npm - @flusys/ng-iam - Versions diffs - 1.1.0-beta → 1.1.0 - Mend

@flusys/ng-iam 1.1.0-beta → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/types/flusys-ng-iam.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import { IBaseEntity, ILogicNode, ApiResourceService, ISingleResponse, IProfilePermissionProvider, IProfileRoleInfo, IProfileActionInfo } from '@flusys/ng-shared';
 import * as _angular_core from '@angular/core';
-import { Signal, OnDestroy, Provider } from '@angular/core';
+import { Provider } from '@angular/core';
 import { Observable } from 'rxjs';
 import { BaseApiService } from '@flusys/ng-core';
+export { PermissionMode } from '@flusys/ng-core';
 import * as primeng_api from 'primeng/api';
 import { Routes } from '@angular/router';
@@ -35,10 +36,6 @@ interface IBranch {
     companyId: string;
 }
-/**
- * Role Response DTO
- * Matches backend RoleResponseDto
- */
 interface IRole extends IBaseEntity {
     readOnly: boolean;
     name: string;
@@ -46,49 +43,30 @@ interface IRole extends IBaseEntity {
     companyId: string | null;
     isActive: boolean;
     serial: number | null;
-    metadata: Record<string, any> | null;
+    metadata: Record<string, unknown> | null;
 }
-/**
- * Create Role DTO
- * Matches backend CreateRoleDto
- */
 interface ICreateRoleDto {
     name: string;
     description?: string;
     companyId?: string;
     isActive?: boolean;
     serial?: number;
-    metadata?: Record<string, any>;
+    metadata?: Record<string, unknown>;
 }
-/**
- * Update Role DTO
- * Matches backend UpdateRoleDto
- */
 interface IUpdateRoleDto extends Partial<ICreateRoleDto> {
     id: string;
 }
-/**
- * Role Query DTO
- * Matches backend RoleQueryDto
- */
 interface IRoleQueryDto {
     companyId?: string;
     isActive?: boolean;
 }
-/**
- * Action Type - determines how action is used
- * CRITICAL: Must match backend ActionType enum exactly
- */
+/** Must match backend ActionType enum */
 declare enum ActionType {
-    BACKEND = "backend",// For API endpoint permissions (cached for PermissionGuard)
-    FRONTEND = "frontend",// For frontend features (returned in my-permissions API)
+    BACKEND = "backend",
+    FRONTEND = "frontend",
     BOTH = "both"
 }
-/**
- * Action Response DTO
- * Matches backend ActionResponseDto
- */
 interface IAction extends IBaseEntity {
     readOnly: boolean;
     name: string;
@@ -99,19 +77,11 @@ interface IAction extends IBaseEntity {
     parentId: string | null;
     serial: number | null;
     isActive: boolean;
-    metadata: Record<string, any> | null;
+    metadata: Record<string, unknown> | null;
 }
-/**
- * Action Tree DTO
- * Hierarchical action structure
- */
 interface IActionTreeDto extends IAction {
     children: IActionTreeDto[];
 }
-/**
- * Create Action DTO
- * Matches backend CreateActionDto
- */
 interface ICreateActionDto {
     name: string;
     description?: string;
@@ -121,82 +91,37 @@ interface ICreateActionDto {
     parentId?: string;
     serial?: number;
     isActive?: boolean;
-    metadata?: Record<string, any>;
+    metadata?: Record<string, unknown>;
 }
-/**
- * Update Action DTO
- * Matches backend UpdateActionDto
- */
 interface IUpdateActionDto extends Partial<ICreateActionDto> {
     id: string;
 }
-/**
- * Permission Action - 'add' or 'remove'
- */
 type PermissionAction = 'add' | 'remove';
-/**
- * Permission Mode - matches backend IAMPermissionMode
- */
-type PermissionMode = 'rbac' | 'direct' | 'full';
-/**
- * Permission Item DTO
- * Used in all assignment operations
- */
 interface IPermissionItemDto {
     id: string;
     action: PermissionAction;
 }
-/**
- * Assign User Actions DTO
- * Assign/remove actions directly to/from user (DIRECT/FULL mode)
- *
- * Permission Granularity:
- * - companyId + branchId = undefined: Global (super admin)
- * - companyId set + branchId = undefined: Company-wide (all branches)
- * - companyId set + branchId set: Branch-specific
- */
 interface IAssignUserActionsDto {
     userId: string;
     companyId?: string;
