@goplusvn/core 0.1.0

package/dist/rbac/permissions.d.mts

@@ -0,0 +1,26 @@
+import { Session } from 'next-auth';
+
+declare const CRUD_ACTIONS: {
+    readonly create: "create";
+    readonly view: "view";
+    readonly update: "update";
+    readonly delete: "delete";
+    readonly export: "export";
+    readonly import: "import";
+    readonly approve: "approve";
+    readonly reject: "reject";
+};
+type CrudAction = keyof typeof CRUD_ACTIONS;
+declare function getActionCode(operation: CrudAction): string;
+declare function getCrudPermissionsFromSession(session: Session | null, entity: string): {
+    create: boolean;
+    view: boolean;
+    update: boolean;
+    delete: boolean;
+    export: boolean;
+    import: boolean;
+    approve: boolean;
+    reject: boolean;
+};
+
+export { CRUD_ACTIONS, type CrudAction, getActionCode, getCrudPermissionsFromSession };

package/dist/rbac/permissions.d.ts

@@ -0,0 +1,26 @@
+import { Session } from 'next-auth';
+
+declare const CRUD_ACTIONS: {
+    readonly create: "create";
+    readonly view: "view";
+    readonly update: "update";
+    readonly delete: "delete";
+    readonly export: "export";
+    readonly import: "import";
+    readonly approve: "approve";
+    readonly reject: "reject";
+};
+type CrudAction = keyof typeof CRUD_ACTIONS;
+declare function getActionCode(operation: CrudAction): string;
+declare function getCrudPermissionsFromSession(session: Session | null, entity: string): {
+    create: boolean;
+    view: boolean;
+    update: boolean;
+    delete: boolean;
+    export: boolean;
+    import: boolean;
+    approve: boolean;
+    reject: boolean;
+};
+
+export { CRUD_ACTIONS, type CrudAction, getActionCode, getCrudPermissionsFromSession };

package/dist/rbac/permissions.js

@@ -0,0 +1,94 @@
+'use strict';
+
+// src/rbac/permissions.ts
+var CRUD_ACTIONS = {
+  create: "create",
+  view: "view",
+  update: "update",
+  delete: "delete",
+  export: "export",
+  import: "import",
+  approve: "approve",
+  reject: "reject"
+};
+function getActionCode(operation) {
+  return CRUD_ACTIONS[operation];
+}
+var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
+var ADMIN_ROLE_CODES = ["admin", "SUPER_ADMIN"];
+function getCrudPermissionsFromSession(session, entity) {
+  if (BYPASS_AUTH) {
+    return {
+      create: true,
+      view: true,
+      update: true,
+      delete: true,
+      export: true,
+      import: true,
+      approve: true,
+      reject: true
+    };
+  }
+  if (!session?.user) {
+    return {
+      create: false,
+      view: false,
+      update: false,
+      delete: false,
+      export: false,
+      import: false,
+      approve: false,
+      reject: false
+    };
+  }
+  const user = session.user;
+  if (!user.id) {
+    return {
+      create: false,
+      view: false,
+      update: false,
+      delete: false,
+      export: false,
+      import: false,
+      approve: false,
+      reject: false
+    };
+  }
+  const isAdmin = user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role));
+  if (isAdmin) {
+    return {
+      create: true,
+      view: true,
+      update: true,
+      delete: true,
+      export: true,
+      import: true,
+      approve: true,
+      reject: true
+    };
+  }
+  const permissions = user.permissions || [];
+  const permissionKeys = new Set(
+    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
+  );
+  const hasPermission = (action) => {
+    const key = `${entity}:${action}`;
+    return permissionKeys.has(key);
+  };
+  return {
+    create: hasPermission(getActionCode("create")),
+    view: hasPermission(getActionCode("view")),
+    update: hasPermission(getActionCode("update")),
+    delete: hasPermission(getActionCode("delete")),
+    export: hasPermission(getActionCode("export")),
+    import: hasPermission(getActionCode("import")),
+    approve: hasPermission(getActionCode("approve")),
+    reject: hasPermission(getActionCode("reject"))
+  };
+}
+
+exports.CRUD_ACTIONS = CRUD_ACTIONS;
+exports.getActionCode = getActionCode;
+exports.getCrudPermissionsFromSession = getCrudPermissionsFromSession;
+//# sourceMappingURL=permissions.js.map
+//# sourceMappingURL=permissions.js.map

