format = this.config.companyPermissionKeyFormat || `${_constants.PERMISSIONS_CACHE_PREFIX}:company:{companyId}:branch:{branchId}:user:{userId}`;
-            cacheKey = format.replace('{userId}', user.id).replace('{companyId}', user.companyId).replace('{branchId}', user.branchId || 'null');
-        } else {
-            // User-based permissions
-            const format = this.config.userPermissionKeyFormat || `${_constants.PERMISSIONS_CACHE_PREFIX}:user:{userId}`;
-            cacheKey = format.replace('{userId}', user.id);
+            return (this.config.companyPermissionKeyFormat || `${_constants.PERMISSIONS_CACHE_PREFIX}:company:{companyId}:branch:{branchId}:user:{userId}`).replace('{userId}', user.id).replace('{companyId}', user.companyId).replace('{branchId}', user.branchId || 'null');
         }
-        const permissions = await this.cache.get(cacheKey);
-        return permissions || [];
+        return (this.config.userPermissionKeyFormat || `${_constants.PERMISSIONS_CACHE_PREFIX}:user:{userId}`).replace('{userId}', user.id);
     }
-    /**
-   * Check if user has a specific permission
-   * Supports wildcard matching (e.g., 'admin.*' matches 'admin.users.read')
-   */ hasPermission(userPermissions, requiredPermission) {
-        // Direct match
-        if (userPermissions.includes(requiredPermission)) {
-            return true;
-        }
-        // Wildcard match (e.g., '*' or 'admin.*')
+    hasPermission(userPermissions, requiredPermission) {
+        if (userPermissions.includes(requiredPermission)) return true;
         for (const permission of userPermissions){
-            if (permission === '*') {
-                return true; // Super admin
-            }
-            if (permission.endsWith('.*')) {
-                const prefix = permission.slice(0, -1); // Remove '*'
-                if (requiredPermission.startsWith(prefix)) {
-                    return true;
-                }
+            if (permission === '*') return true;
+            if (permission.endsWith('.*') && requiredPermission.startsWith(permission.slice(0, -1))) {
+                return true;
             }
         }
         return false;
     }
-    // NOTE: @Inject(Reflector) required for bundled code - external classes need explicit injection
     constructor(reflector, cache, config, logger){
         _define_property(this, "reflector", void 0);
         _define_property(this, "cache", void 0);
@@ -238,12 +186,10 @@ let PermissionGuard = class PermissionGuard {
         this.cache = cache;
         this.config = {
             enableCompanyFeature: false,
-            cacheKeyPrefix: _constants.PERMISSIONS_CACHE_PREFIX,
             userPermissionKeyFormat: `${_constants.PERMISSIONS_CACHE_PREFIX}:user:{userId}`,
             companyPermissionKeyFormat: `${_constants.PERMISSIONS_CACHE_PREFIX}:company:{companyId}:branch:{branchId}:user:{userId}`,
             ...config
         };
-        // Use provided logger or fallback to NestJS Logger wrapped in adapter
         this.logger = logger || new _winstonloggeradapterclass.NestLoggerAdapter(new _common.Logger(PermissionGuard.name));
     }
 };

package/cjs/interceptors/index.js CHANGED Viewed

@@ -6,9 +6,7 @@ _export_star(require("./delete-empty-id-from-body.interceptor"), exports);
 _export_star(require("./idempotency.interceptor"), exports);
 _export_star(require("./query-performance.interceptor"), exports);
 _export_star(require("./response-meta.interceptor"), exports);
-_export_star(require("./set-create-by-on-body.interceptor"), exports);
-_export_star(require("./set-delete-by-on-body.interceptor"), exports);
-_export_star(require("./set-update-by-on-body.interceptor"), exports);
+_export_star(require("./set-user-field-on-body.interceptor"), exports);
 _export_star(require("./slug.interceptor"), exports);
 function _export_star(from, to) {
     Object.keys(from).forEach(function(k) {

package/cjs/interceptors/set-user-field-on-body.interceptor.js ADDED Viewed

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get SetCreatedByOnBody () {
+        return SetCreatedByOnBody;
+    },
+    get SetDeletedByOnBody () {
+        return SetDeletedByOnBody;
+    },
+    get SetUpdateByOnBody () {
+        return SetUpdateByOnBody;
+    },
+    get createSetUserFieldInterceptor () {
+        return createSetUserFieldInterceptor;
+    }
+});
+const _common = require("@nestjs/common");
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function createSetUserFieldInterceptor(fieldName) {
+    let SetUserFieldOnBody = class SetUserFieldOnBody {
+        intercept(context, next) {
+            const request = context.switchToHttp().getRequest();
+            const user = request?.user;
+            if (user) {
+                if (Array.isArray(request.body)) {
+                    request.body = request.body.map((item)=>({
+                            ...item,
+                            [fieldName]: user.id
+                        }));
+                } else if (typeof request.body === 'object' && request.body !== null) {
+                    request.body = {
+                        ...request.body,
+                        [fieldName]: user.id
+                    };
+                }
+            }
+            return next.handle();
+        }
+    };
+    SetUserFieldOnBody = _ts_decorate([
+        (0, _common.Injectable)()
+    ], SetUserFieldOnBody);
+    return SetUserFieldOnBody;
+}
+const SetCreatedByOnBody = createSetUserFieldInterceptor('createdById');
+const SetUpdateByOnBody = createSetUserFieldInterceptor('updatedById');
+const SetDeletedByOnBody = createSetUserFieldInterceptor('deletedById');