     branchId?: string;
     items: IPermissionItemDto[];
 }
-/**
- * Assign Company Actions DTO
- * Whitelist actions for company (if company feature enabled)
- */
 interface IAssignCompanyActionsDto {
     companyId: string;
     items: IPermissionItemDto[];
 }
-/**
- * Assign Role Actions DTO
- * Assign/remove actions to/from role (RBAC/FULL mode)
- */
 interface IAssignRoleActionsDto {
     roleId: string;
     items: IPermissionItemDto[];
 }
-/**
- * Assign User Roles DTO
- * Assign/remove roles to/from user (RBAC/FULL mode)
- *
- * Permission Granularity:
- * - companyId + branchId = undefined: Global (super admin)
- * - companyId set + branchId = undefined: Company-wide (all branches)
- * - companyId set + branchId set: Branch-specific
- */
 interface IAssignUserRolesDto {
     userId: string;
     companyId?: string;
     branchId?: string;
     items: IPermissionItemDto[];
 }
-/**
- * User Action Response DTO
- * Direct user → action permissions (branch-scoped if company feature enabled)
- */
 interface IUserActionResponseDto {
     id: string;
     userId: string;
@@ -206,10 +131,6 @@ interface IUserActionResponseDto {
     branchId: string | null;
     createdAt: Date;
 }
-/**
- * Role Action Response DTO
- * Role → action permissions (NOT branch-scoped)
- */
 interface IRoleActionResponseDto {
     id: string;
     roleId: string;
@@ -218,10 +139,6 @@ interface IRoleActionResponseDto {
     actionName: string;
     createdAt: Date;
 }
-/**
- * Company Action Response DTO
- * Company → action whitelist
- */
 interface ICompanyActionResponseDto {
     id: string;
     companyId: string;
@@ -230,10 +147,6 @@ interface ICompanyActionResponseDto {
     actionName: string;
     createdAt: Date;
 }
-/**
- * User Role Response DTO
- * User → role assignments (NOT branch-scoped)
- */
 interface IUserRoleResponseDto {
     id: string;
     userId: string;
@@ -243,24 +156,6 @@ interface IUserRoleResponseDto {
     branchId: string | null;
     createdAt: Date;
 }
-/**
- * Menu item from IAM permissions (menu-type actions)
- */
-interface IMenuAction {
-    id: string;
-    code: string;
-    name: string;
-    route: string | null;
-    icon: string | null;
-    iconType: number | null;
-    serial: number | null;
-    parentId: string | null;
-    children?: IMenuAction[];
-}
-/**
- * My Permissions Response DTO
- * Complete user permissions (frontend actions, cached endpoints, menus)
- */
 interface IMyPermissionsResponseDto {
     frontendActions: Array<{
         id: string;
@@ -270,29 +165,17 @@ interface IMyPermissionsResponseDto {
     }>;
     cachedEndpoints: number;
 }
-/**
- * Prerequisite Action DTO
- * Action required as a prerequisite
- */
 interface IPrerequisiteActionDto {
     actionId: string;
     actionCode: string;
     actionName: string;
 }
-/**
- * Prerequisite Validation Error
- * Describes an action that failed prerequisite validation
- */
 interface IPrerequisiteValidationError {
     actionId: string;
     actionCode: string;
     actionName: string;
     requiredActions: IPrerequisiteActionDto[];
 }
-/**
- * Permission Operation Result DTO
- * Result of assignment operations
- */
 interface IPermissionOperationResultDto {
     success: boolean;
     added: number;
@@ -300,218 +183,60 @@ interface IPermissionOperationResultDto {
     message: string;
     prerequisiteErrors?: IPrerequisiteValidationError[];
 }
-/**
- * Get User Actions DTO
- * Optional branchId filter
- */
 interface IGetUserActionsDto {
     branchId?: string;
 }
-/**
- * Get Role Actions DTO
- * No parameters
- */
 interface IGetRoleActionsDto {
 }
-/**
- * Get User Roles DTO
- * Optional branchId filter (ignored - roles are NOT branch-scoped)
- */
 interface IGetUserRolesDto {
     branchId?: string;
 }
-/**
- * Get My Permissions DTO
- * Optional parentCodes filter for frontend actions
- */
 interface IGetMyPermissionsDto {
     parentCodes?: string[];
 }
-/**
- * Pagination Constants
- *
- * Standard pagination limits for IAM components.