package/dist/rbac/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/permissions.ts"],"names":[],"mappings":";;;AAWO,IAAM,YAAA,GAAe;AAAA,EAC1B,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,MAAA;AAAA,EACN,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAS,SAAA;AAAA,EACT,MAAA,EAAQ;AACV;AAIO,SAAS,cAAc,SAAA,EAA+B;AAC3D,EAAA,OAAO,aAAa,SAAS,CAAA;AAC/B;AAeA,IAAM,cACJ,OAAA,CAAQ,GAAA,CAAI,gBAAgB,MAAA,IAAU,OAAA,CAAQ,IAAI,WAAA,KAAgB,GAAA;AAEpE,IAAM,gBAAA,GAAmB,CAAC,OAAA,EAAS,aAAa,CAAA;AAEzC,SAAS,6BAAA,CACd,SACA,MAAA,EAUA;AACA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AAClB,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,KAAA,EAAO,IAAA,CAAK,CAAC,IAAA,KAAS,gBAAA,CAAiB,QAAA,CAAS,IAAI,CAAC,CAAA;AAC1E,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AACzC,EAAA,MAAM,iBAAiB,IAAI,GAAA;AAAA,IACzB,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,EAAE,YAAY,CAAA,CAAA,EAAI,CAAA,CAAE,UAAU,CAAA,CAAE;AAAA,GAC5D;AAEA,EAAA,MAAM,aAAA,GAAgB,CAAC,MAAA,KAAmB;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC/B,IAAA,OAAO,cAAA,CAAe,IAAI,GAAG,CAAA;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,IAAA,EAAM,aAAA,CAAc,aAAA,CAAc,MAAM,CAAC,CAAA;AAAA,IACzC,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,OAAA,EAAS,aAAA,CAAc,aAAA,CAAc,SAAS,CAAC,CAAA;AAAA,IAC/C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC;AAAA,GAC/C;AACF","file":"permissions.js","sourcesContent":["// @goerp/core/rbac/permissions\n// Server-only permission utilities - no client/UI imports\n// Use this in Server Components and API routes to avoid bundling client code\n\nimport type { Permission } from \"../types\";\nimport type { Session } from \"next-auth\";\n\n// ============================================================================\n// Action Mapping\n// ============================================================================\n\nexport const CRUD_ACTIONS = {\n  create: \"create\",\n  view: \"view\",\n  update: \"update\",\n  delete: \"delete\",\n  export: \"export\",\n  import: \"import\",\n  approve: \"approve\",\n  reject: \"reject\",\n} as const;\n\nexport type CrudAction = keyof typeof CRUD_ACTIONS;\n\nexport function getActionCode(operation: CrudAction): string {\n  return CRUD_ACTIONS[operation];\n}\n\n// ============================================================================\n// Permission Helpers\n// ============================================================================\n\ninterface ExtendedUser {\n  id: string;\n  name?: string | null;\n  email?: string | null;\n  image?: string | null;\n  roles?: string[];\n  permissions?: Permission[];\n}\n\nconst BYPASS_AUTH =\n  process.env.BYPASS_AUTH === \"true\" || process.env.BYPASS_AUTH === \"1\";\n\nconst ADMIN_ROLE_CODES = [\"admin\", \"SUPER_ADMIN\"];\n\nexport function getCrudPermissionsFromSession(\n  session: Session | null,\n  entity: string,\n): {\n  create: boolean;\n  view: boolean;\n  update: boolean;\n  delete: boolean;\n  export: boolean;\n  import: boolean;\n  approve: boolean;\n  reject: boolean;\n} {\n  if (BYPASS_AUTH) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  if (!session?.user) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const user = session.user as ExtendedUser;\n\n  if (!user.id) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const isAdmin = user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role));\n  if (isAdmin) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  const permissions = user.permissions || [];\n  const permissionKeys = new Set(\n    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),\n  );\n\n  const hasPermission = (action: string) => {\n    const key = `${entity}:${action}`;\n    return permissionKeys.has(key);\n  };\n\n  return {\n    create: hasPermission(getActionCode(\"create\")),\n    view: hasPermission(getActionCode(\"view\")),\n    update: hasPermission(getActionCode(\"update\")),\n    delete: hasPermission(getActionCode(\"delete\")),\n    export: hasPermission(getActionCode(\"export\")),\n    import: hasPermission(getActionCode(\"import\")),\n    approve: hasPermission(getActionCode(\"approve\")),\n    reject: hasPermission(getActionCode(\"reject\")),\n  };\n}\n"]}

package/dist/rbac/permissions.mjs

@@ -0,0 +1,90 @@
+// src/rbac/permissions.ts
+var CRUD_ACTIONS = {
+  create: "create",
+  view: "view",
+  update: "update",
+  delete: "delete",
+  export: "export",
+  import: "import",
+  approve: "approve",
+  reject: "reject"
+};
+function getActionCode(operation) {
+  return CRUD_ACTIONS[operation];
+}
+var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
+var ADMIN_ROLE_CODES = ["admin", "SUPER_ADMIN"];
+function getCrudPermissionsFromSession(session, entity) {
+  if (BYPASS_AUTH) {
+    return {
+      create: true,
+      view: true,
+      update: true,
+      delete: true,
+      export: true,
+      import: true,
+      approve: true,
+      reject: true
+    };
+  }
+  if (!session?.user) {
+    return {
+      create: false,
+      view: false,
+      update: false,
+      delete: false,
+      export: false,
+      import: false,
+      approve: false,
+      reject: false
+    };
+  }
+  const user = session.user;
+  if (!user.id) {
+    return {
+      create: false,
+      view: false,
+      update: false,
+      delete: false,
+      export: false,
+      import: false,
+      approve: false,
+      reject: false
+    };
+  }
+  const isAdmin = user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role));
+  if (isAdmin) {
+    return {
+      create: true,
+      view: true,
+      update: true,
+      delete: true,
+      export: true,
+      import: true,
+      approve: true,
+      reject: true
+    };
+  }
+  const permissions = user.permissions || [];
+  const permissionKeys = new Set(
+    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
+  );
+  const hasPermission = (action) => {
+    const key = `${entity}:${action}`;
+    return permissionKeys.has(key);
+  };
+  return {
+    create: hasPermission(getActionCode("create")),
+    view: hasPermission(getActionCode("view")),
+    update: hasPermission(getActionCode("update")),
+    delete: hasPermission(getActionCode("delete")),
+    export: hasPermission(getActionCode("export")),
+    import: hasPermission(getActionCode("import")),
+    approve: hasPermission(getActionCode("approve")),
+    reject: hasPermission(getActionCode("reject"))
+  };
+}
+
+export { CRUD_ACTIONS, getActionCode, getCrudPermissionsFromSession };
+//# sourceMappingURL=permissions.mjs.map
+//# sourceMappingURL=permissions.mjs.map

package/dist/rbac/permissions.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/permissions.ts"],"names":[],"mappings":";AAWO,IAAM,YAAA,GAAe;AAAA,EAC1B,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,MAAA;AAAA,EACN,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAS,SAAA;AAAA,EACT,MAAA,EAAQ;AACV;AAIO,SAAS,cAAc,SAAA,EAA+B;AAC3D,EAAA,OAAO,aAAa,SAAS,CAAA;AAC/B;AAeA,IAAM,cACJ,OAAA,CAAQ,GAAA,CAAI,gBAAgB,MAAA,IAAU,OAAA,CAAQ,IAAI,WAAA,KAAgB,GAAA;AAEpE,IAAM,gBAAA,GAAmB,CAAC,OAAA,EAAS,aAAa,CAAA;AAEzC,SAAS,6BAAA,CACd,SACA,MAAA,EAUA;AACA,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AAClB,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAA,GAAU,KAAK,KAAA,EAAO,IAAA,CAAK,CAAC,IAAA,KAAS,gBAAA,CAAiB,QAAA,CAAS,IAAI,CAAC,CAAA;AAC1E,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AACzC,EAAA,MAAM,iBAAiB,IAAI,GAAA;AAAA,IACzB,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,EAAE,YAAY,CAAA,CAAA,EAAI,CAAA,CAAE,UAAU,CAAA,CAAE;AAAA,GAC5D;AAEA,EAAA,MAAM,aAAA,GAAgB,CAAC,MAAA,KAAmB;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC/B,IAAA,OAAO,cAAA,CAAe,IAAI,GAAG,CAAA;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,IAAA,EAAM,aAAA,CAAc,aAAA,CAAc,MAAM,CAAC,CAAA;AAAA,IACzC,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,OAAA,EAAS,aAAA,CAAc,aAAA,CAAc,SAAS,CAAC,CAAA;AAAA,IAC/C,MAAA,EAAQ,aAAA,CAAc,aAAA,CAAc,QAAQ,CAAC;AAAA,GAC/C;AACF","file":"permissions.mjs","sourcesContent":["// @goerp/core/rbac/permissions\n// Server-only permission utilities - no client/UI imports\n// Use this in Server Components and API routes to avoid bundling client code\n\nimport type { Permission } from \"../types\";\nimport type { Session } from \"next-auth\";\n\n// ============================================================================\n// Action Mapping\n// ============================================================================\n\nexport const CRUD_ACTIONS = {\n  create: \"create\",\n  view: \"view\",\n  update: \"update\",\n  delete: \"delete\",\n  export: \"export\",\n  import: \"import\",\n  approve: \"approve\",\n  reject: \"reject\",\n} as const;\n\nexport type CrudAction = keyof typeof CRUD_ACTIONS;\n\nexport function getActionCode(operation: CrudAction): string {\n  return CRUD_ACTIONS[operation];\n}\n\n// ============================================================================\n// Permission Helpers\n// ============================================================================\n\ninterface ExtendedUser {\n  id: string;\n  name?: string | null;\n  email?: string | null;\n  image?: string | null;\n  roles?: string[];\n  permissions?: Permission[];\n}\n\nconst BYPASS_AUTH =\n  process.env.BYPASS_AUTH === \"true\" || process.env.BYPASS_AUTH === \"1\";\n\nconst ADMIN_ROLE_CODES = [\"admin\", \"SUPER_ADMIN\"];\n\nexport function getCrudPermissionsFromSession(\n  session: Session | null,\n  entity: string,\n): {\n  create: boolean;\n  view: boolean;\n  update: boolean;\n  delete: boolean;\n  export: boolean;\n  import: boolean;\n  approve: boolean;\n  reject: boolean;\n} {\n  if (BYPASS_AUTH) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  if (!session?.user) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const user = session.user as ExtendedUser;\n\n  if (!user.id) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const isAdmin = user.roles?.some((role) => ADMIN_ROLE_CODES.includes(role));\n  if (isAdmin) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  const permissions = user.permissions || [];\n  const permissionKeys = new Set(\n    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),\n  );\n\n  const hasPermission = (action: string) => {\n    const key = `${entity}:${action}`;\n    return permissionKeys.has(key);\n  };\n\n  return {\n    create: hasPermission(getActionCode(\"create\")),\n    view: hasPermission(getActionCode(\"view\")),\n    update: hasPermission(getActionCode(\"update\")),\n    delete: hasPermission(getActionCode(\"delete\")),\n    export: hasPermission(getActionCode(\"export\")),\n    import: hasPermission(getActionCode(\"import\")),\n    approve: hasPermission(getActionCode(\"approve\")),\n    reject: hasPermission(getActionCode(\"reject\")),\n  };\n}\n"]}

package/dist/rbac/server.d.mts

@@ -0,0 +1 @@
+export { R as ResourcePrismaClient, a as RoleData, b as RoleFilters, c as RolePrismaClient, g as getActionsForPermissionMatrix, e as getResourcesForPermissionMatrix, f as getRolesData } from '../server-QuYCTa89.mjs';

package/dist/rbac/server.d.ts

@@ -0,0 +1 @@
+export { R as ResourcePrismaClient, a as RoleData, b as RoleFilters, c as RolePrismaClient, g as getActionsForPermissionMatrix, e as getResourcesForPermissionMatrix, f as getRolesData } from '../server-QuYCTa89.js';

package/dist/rbac/server.js

@@ -0,0 +1,128 @@
+'use strict';
+
+// src/rbac/role-service.ts
+async function getRolesData(db, params = {}) {
+  const { page = 1, pageSize = 10, search, status } = params;
+  const whereConditions = [];
+  if (search) {
+    whereConditions.push({
+      OR: [
+        { name: { contains: search, mode: "insensitive" } },
+        { code: { contains: search, mode: "insensitive" } },
+        { description: { contains: search, mode: "insensitive" } }
+      ]
+    });
+  }
+  if (status && status !== "all") {
+    whereConditions.push({ status });
+  }
+  const where = whereConditions.length > 0 ? { AND: whereConditions } : {};
+  const [total, items] = await Promise.all([
+    db.role.count({ where }),
+    db.role.findMany({
+      where,
+      orderBy: { createdAt: "desc" },
+      skip: (page - 1) * pageSize,
+      take: pageSize,
+      include: {
+        userRoles: {
+          include: {
+            user: {
+              select: {
+                id: true,
+                name: true,
+                email: true,
+                image: true,
+                isActive: true
+              }
+            }
+          }
+        },
+        rolePermissions: {
+          include: {
+            resource: {
+              select: {
+                code: true,
+                name: true,
+                icon: true
+              }
+            },
+            action: {
+              select: {
+                code: true,
+                name: true
+              }
+            }
+          }
+        }
+      }
+    })
+  ]);
+  const transformedItems = items.map((role) => ({
+    id: role.id,
+    name: role.name,
+    code: role.code,
+    description: role.description || void 0,
+    status: role.status,
+    // Transform rolePermissions to array of "action:resource" strings
+    permissions: role.rolePermissions.map(
+      (rp) => `${rp.actionCode}:${rp.resourceCode}`
+    ),
+    usersCount: role.userRoles.length,
+    users: role.userRoles.map((ur) => ({
+      id: ur.user.id,
+      name: ur.user.name,
+      email: ur.user.email,
+      image: ur.user.image,
+      isActive: ur.user.isActive
+    })),
+    createdAt: role.createdAt.toISOString(),
+    updatedAt: role.updatedAt.toISOString(),
+    createdBy: role.createdBy || void 0,
+    updatedBy: role.updatedBy || void 0
+  }));
+  return { total, page, pageSize, items: transformedItems };
+}
+
+// src/rbac/resource-service.ts
+async function getResourcesForPermissionMatrix(db) {
+  return await db.resource.findMany({
+    where: {
+      status: "active"
+    },
+    orderBy: [{ group: "asc" }, { order: "asc" }, { name: "asc" }],
+    select: {
+      id: true,
+      code: true,
+      name: true,
+      group: true,
+      description: true,
+      icon: true,
+      order: true,
+      config: true
+    }
+  });
+}
+async function getActionsForPermissionMatrix(db) {
+  return await db.action.findMany({
+    where: {
+      status: "active"
+    },
+    orderBy: {
+      code: "asc"
+    },
+    select: {
+      id: true,
+      code: true,
+      name: true,
+      description: true,
+      isDefault: true
+    }
+  });
+}
+
+exports.getActionsForPermissionMatrix = getActionsForPermissionMatrix;
+exports.getResourcesForPermissionMatrix = getResourcesForPermissionMatrix;
+exports.getRolesData = getRolesData;
+//# sourceMappingURL=server.js.map
+//# sourceMappingURL=server.js.map