- * Prevents excessive data loading and potential DoS.
- */
-/**
- * Maximum items to fetch for dropdown lists
- * Used for: companies, roles, users, branches
- *
- * Security: Prevents memory exhaustion from loading excessive records
- */
+/** Maximum items for dropdown lists (companies, roles, users, branches) */
 declare const MAX_DROPDOWN_ITEMS = 100;
-/**
- * Role API Service
- * Handles role CRUD operations
- * Endpoint: POST /iam/roles/*
- * Conditional: Only available in RBAC/FULL mode
- */
 declare class RoleApiService extends ApiResourceService<IUpdateRoleDto, IRole> {
     constructor();
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<RoleApiService, never>;
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<RoleApiService>;
 }
-/**
- * Action API Service
- * Handles action CRUD operations
- * Endpoint: POST /iam/actions/*
- */
 declare class ActionApiService extends ApiResourceService<IUpdateActionDto, IAction> {
     private readonly appConfig;
     constructor();
-    /**
-     * Get actions for permission assignment
-     * GET /iam/actions/tree-for-permission
-     * Returns actions filtered by company whitelist if enabled
-     */
+    /** Get actions filtered by company whitelist for permission assignment */
     getActionsForPermission(): Observable<ISingleResponse<IActionTreeDto[]>>;
-    /**
-     * Get actions in hierarchical tree structure
-     * POST /iam/actions/tree
-     * Returns all actions organized in parent-child tree
-     *
-     * @param search - Optional search term (name or code)
-     * @param isActive - Optional filter by active status
-     * @param withDeleted - Include deleted actions (default: false)
-     * @returns Observable of action tree response
-     */
+    /** Get actions in hierarchical tree structure */
     getTree(search?: string, isActive?: boolean, withDeleted?: boolean): Observable<ISingleResponse<IActionTreeDto[]>>;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<ActionApiService, never>;
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<ActionApiService>;
 }
-/**
- * Action Permission Logic Service
- *
- * Shared service for handling smart dependency management across all action selectors:
- * - Company-Action Selector
- * - Role-Action Selector
- * - User-Action Selector
- *
- * **Core Features:**
- * - Smart auto-selection (AND/OR optimization)
- * - Dependency detection and management
- * - Alternative suggestion for OR logic
- * - Visual formatting of permission logic trees
- * - Prerequisite validation
- *
- * @example
- * constructor() {
- *   this.permissionLogic = inject(ActionPermissionLogicService);
- * }
- *
- * onActionToggle(action: IAction, newValue: boolean) {
- *   if (!newValue) {
- *     this.permissionLogic.handleUncheck(
- *       action,
- *       this.selectionMap(),
- *       this.actions(),
- *       (newMap) => this.selectionMap.set(newMap)
- *     );
- *   } else {
- *     this.permissionLogic.handleCheck(
- *       action,
- *       this.selectionMap(),
- *       this.actions(),
- *       (newMap) => this.selectionMap.set(newMap),
- *       (previousState) => this.selectionMap.set(previousState)
- *     );
- *   }
- * }
- */
+/** Shared service for smart dependency management across action selectors */
 declare class ActionPermissionLogicService {
     private readonly confirmationService;
     private readonly messageService;
-    /**
-     * Handle checking an action with prerequisite validation
-     *
-     * Uses recursive deep scan to find ALL missing prerequisites at all levels,
-     * not just direct dependencies. This ensures cascading dependencies are
-     * resolved in a single step.
-     *
-     * @param action - Action being checked
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @param onUpdate - Callback to update selection
-     * @param onCancel - Callback when user cancels
-     */
+    /** Handle checking an action with prerequisite validation (recursive deep scan) */
     handleCheck(action: IAction, currentSelection: Record<string, boolean>, allActions: IAction[], onUpdate: (newSelection: Record<string, boolean>) => void, onCancel: (previousState: Record<string, boolean>) => void): void;
-    /**
-     * Handle unchecking an action with dependency detection
-     *
-     * @param action - Action being unchecked
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @param onUpdate - Callback to update selection
-     */
+    /** Handle unchecking an action with dependency detection */
     handleUncheck(action: IAction, currentSelection: Record<string, boolean>, allActions: IAction[], onUpdate: (newSelection: Record<string, boolean>) => void): void;
-    /**
-     * Check if an action has unmet prerequisites
-     *
-     * @param action - Action to check
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @returns True if action has unmet prerequisites
-     */
+    /** Check if an action has unmet prerequisites */
     hasUnmetPrerequisites(action: IAction, currentSelection: Record<string, boolean>, allActions: IAction[]): boolean;
-    /**
-     * Get all selected actions that have unmet prerequisites
-     *
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @returns Array of actions with unmet prerequisites
-     */
+    /** Get all selected actions that have unmet prerequisites */
     getActionsWithUnmetPrerequisites(currentSelection: Record<string, boolean>, allActions: IAction[]): IAction[];
-    /**
-     * Show validation error dialog with auto-fix options
-     *
-     * @param invalidActions - Actions with unmet prerequisites
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @param onUpdate - Callback to update selection
-     */
+    /** Show validation error dialog with auto-fix options */
     showValidationErrorDialog(invalidActions: IAction[], currentSelection: Record<string, boolean>, allActions: IAction[], onUpdate: (newSelection: Record<string, boolean>) => void): void;
-    /**
-     * Get prerequisite description for tooltip display
-     *
-     * @param action - Action to get prerequisites for
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @returns Plain text prerequisite description
-     */
+    /** Get prerequisite description for tooltip display */
     getPrerequisiteTooltip(action: IAction, currentSelection: Record<string, boolean>, allActions: IAction[]): string;
-    /**
-     * Build dynamic logic tree message with AND/OR operators and nesting
-     *
-     * @param logic - Permission logic tree
-     * @param missingActions - Actions that are missing
-     * @param allActions - All available actions
-     * @param currentSelection - Current selection map for accurate status
-     * @returns HTML formatted logic tree
-     */
-    buildLogicMessage(logic: ILogicNode, missingActions: IAction[], allActions: IAction[], currentSelection?: Record<string, boolean>): string;
+    /** Build dynamic logic tree message with AND/OR operators and nesting */
+    buildLogicMessage(logic: ILogicNode, _missingActions: IAction[], allActions: IAction[], currentSelection?: Record<string, boolean>): string;
+    /** Extract selected action IDs from selection map */
+    private getSelectedIds;
     private sanitizeHtml;
-    /**
-     * Recursively collect ALL missing prerequisites at all dependency levels
-     *
-     * This prevents cascading prerequisite dialogs by finding the complete
-     * dependency chain upfront.