package/dist/rbac/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/role-service.ts","../../src/rbac/resource-service.ts"],"names":[],"mappings":";;;AAmEA,eAAsB,YAAA,CACpB,EAAA,EACA,MAAA,GAAsB,EAAC,EAMtB;AACD,EAAA,MAAM,EAAE,IAAA,GAAO,CAAA,EAAG,WAAW,EAAA,EAAI,MAAA,EAAQ,QAAO,GAAI,MAAA;AAEpD,EAAA,MAAM,kBAAyB,EAAC;AAEhC,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,eAAA,CAAgB,IAAA,CAAK;AAAA,MACnB,EAAA,EAAI;AAAA,QACF,EAAE,IAAA,EAAM,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc,EAAE;AAAA,QAClD,EAAE,IAAA,EAAM,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc,EAAE;AAAA,QAClD,EAAE,WAAA,EAAa,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc;AAAE;AAC3D,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,MAAA,IAAU,WAAW,KAAA,EAAO;AAC9B,IAAA,eAAA,CAAgB,IAAA,CAAK,EAAE,MAAA,EAAQ,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,KAAA,GAAa,gBAAgB,MAAA,GAAS,CAAA,GAAI,EAAE,GAAA,EAAK,eAAA,KAAoB,EAAC;AAE5E,EAAA,MAAM,CAAC,KAAA,EAAO,KAAK,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,IACvC,EAAA,CAAG,IAAA,CAAK,KAAA,CAAM,EAAE,OAAO,CAAA;AAAA,IACvB,EAAA,CAAG,KAAK,QAAA,CAAS;AAAA,MACf,KAAA;AAAA,MACA,OAAA,EAAS,EAAE,SAAA,EAAW,MAAA,EAAO;AAAA,MAC7B,IAAA,EAAA,CAAO,OAAO,CAAA,IAAK,QAAA;AAAA,MACnB,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,QACP,SAAA,EAAW;AAAA,UACT,OAAA,EAAS;AAAA,YACP,IAAA,EAAM;AAAA,cACJ,MAAA,EAAQ;AAAA,gBACN,EAAA,EAAI,IAAA;AAAA,gBACJ,IAAA,EAAM,IAAA;AAAA,gBACN,KAAA,EAAO,IAAA;AAAA,gBACP,KAAA,EAAO,IAAA;AAAA,gBACP,QAAA,EAAU;AAAA;AACZ;AACF;AACF,SACF;AAAA,QACA,eAAA,EAAiB;AAAA,UACf,OAAA,EAAS;AAAA,YACP,QAAA,EAAU;AAAA,cACR,MAAA,EAAQ;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM;AAAA;AACR,aACF;AAAA,YACA,MAAA,EAAQ;AAAA,cACN,MAAA,EAAQ;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM;AAAA;AACR;AACF;AACF;AACF;AACF,KACD;AAAA,GACF,CAAA;AAGD,EAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAe;AAAA,IACjD,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,WAAA,EAAa,KAAK,WAAA,IAAe,MAAA;AAAA,IACjC,QAAQ,IAAA,CAAK,MAAA;AAAA;AAAA,IAEb,WAAA,EAAa,KAAK,eAAA,CAAgB,GAAA;AAAA,MAChC,CAAC,EAAA,KAAY,CAAA,EAAG,GAAG,UAAU,CAAA,CAAA,EAAI,GAAG,YAAY,CAAA;AAAA,KAClD;AAAA,IACA,UAAA,EAAY,KAAK,SAAA,CAAU,MAAA;AAAA,IAC3B,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,CAAC,EAAA,MAAa;AAAA,MACtC,EAAA,EAAI,GAAG,IAAA,CAAK,EAAA;AAAA,MACZ,IAAA,EAAM,GAAG,IAAA,CAAK,IAAA;AAAA,MACd,KAAA,EAAO,GAAG,IAAA,CAAK,KAAA;AAAA,MACf,KAAA,EAAO,GAAG,IAAA,CAAK,KAAA;AAAA,MACf,QAAA,EAAU,GAAG,IAAA,CAAK;AAAA,KACpB,CAAE,CAAA;AAAA,IACF,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,IACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,IACtC,SAAA,EAAW,KAAK,SAAA,IAAa,MAAA;AAAA,IAC7B,SAAA,EAAW,KAAK,SAAA,IAAa;AAAA,GAC/B,CAAE,CAAA;AAEF,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,OAAO,gBAAA,EAAiB;AAC1D;;;AC3FA,eAAsB,gCACpB,EAAA,EACA;AACA,EAAA,OAAO,MAAM,EAAA,CAAG,QAAA,CAAS,QAAA,CAAS;AAAA,IAChC,KAAA,EAAO;AAAA,MACL,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,OAAA,EAAS,CAAC,EAAE,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,IAC7D,MAAA,EAAQ;AAAA,MACN,EAAA,EAAI,IAAA;AAAA,MACJ,IAAA,EAAM,IAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO,IAAA;AAAA,MACP,WAAA,EAAa,IAAA;AAAA,MACb,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO,IAAA;AAAA,MACP,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACH;AAMA,eAAsB,8BAA8B,EAAA,EAA0B;AAC5E,EAAA,OAAO,MAAM,EAAA,CAAG,MAAA,CAAO,QAAA,CAAS;AAAA,IAC9B,KAAA,EAAO;AAAA,MACL,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,OAAA,EAAS;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,EAAA,EAAI,IAAA;AAAA,MACJ,IAAA,EAAM,IAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,WAAA,EAAa,IAAA;AAAA,MACb,SAAA,EAAW;AAAA;AACb,GACD,CAAA;AACH","file":"server.js","sourcesContent":["// Note: We use Prisma types for input construction, but we don't import the client instance.\n// If Prisma types are not available in core (since core doesn't have prisma schema),\n// we might need to define loose types or rely on the injected client's type inference if strict mode allows.\n// However, since we want to be Type-safe, we assume the host app uses standard Prisma conventions.\n// For core, we can define the expected structure of the Include/Where types if needed,\n// or simply use 'any' for the complex Prisma types if we want to avoid strict coupling to a specific schema version.\n// To be safe and generic in 'core', we will define the input params using standard TypeScript types\n// and the db client interface locally.\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport type RoleFilters = {\n  page?: number;\n  pageSize?: number;\n  search?: string;\n  status?: string;\n};\n\nexport type RoleData = {\n  id: string;\n  name: string;\n  code: string;\n  description?: string;\n  status: string;\n  permissions: string[];\n  usersCount: number;\n  users: {\n    id: string;\n    name: string | null;\n    email: string | null;\n    image: string | null;\n    isActive: boolean;\n  }[];\n  createdAt: string;\n  updatedAt: string;\n  createdBy?: string;\n  updatedBy?: string;\n};\n\n// Interface for the DB client injected into the service\n// We define the shape of the Prisma Client we expect\nexport interface RolePrismaClient {\n  role: {\n    count: (args: { where: any }) => Promise<number>;\n    findMany: (args: {\n      where: any;\n      orderBy: any;\n      skip: number;\n      take: number;\n      include: any;\n    }) => Promise<any[]>;\n  };\n}\n\n// ============================================================================\n// Service Logic\n// ============================================================================\n\n/**\n * Get roles data with pagination and filtering\n * Generic core implementation using injected DB client\n *\n * @param db - The tenant-specific Prisma Client instance\n * @param params - Filter and pagination parameters\n */\nexport async function getRolesData(\n  db: RolePrismaClient,\n  params: RoleFilters = {},\n): Promise<{\n  total: number;\n  page: number;\n  pageSize: number;\n  items: RoleData[];\n}> {\n  const { page = 1, pageSize = 10, search, status } = params;\n\n  const whereConditions: any[] = [];\n\n  if (search) {\n    whereConditions.push({\n      OR: [\n        { name: { contains: search, mode: \"insensitive\" } },\n        { code: { contains: search, mode: \"insensitive\" } },\n        { description: { contains: search, mode: \"insensitive\" } },\n      ],\n    });\n  }\n\n  if (status && status !== \"all\") {\n    whereConditions.push({ status });\n  }\n\n  const where: any = whereConditions.length > 0 ? { AND: whereConditions } : {};\n\n  const [total, items] = await Promise.all([\n    db.role.count({ where }),\n    db.role.findMany({\n      where,\n      orderBy: { createdAt: \"desc\" },\n      skip: (page - 1) * pageSize,\n      take: pageSize,\n      include: {\n        userRoles: {\n          include: {\n            user: {\n              select: {\n                id: true,\n                name: true,\n                email: true,\n                image: true,\n                isActive: true,\n              },\n            },\n          },\n        },\n        rolePermissions: {\n          include: {\n            resource: {\n              select: {\n                code: true,\n                name: true,\n                icon: true,\n              },\n            },\n            action: {\n              select: {\n                code: true,\n                name: true,\n              },\n            },\n          },\n        },\n      },\n    }),\n  ]);\n\n  // Transform raw DB items to RoleData type\n  const transformedItems = items.map((role: any) => ({\n    id: role.id,\n    name: role.name,\n    code: role.code,\n    description: role.description || undefined,\n    status: role.status,\n    // Transform rolePermissions to array of \"action:resource\" strings\n    permissions: role.rolePermissions.map(\n      (rp: any) => `${rp.actionCode}:${rp.resourceCode}`,\n    ),\n    usersCount: role.userRoles.length,\n    users: role.userRoles.map((ur: any) => ({\n      id: ur.user.id,\n      name: ur.user.name,\n      email: ur.user.email,\n      image: ur.user.image,\n      isActive: ur.user.isActive,\n    })),\n    createdAt: role.createdAt.toISOString(),\n    updatedAt: role.updatedAt.toISOString(),\n    createdBy: role.createdBy || undefined,\n    updatedBy: role.updatedBy || undefined,\n  }));\n\n  return { total, page, pageSize, items: transformedItems };\n}\n","export interface ResourcePrismaClient {\n  resource: any;\n  action: any;\n}\n\n/**\n * Get resources data with pagination and filtering\n * Shared function for both API route and Server Component\n *\n * @param db - The tenant-specific Prisma Client instance\n * @param params - Filter and pagination parameters\n */\nexport async function getResourcesData(\n  db: ResourcePrismaClient,\n  params: any = {},\n) {\n  const { page = 1, pageSize = 10, search, status, group, type } = params;\n\n  const where: any = {\n    AND: [\n      search\n        ? {\n            OR: [\n              { code: { contains: search, mode: \"insensitive\" } },\n              { name: { contains: search, mode: \"insensitive\" } },\n              { description: { contains: search, mode: \"insensitive\" } },\n              { path: { contains: search, mode: \"insensitive\" } },\n            ],\n          }\n        : {},\n      status && status !== \"all\"\n        ? { status: { equals: status, mode: \"insensitive\" } }\n        : {},\n      group && group !== \"all\" ? { group } : {},\n      type && type !== \"all\" ? { type } : {},\n    ],\n  };\n\n  const [total, items] = await Promise.all([\n    db.resource.count({ where }),\n    db.resource.findMany({\n      where,\n      orderBy: [{ order: \"asc\" }, { updatedAt: \"desc\" }],\n      skip: (page - 1) * pageSize,\n      take: pageSize,\n    }),\n  ]);\n\n  // Transform Prisma items to Resource type format\n  const transformedItems = items.map((item: any) => ({\n    id: item.id,\n    code: item.code,\n    name: item.name,\n    group: item.group || undefined,\n    description: item.description || undefined,\n    status: item.status,\n    parentCode: item.parentCode || undefined,\n    order: item.order || undefined,\n    type: item.type || undefined,\n    icon: item.icon || undefined,\n    path: item.path || undefined,\n    config: item.config || undefined,\n    createdAt: item.createdAt.toISOString(),\n    updatedAt: item.updatedAt.toISOString(),\n  }));\n\n  return { total, page, pageSize, items: transformedItems };\n}\n\n/**\n * Get all active resources for permission matrix\n * Used in role management to build dynamic permission matrix\n */\nexport async function getResourcesForPermissionMatrix(\n  db: ResourcePrismaClient,\n) {\n  return await db.resource.findMany({\n    where: {\n      status: \"active\",\n    },\n    orderBy: [{ group: \"asc\" }, { order: \"asc\" }, { name: \"asc\" }],\n    select: {\n      id: true,\n      code: true,\n      name: true,\n      group: true,\n      description: true,\n      icon: true,\n      order: true,\n      config: true,\n    },\n  });\n}\n\n/**\n * Get all active actions for permission matrix\n * Used in role management to build dynamic permission matrix\n */\nexport async function getActionsForPermissionMatrix(db: ResourcePrismaClient) {\n  return await db.action.findMany({\n    where: {\n      status: \"active\",\n    },\n    orderBy: {\n      code: \"asc\",\n    },\n    select: {\n      id: true,\n      code: true,\n      name: true,\n      description: true,\n      isDefault: true,\n    },\n  });\n}\n"]}