-     *
-     * **Example:**
-     * - Action 4 requires Action 3
-     * - Action 3 requires Action 2
-     * - Action 2 requires Action 1
-     *
-     * Instead of showing 3 separate dialogs, this returns: [Action 3, Action 2, Action 1]
-     *
-     * @param action - Starting action to check
-     * @param currentSelection - Current selection map
-     * @param allActions - All available actions
-     * @returns Complete set of missing prerequisites across all levels
-     */
+    /** Recursively collect ALL missing prerequisites at all dependency levels */
     private getAllMissingPrerequisitesRecursive;
     private showPrerequisiteDialog;
     private showDependencyDialog;
@@ -523,66 +248,21 @@ declare class ActionPermissionLogicService {
     private findRequiredActionIds;
     private buildSimpleMessage;
     private formatLogicNode;
-    /**
-     * Build clean text-based logic tree for tooltips
-     */
+    /** Build clean text-based logic tree for tooltips */
     private buildTooltipLogicTree;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<ActionPermissionLogicService, never>;
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<ActionPermissionLogicService>;
 }
-/**
- * Consolidated Permission API Service
- * Handles all permission-related operations in one service
- * Supports:
- * - User → Action (direct permissions)
- * - User → Role (role assignments)
- * - Role → Action (role permissions)
- * - Company → Action (company whitelisting)
- *
- * Endpoint: POST /permissions/*
- */
 declare class PermissionApiService extends BaseApiService {
     constructor();
-    /**
-     * Assign/remove actions directly to/from user
-     * POST /permissions/user-actions/assign
-     */
     assignUserActions(data: IAssignUserActionsDto): Observable<ISingleResponse<IPermissionOperationResultDto>>;
-    /**
-     * Get user's direct action permissions
-     * GET /permissions/user-actions/:userId
-     */
     getUserActions(userId: string, query?: IGetUserActionsDto): Observable<ISingleResponse<IUserActionResponseDto[]>>;
-    /**
-     * Assign/remove roles to/from user
-     * POST /permissions/user-roles/assign
-     */
     assignUserRoles(data: IAssignUserRolesDto): Observable<ISingleResponse<IPermissionOperationResultDto>>;
-    /**
-     * Get user's role assignments
-     * GET /permissions/user-roles/:userId
-     */
     getUserRoles(userId: string, query?: IGetUserRolesDto): Observable<ISingleResponse<IUserRoleResponseDto[]>>;
-    /**
-     * Assign/remove actions to/from role
-     * POST /permissions/role-actions/assign
-     */
     assignRoleActions(data: IAssignRoleActionsDto): Observable<ISingleResponse<IPermissionOperationResultDto>>;
-    /**
-     * Get role's action permissions
-     * GET /permissions/role-actions/:roleId
-     */
-    getRoleActions(roleId: string, query?: IGetRoleActionsDto): Observable<ISingleResponse<IRoleActionResponseDto[]>>;
-    /**
-     * Assign/remove actions to/from company (whitelisting)
-     * POST /permissions/company-actions/assign
-     */
+    getRoleActions(roleId: string): Observable<ISingleResponse<IRoleActionResponseDto[]>>;
     assignCompanyActions(data: IAssignCompanyActionsDto): Observable<ISingleResponse<IPermissionOperationResultDto>>;
-    /**
-     * Get company's whitelisted actions
-     * GET /permissions/company-actions/:companyId
-     */
     getCompanyActions(companyId: string): Observable<ISingleResponse<ICompanyActionResponseDto[]>>;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<PermissionApiService, never>;
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<PermissionApiService>;
@@ -598,7 +278,6 @@ declare class MyPermissionsApiService {
     private readonly http;
     private readonly appConfig;
     private readonly baseUrl;
-    constructor();
     /**
      * Get current user's complete permissions
      * POST /iam/permissions/my-permissions
@@ -610,45 +289,14 @@ declare class MyPermissionsApiService {
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<MyPermissionsApiService>;
 }
-/**
- * Permission State Service
- * Manages user permissions state and provides permission checking methods
- *
- * Uses shared PermissionValidatorService for centralized permission checking.
- *
- * @example
- * ```typescript
- * // In component
- * readonly permissionState = inject(PermissionStateService);
- *
- * ngOnInit() {
- *   this.permissionState.loadPermissions();
- * }
- *
- * // Check permission
- * if (this.permissionState.hasAction('user.create')) {
- *   // Show create button
- * }
- * ```
- */
 declare class PermissionStateService {
     private readonly permissionApi;
     private readonly permissionValidator;
     private readonly _permissions;
-    readonly permissions: Signal<IMyPermissionsResponseDto | null>;
+    readonly permissions: _angular_core.Signal<IMyPermissionsResponseDto | null>;
     private readonly _isLoading;
-    readonly isLoading: Signal<boolean>;
-    /**
-     * Load current user's permissions from API
-     * Call this on app initialization or after login
-     * Returns Observable for reactive composition
-     */
+    readonly isLoading: _angular_core.Signal<boolean>;
     loadPermissions(dto?: IGetMyPermissionsDto): Observable<void>;
-    /**
-     * Check if permissions are loaded
-     *
-     * @returns true if permissions are loaded
-     */
     isLoaded(): boolean;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<PermissionStateService, never>;
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<PermissionStateService>;
@@ -670,19 +318,20 @@ declare class LogicBuilderComponent {
         name: string;
     }[]>;
     readonly logicChange: _angular_core.OutputEmitterRef<ILogicNode | null>;
-    readonly availableActions: _angular_core.Signal<{
-        id: string;
-        name: string;
-    }[]>;
-    private builderTree;
+    /** Internal builder tree state (private writable + public readonly pattern) */
+    private readonly _builderTree;
     readonly builderLogic: _angular_core.Signal<IBuilderNode | null>;
+    constructor();
     initializeLogic(): void;
     clearLogic(): void;
     toggleOperator(nodeId: string): void;
     addChildNode(parentId: string, type: 'group' | 'action'): void;
     removeNode(nodeId: string): void;
     updateActionId(nodeId: string, actionId: string): void;
-    private emitChange;
+    /** Updates a node in the tree and emits the change */
+    private updateNode;
+    /** Sets the tree and emits the change */
+    private updateTreeAndEmit;
     private updateNodeInTree;
     private removeNodeFromTree;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<LogicBuilderComponent, never>;
@@ -723,7 +372,12 @@ declare class LogicBuilderComponent {
  * <flusys-role-action-selector />
  * ```
  */
-declare class RoleActionSelectorComponent implements OnDestroy {
+declare class RoleActionSelectorComponent {
+    readonly ROLE_ACTION_PERMISSIONS: {
+        readonly READ: "role-action.read";
+        readonly ASSIGN: "role-action.assign";
+    };
+    private readonly destroyRef;
     private readonly roleApi;
     private readonly actionApi;
     private readonly permissionApi;
@@ -751,7 +405,6 @@ declare class RoleActionSelectorComponent implements OnDestroy {
     readonly canSave: _angular_core.Signal<boolean>;
     private loadDataAbortController;
     constructor();
-    ngOnDestroy(): void;
     /**
      * Load roles from API
      */
@@ -772,25 +425,16 @@ declare class RoleActionSelectorComponent implements OnDestroy {
      * Handle action toggle with dependency management
      */
     onActionToggle(action: IAction, newValue: boolean): void;
-    /**
-     * Toggle all actions
-     */
     toggleAll(): void;
-    /**
-     * Select all actions
-     */
     selectAll(): void;
-    /**
-     * Deselect all actions
-     */
     deselectAll(): void;
+    private setAllSelection;
     /**
      * Save changes to backend
      */
     saveChanges(): Promise<void>;
-    /**
-     * Reset component state
-     */
+    private applySelection;
+    private buildPayloadItems;
     private resetState;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<RoleActionSelectorComponent, never>;
     static ɵcmp: _angular_core.ɵɵComponentDeclaration<RoleActionSelectorComponent, "flusys-role-action-selector", never, {}, {}, never, never, true, never>;
@@ -830,13 +474,18 @@ declare class RoleActionSelectorComponent implements OnDestroy {
  * <flusys-company-action-selector />
  * ```
  */
-declare class CompanyActionSelectorComponent implements OnDestroy {
+declare class CompanyActionSelectorComponent {
+    readonly COMPANY_ACTION_PERMISSIONS: {
+        readonly READ: "company-action.read";
+        readonly ASSIGN: "company-action.assign";
+    };
     private readonly companyApiProvider;
     private readonly actionApi;