package/dist/rbac/server.mjs

@@ -0,0 +1,124 @@
+// src/rbac/role-service.ts
+async function getRolesData(db, params = {}) {
+  const { page = 1, pageSize = 10, search, status } = params;
+  const whereConditions = [];
+  if (search) {
+    whereConditions.push({
+      OR: [
+        { name: { contains: search, mode: "insensitive" } },
+        { code: { contains: search, mode: "insensitive" } },
+        { description: { contains: search, mode: "insensitive" } }
+      ]
+    });
+  }
+  if (status && status !== "all") {
+    whereConditions.push({ status });
+  }
+  const where = whereConditions.length > 0 ? { AND: whereConditions } : {};
+  const [total, items] = await Promise.all([
+    db.role.count({ where }),
+    db.role.findMany({
+      where,
+      orderBy: { createdAt: "desc" },
+      skip: (page - 1) * pageSize,
+      take: pageSize,
+      include: {
+        userRoles: {
+          include: {
+            user: {
+              select: {
+                id: true,
+                name: true,
+                email: true,
+                image: true,
+                isActive: true
+              }
+            }
+          }
+        },
+        rolePermissions: {
+          include: {
+            resource: {
+              select: {
+                code: true,
+                name: true,
+                icon: true
+              }
+            },
+            action: {
+              select: {
+                code: true,
+                name: true
+              }
+            }
+          }
+        }
+      }
+    })
+  ]);
+  const transformedItems = items.map((role) => ({
+    id: role.id,
+    name: role.name,
+    code: role.code,
+    description: role.description || void 0,
+    status: role.status,
+    // Transform rolePermissions to array of "action:resource" strings
+    permissions: role.rolePermissions.map(
+      (rp) => `${rp.actionCode}:${rp.resourceCode}`
+    ),
+    usersCount: role.userRoles.length,
+    users: role.userRoles.map((ur) => ({
+      id: ur.user.id,
+      name: ur.user.name,
+      email: ur.user.email,
+      image: ur.user.image,
+      isActive: ur.user.isActive
+    })),
+    createdAt: role.createdAt.toISOString(),
+    updatedAt: role.updatedAt.toISOString(),
+    createdBy: role.createdBy || void 0,
+    updatedBy: role.updatedBy || void 0
+  }));
+  return { total, page, pageSize, items: transformedItems };
+}
+
+// src/rbac/resource-service.ts
+async function getResourcesForPermissionMatrix(db) {
+  return await db.resource.findMany({
+    where: {
+      status: "active"
+    },
+    orderBy: [{ group: "asc" }, { order: "asc" }, { name: "asc" }],
+    select: {
+      id: true,
+      code: true,
+      name: true,
+      group: true,
+      description: true,
+      icon: true,
+      order: true,
+      config: true
+    }
+  });
+}
+async function getActionsForPermissionMatrix(db) {
+  return await db.action.findMany({
+    where: {
+      status: "active"
+    },
+    orderBy: {
+      code: "asc"
+    },
+    select: {
+      id: true,
+      code: true,
+      name: true,
+      description: true,
+      isDefault: true
+    }
+  });
+}
+
+export { getActionsForPermissionMatrix, getResourcesForPermissionMatrix, getRolesData };
+//# sourceMappingURL=server.mjs.map
+//# sourceMappingURL=server.mjs.map

package/dist/rbac/server.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/rbac/role-service.ts","../../src/rbac/resource-service.ts"],"names":[],"mappings":";AAmEA,eAAsB,YAAA,CACpB,EAAA,EACA,MAAA,GAAsB,EAAC,EAMtB;AACD,EAAA,MAAM,EAAE,IAAA,GAAO,CAAA,EAAG,WAAW,EAAA,EAAI,MAAA,EAAQ,QAAO,GAAI,MAAA;AAEpD,EAAA,MAAM,kBAAyB,EAAC;AAEhC,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,eAAA,CAAgB,IAAA,CAAK;AAAA,MACnB,EAAA,EAAI;AAAA,QACF,EAAE,IAAA,EAAM,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc,EAAE;AAAA,QAClD,EAAE,IAAA,EAAM,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc,EAAE;AAAA,QAClD,EAAE,WAAA,EAAa,EAAE,UAAU,MAAA,EAAQ,IAAA,EAAM,eAAc;AAAE;AAC3D,KACD,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,MAAA,IAAU,WAAW,KAAA,EAAO;AAC9B,IAAA,eAAA,CAAgB,IAAA,CAAK,EAAE,MAAA,EAAQ,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,KAAA,GAAa,gBAAgB,MAAA,GAAS,CAAA,GAAI,EAAE,GAAA,EAAK,eAAA,KAAoB,EAAC;AAE5E,EAAA,MAAM,CAAC,KAAA,EAAO,KAAK,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,IACvC,EAAA,CAAG,IAAA,CAAK,KAAA,CAAM,EAAE,OAAO,CAAA;AAAA,IACvB,EAAA,CAAG,KAAK,QAAA,CAAS;AAAA,MACf,KAAA;AAAA,MACA,OAAA,EAAS,EAAE,SAAA,EAAW,MAAA,EAAO;AAAA,MAC7B,IAAA,EAAA,CAAO,OAAO,CAAA,IAAK,QAAA;AAAA,MACnB,IAAA,EAAM,QAAA;AAAA,MACN,OAAA,EAAS;AAAA,QACP,SAAA,EAAW;AAAA,UACT,OAAA,EAAS;AAAA,YACP,IAAA,EAAM;AAAA,cACJ,MAAA,EAAQ;AAAA,gBACN,EAAA,EAAI,IAAA;AAAA,gBACJ,IAAA,EAAM,IAAA;AAAA,gBACN,KAAA,EAAO,IAAA;AAAA,gBACP,KAAA,EAAO,IAAA;AAAA,gBACP,QAAA,EAAU;AAAA;AACZ;AACF;AACF,SACF;AAAA,QACA,eAAA,EAAiB;AAAA,UACf,OAAA,EAAS;AAAA,YACP,QAAA,EAAU;AAAA,cACR,MAAA,EAAQ;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM;AAAA;AACR,aACF;AAAA,YACA,MAAA,EAAQ;AAAA,cACN,MAAA,EAAQ;AAAA,gBACN,IAAA,EAAM,IAAA;AAAA,gBACN,IAAA,EAAM;AAAA;AACR;AACF;AACF;AACF;AACF,KACD;AAAA,GACF,CAAA;AAGD,EAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAe;AAAA,IACjD,IAAI,IAAA,CAAK,EAAA;AAAA,IACT,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,MAAM,IAAA,CAAK,IAAA;AAAA,IACX,WAAA,EAAa,KAAK,WAAA,IAAe,MAAA;AAAA,IACjC,QAAQ,IAAA,CAAK,MAAA;AAAA;AAAA,IAEb,WAAA,EAAa,KAAK,eAAA,CAAgB,GAAA;AAAA,MAChC,CAAC,EAAA,KAAY,CAAA,EAAG,GAAG,UAAU,CAAA,CAAA,EAAI,GAAG,YAAY,CAAA;AAAA,KAClD;AAAA,IACA,UAAA,EAAY,KAAK,SAAA,CAAU,MAAA;AAAA,IAC3B,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,CAAC,EAAA,MAAa;AAAA,MACtC,EAAA,EAAI,GAAG,IAAA,CAAK,EAAA;AAAA,MACZ,IAAA,EAAM,GAAG,IAAA,CAAK,IAAA;AAAA,MACd,KAAA,EAAO,GAAG,IAAA,CAAK,KAAA;AAAA,MACf,KAAA,EAAO,GAAG,IAAA,CAAK,KAAA;AAAA,MACf,QAAA,EAAU,GAAG,IAAA,CAAK;AAAA,KACpB,CAAE,CAAA;AAAA,IACF,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,IACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,IACtC,SAAA,EAAW,KAAK,SAAA,IAAa,MAAA;AAAA,IAC7B,SAAA,EAAW,KAAK,SAAA,IAAa;AAAA,GAC/B,CAAE,CAAA;AAEF,EAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,QAAA,EAAU,OAAO,gBAAA,EAAiB;AAC1D;;;AC3FA,eAAsB,gCACpB,EAAA,EACA;AACA,EAAA,OAAO,MAAM,EAAA,CAAG,QAAA,CAAS,QAAA,CAAS;AAAA,IAChC,KAAA,EAAO;AAAA,MACL,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,OAAA,EAAS,CAAC,EAAE,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,KAAA,EAAO,KAAA,EAAM,EAAG,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,IAC7D,MAAA,EAAQ;AAAA,MACN,EAAA,EAAI,IAAA;AAAA,MACJ,IAAA,EAAM,IAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO,IAAA;AAAA,MACP,WAAA,EAAa,IAAA;AAAA,MACb,IAAA,EAAM,IAAA;AAAA,MACN,KAAA,EAAO,IAAA;AAAA,MACP,MAAA,EAAQ;AAAA;AACV,GACD,CAAA;AACH;AAMA,eAAsB,8BAA8B,EAAA,EAA0B;AAC5E,EAAA,OAAO,MAAM,EAAA,CAAG,MAAA,CAAO,QAAA,CAAS;AAAA,IAC9B,KAAA,EAAO;AAAA,MACL,MAAA,EAAQ;AAAA,KACV;AAAA,IACA,OAAA,EAAS;AAAA,MACP,IAAA,EAAM;AAAA,KACR;AAAA,IACA,MAAA,EAAQ;AAAA,MACN,EAAA,EAAI,IAAA;AAAA,MACJ,IAAA,EAAM,IAAA;AAAA,MACN,IAAA,EAAM,IAAA;AAAA,MACN,WAAA,EAAa,IAAA;AAAA,MACb,SAAA,EAAW;AAAA;AACb,GACD,CAAA;AACH","file":"server.mjs","sourcesContent":["// Note: We use Prisma types for input construction, but we don't import the client instance.\n// If Prisma types are not available in core (since core doesn't have prisma schema),\n// we might need to define loose types or rely on the injected client's type inference if strict mode allows.\n// However, since we want to be Type-safe, we assume the host app uses standard Prisma conventions.\n// For core, we can define the expected structure of the Include/Where types if needed,\n// or simply use 'any' for the complex Prisma types if we want to avoid strict coupling to a specific schema version.\n// To be safe and generic in 'core', we will define the input params using standard TypeScript types\n// and the db client interface locally.\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport type RoleFilters = {\n  page?: number;\n  pageSize?: number;\n  search?: string;\n  status?: string;\n};\n\nexport type RoleData = {\n  id: string;\n  name: string;\n  code: string;\n  description?: string;\n  status: string;\n  permissions: string[];\n  usersCount: number;\n  users: {\n    id: string;\n    name: string | null;\n    email: string | null;\n    image: string | null;\n    isActive: boolean;\n  }[];\n  createdAt: string;\n  updatedAt: string;\n  createdBy?: string;\n  updatedBy?: string;\n};\n\n// Interface for the DB client injected into the service\n// We define the shape of the Prisma Client we expect\nexport interface RolePrismaClient {\n  role: {\n    count: (args: { where: any }) => Promise<number>;\n    findMany: (args: {\n      where: any;\n      orderBy: any;\n      skip: number;\n      take: number;\n      include: any;\n    }) => Promise<any[]>;\n  };\n}\n\n// ============================================================================\n// Service Logic\n// ============================================================================\n\n/**\n * Get roles data with pagination and filtering\n * Generic core implementation using injected DB client\n *\n * @param db - The tenant-specific Prisma Client instance\n * @param params - Filter and pagination parameters\n */\nexport async function getRolesData(\n  db: RolePrismaClient,\n  params: RoleFilters = {},\n): Promise<{\n  total: number;\n  page: number;\n  pageSize: number;\n  items: RoleData[];\n}> {\n  const { page = 1, pageSize = 10, search, status } = params;\n\n  const whereConditions: any[] = [];\n\n  if (search) {\n    whereConditions.push({\n      OR: [\n        { name: { contains: search, mode: \"insensitive\" } },\n        { code: { contains: search, mode: \"insensitive\" } },\n        { description: { contains: search, mode: \"insensitive\" } },\n      ],\n    });\n  }\n\n  if (status && status !