     private readonly permissionApi;
     private readonly messageService;
     private readonly confirmationService;
     private readonly permissionLogic;
+    private readonly destroyRef;
     readonly selectedCompanyId: _angular_core.WritableSignal<string | undefined>;
     readonly companies: _angular_core.WritableSignal<ICompany[]>;
     readonly loading: _angular_core.WritableSignal<boolean>;
@@ -859,7 +508,6 @@ declare class CompanyActionSelectorComponent implements OnDestroy {
     readonly canSave: _angular_core.Signal<boolean>;
     private loadDataAbortController;
     constructor();
-    ngOnDestroy(): void;
     /**
      * Load companies from API
      */
@@ -880,18 +528,10 @@ declare class CompanyActionSelectorComponent implements OnDestroy {
      * Handle action checkbox toggle
      */
     onActionToggle(action: IAction, newValue: boolean): void;
-    /**
-     * Toggle all actions
-     */
     toggleAll(): void;
-    /**
-     * Select all actions
-     */
     selectAll(): void;
-    /**
-     * Deselect all actions
-     */
     deselectAll(): void;
+    private setAllSelection;
     /**
      * Save changes to backend
      */
@@ -901,10 +541,9 @@ declare class CompanyActionSelectorComponent implements OnDestroy {
      * Shows confirmation dialog with auto-fix option
      */
     private handleBackendPrerequisiteErrors;
-    /**
-     * Reset component state
-     */
     private resetState;
+    private buildSelectionMap;
+    private buildPayloadItems;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<CompanyActionSelectorComponent, never>;
     static ɵcmp: _angular_core.ɵɵComponentDeclaration<CompanyActionSelectorComponent, "flusys-company-action-selector", never, {}, {}, never, never, true, never>;
 }
@@ -940,6 +579,10 @@ declare class CompanyActionSelectorComponent implements OnDestroy {
  * ```
  */
 declare class UserRoleSelectorComponent {
+    readonly USER_ROLE_PERMISSIONS: {
+        readonly READ: "user-role.read";
+        readonly ASSIGN: "user-role.assign";
+    };
     private readonly appConfig;
     private readonly companyContext;
     private readonly userPermissionProvider;
@@ -993,6 +636,10 @@ declare class UserRoleSelectorComponent {
      * Deselect all roles
      */
     deselectAll(): void;
+    /**
+     * Set all role selections to a given value
+     */
+    private setAllSelections;
     /**
      * Save changes to backend
      */
@@ -1037,6 +684,10 @@ declare class UserRoleSelectorComponent {
  * ```
  */
 declare class UserActionSelectorComponent {
+    readonly USER_ACTION_PERMISSIONS: {
+        readonly READ: "user-action.read";
+        readonly ASSIGN: "user-action.assign";
+    };
     private readonly appConfig;
     private readonly companyContext;
     private readonly userPermissionProvider;
@@ -1057,6 +708,7 @@ declare class UserActionSelectorComponent {
     readonly selectionMap: _angular_core.Signal<Record<string, boolean>>;
     private readonly _initialSelection;
     private readonly initialSelection;
+    private readonly isCompanyFeatureActive;
     readonly showBranchSelector: _angular_core.Signal<boolean>;
     readonly filteredBranches: _angular_core.Signal<IBranch[]>;
     readonly treeNodes: _angular_core.Signal<primeng_api.TreeNode<IAction>[]>;
@@ -1085,29 +737,17 @@ declare class UserActionSelectorComponent {
      */
     hasUnmetPrerequisites(action: IAction): boolean;
     /**
-     * Handle action checkbox toggle
+     * Handle action toggle with dependency management
      */
     onActionToggle(action: IAction, newValue: boolean): void;
-    /**
-     * Toggle all actions
-     */
     toggleAll(): void;
-    /**
-     * Select all actions
-     */
     selectAll(): void;
-    /**
-     * Deselect all actions
-     */
     deselectAll(): void;
-    /**
-     * Save changes to backend
-     */
+    private setAllActions;
     saveChanges(): Promise<void>;
-    /**
-     * Reset component state
-     */
     private resetState;
+    private buildSelectionMap;
+    private buildPermissionItems;
     static ɵfac: _angular_core.ɵɵFactoryDeclaration<UserActionSelectorComponent, never>;
     static ɵcmp: _angular_core.ɵɵComponentDeclaration<UserActionSelectorComponent, "flusys-user-action-selector", never, {}, {}, never, never, true, never>;
 }
@@ -1136,38 +776,18 @@ declare class ProfilePermissionProviderAdapter implements IProfilePermissionProv
     static ɵprov: _angular_core.ɵɵInjectableDeclaration<ProfilePermissionProviderAdapter>;
 }
-/**
- * Provide IAM Provider Adapters
- *
- * Registers IAM implementations for provider interfaces from ng-shared.