== \"all\") {\n    whereConditions.push({ status });\n  }\n\n  const where: any = whereConditions.length > 0 ? { AND: whereConditions } : {};\n\n  const [total, items] = await Promise.all([\n    db.role.count({ where }),\n    db.role.findMany({\n      where,\n      orderBy: { createdAt: \"desc\" },\n      skip: (page - 1) * pageSize,\n      take: pageSize,\n      include: {\n        userRoles: {\n          include: {\n            user: {\n              select: {\n                id: true,\n                name: true,\n                email: true,\n                image: true,\n                isActive: true,\n              },\n            },\n          },\n        },\n        rolePermissions: {\n          include: {\n            resource: {\n              select: {\n                code: true,\n                name: true,\n                icon: true,\n              },\n            },\n            action: {\n              select: {\n                code: true,\n                name: true,\n              },\n            },\n          },\n        },\n      },\n    }),\n  ]);\n\n  // Transform raw DB items to RoleData type\n  const transformedItems = items.map((role: any) => ({\n    id: role.id,\n    name: role.name,\n    code: role.code,\n    description: role.description || undefined,\n    status: role.status,\n    // Transform rolePermissions to array of \"action:resource\" strings\n    permissions: role.rolePermissions.map(\n      (rp: any) => `${rp.actionCode}:${rp.resourceCode}`,\n    ),\n    usersCount: role.userRoles.length,\n    users: role.userRoles.map((ur: any) => ({\n      id: ur.user.id,\n      name: ur.user.name,\n      email: ur.user.email,\n      image: ur.user.image,\n      isActive: ur.user.isActive,\n    })),\n    createdAt: role.createdAt.toISOString(),\n    updatedAt: role.updatedAt.toISOString(),\n    createdBy: role.createdBy || undefined,\n    updatedBy: role.updatedBy || undefined,\n  }));\n\n  return { total, page, pageSize, items: transformedItems };\n}\n","export interface ResourcePrismaClient {\n  resource: any;\n  action: any;\n}\n\n/**\n * Get resources data with pagination and filtering\n * Shared function for both API route and Server Component\n *\n * @param db - The tenant-specific Prisma Client instance\n * @param params - Filter and pagination parameters\n */\nexport async function getResourcesData(\n  db: ResourcePrismaClient,\n  params: any = {},\n) {\n  const { page = 1, pageSize = 10, search, status, group, type } = params;\n\n  const where: any = {\n    AND: [\n      search\n        ? {\n            OR: [\n              { code: { contains: search, mode: \"insensitive\" } },\n              { name: { contains: search, mode: \"insensitive\" } },\n              { description: { contains: search, mode: \"insensitive\" } },\n              { path: { contains: search, mode: \"insensitive\" } },\n            ],\n          }\n        : {},\n      status && status !== \"all\"\n        ? { status: { equals: status, mode: \"insensitive\" } }\n        : {},\n      group && group !== \"all\" ? { group } : {},\n      type && type !== \"all\" ? { type } : {},\n    ],\n  };\n\n  const [total, items] = await Promise.all([\n    db.resource.count({ where }),\n    db.resource.findMany({\n      where,\n      orderBy: [{ order: \"asc\" }, { updatedAt: \"desc\" }],\n      skip: (page - 1) * pageSize,\n      take: pageSize,\n    }),\n  ]);\n\n  // Transform Prisma items to Resource type format\n  const transformedItems = items.map((item: any) => ({\n    id: item.id,\n    code: item.code,\n    name: item.name,\n    group: item.group || undefined,\n    description: item.description || undefined,\n    status: item.status,\n    parentCode: item.parentCode || undefined,\n    order: item.order || undefined,\n    type: item.type || undefined,\n    icon: item.icon || undefined,\n    path: item.path || undefined,\n    config: item.config || undefined,\n    createdAt: item.createdAt.toISOString(),\n    updatedAt: item.updatedAt.toISOString(),\n  }));\n\n  return { total, page, pageSize, items: transformedItems };\n}\n\n/**\n * Get all active resources for permission matrix\n * Used in role management to build dynamic permission matrix\n */\nexport async function getResourcesForPermissionMatrix(\n  db: ResourcePrismaClient,\n) {\n  return await db.resource.findMany({\n    where: {\n      status: \"active\",\n    },\n    orderBy: [{ group: \"asc\" }, { order: \"asc\" }, { name: \"asc\" }],\n    select: {\n      id: true,\n      code: true,\n      name: true,\n      group: true,\n      description: true,\n      icon: true,\n      order: true,\n      config: true,\n    },\n  });\n}\n\n/**\n * Get all active actions for permission matrix\n * Used in role management to build dynamic permission matrix\n */\nexport async function getActionsForPermissionMatrix(db: ResourcePrismaClient) {\n  return await db.action.findMany({\n    where: {\n      status: \"active\",\n    },\n    orderBy: {\n      code: \"asc\",\n    },\n    select: {\n      id: true,\n      code: true,\n      name: true,\n      description: true,\n      isDefault: true,\n    },\n  });\n}\n"]}