- * This allows ng-auth profile page to display permissions without direct dependencies.
- *
- * @example
- * // In app.config.ts
- * import { provideIamProviders } from '@flusys/ng-iam';
- *
- * export const appConfig: ApplicationConfig = {
- *   providers: [
- *     ...provideIamProviders(),
- *     // ... other providers
- *   ]
- * };
- *
- * @returns Array of Angular providers
- */
+/** Registers IAM provider adapters for ng-shared interfaces */
 declare function provideIamProviders(): Provider[];
 /**
  * IAM Routes Configuration
  *
- * Identity and Access Management routing
- * - Actions: Permission actions (always visible)
+ * Identity and Access Management routing with permission guards.
+ * - Actions: Permission actions management
  * - Roles: Role management (conditional on RBAC/FULL mode)
- * - Permissions: User permission assignments (always visible)
- *
- * All routes are protected by permission guards to prevent direct URL access.
+ * - Permissions: User permission assignments
  */
 declare const IAM_ROUTES: Routes;
 export { ActionApiService, ActionPermissionLogicService, ActionType, CompanyActionSelectorComponent, IAM_ROUTES, LogicBuilderComponent, MAX_DROPDOWN_ITEMS, MyPermissionsApiService, PermissionApiService, PermissionStateService, ProfilePermissionProviderAdapter, RoleActionSelectorComponent, RoleApiService, UserActionSelectorComponent, UserRoleSelectorComponent, provideIamProviders };
-export type { IAction, IActionTreeDto, IAssignCompanyActionsDto, IAssignRoleActionsDto, IAssignUserActionsDto, IAssignUserRolesDto, IBranch, ICompany, ICompanyActionResponseDto, ICreateActionDto, ICreateRoleDto, IGetMyPermissionsDto, IGetRoleActionsDto, IGetUserActionsDto, IGetUserRolesDto, IMenuAction, IMyPermissionsResponseDto, IPermissionItemDto, IPermissionOperationResultDto, IPrerequisiteActionDto, IPrerequisiteValidationError, IRole, IRoleActionResponseDto, IRoleQueryDto, IUpdateActionDto, IUpdateRoleDto, IUser, IUserActionResponseDto, IUserRoleResponseDto, PermissionAction, PermissionMode };
+export type { IAction, IActionTreeDto, IAssignCompanyActionsDto, IAssignRoleActionsDto, IAssignUserActionsDto, IAssignUserRolesDto, IBranch, ICompany, ICompanyActionResponseDto, ICreateActionDto, ICreateRoleDto, IGetMyPermissionsDto, IGetRoleActionsDto, IGetUserActionsDto, IGetUserRolesDto, IMyPermissionsResponseDto, IPermissionItemDto, IPermissionOperationResultDto, IPrerequisiteActionDto, IPrerequisiteValidationError, IRole, IRoleActionResponseDto, IRoleQueryDto, IUpdateActionDto, IUpdateRoleDto, IUser, IUserActionResponseDto, IUserRoleResponseDto, PermissionAction };